[Hipsec-rg] Re: Native HIP API questions in the hipsec-rg meeting

mkomu@niksula.hut.fi (Miika Komu) Fri, 20 August 2004 02:08 UTC

From: mkomu@niksula.hut.fi (Miika Komu)
Date: Fri Aug 20 02:08:01 2004
Subject: [Hipsec-rg] Re: Native HIP API questions in the hipsec-rg meeting
In-Reply-To: <41252460.5040509@isi.edu>
References: <6938661A6EDA8A4EA8D1419BCE46F24C04060809@xch-nw-27.nw.nos.boeing.com> <41252460.5040509@isi.edu>
Message-ID: <Pine.GSO.4.58.0408200959460.3500@kekkonen.cs.hut.fi>

On Thu, 19 Aug 2004, Joe Touch wrote:

> We already have a DNS which provides a global resolution structure. What
> is the gain in having a global ID space?
>
> Far as I can tell, you need the DNS (or a copy that's just as
> complicated and global) to give you the rendezvous points. If the dest
> IS the rendezvous point, you're done. Why bother putting the ID in the
> DNS and ensuring that it's global?

If you don't know the ID of the peer before connection establishment, it
is called "HIP opportunistic mode". A hostile host can DoS the peer and
pretend to be the peer for you.

On the other hand, you can detect that another host has replaced the real
peer if you can first lookup the ID of the peer from the DNS.

-- 
Miika Komu              miika@iki.fi          http://www.iki.fi/miika/

[Hipsec-rg] Re: Native HIP API questions in the h… Miika Komu
[Hipsec-rg] Re: Native HIP API questions in the h… Joe Touch
[Hipsec-rg] Re: Native HIP API questions in the h… Joe Touch
[Hipsec-rg] Re: Native HIP API questions in the h… Henderson, Thomas R
[Hipsec-rg] Re: Native HIP API questions in the h… Miika Komu
[Hipsec-rg] Re: Native HIP API questions in the h… Henderson, Thomas R