[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HIP and PKI reqs [RE: Identifier/locator recap]

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: HIP and PKI reqs [RE: Identifier/locator recap]
From: Pekka Nikander <pekka.nikander@nomadiclab.com>
Date: Mon, 17 Mar 2003 13:07:54 -0800
Cc: multi6@ops.ietf.org
In-reply-to: <20030317181827.B86639-100000@sequoia.muada.com>
References: <20030317181827.B86639-100000@sequoia.muada.com>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.3) Gecko/20030310

Iljitsch van Beijnum wrote:

The problem I see with HIP is that you can't initiate a session with
just the identifier to identify the host you want to communicate with.

You are right.  More work is needed.  As I wrote, someone
should work out the details how to utilize DHTs, perhaps
in conjunction with DNS.  Or something similar.

Now that would be fine if it were possible to feed this identifier to a
lookup engine and get back something you _can_ use to initiate a
session. But this isn't possible either.

I would say that _currently_ such a mechanism does not exist.
But I would *not* say that it is not _possible_.  The fact
that such a solution does not currently exist does not make
it impossible to create one.

I have a hunch that a DHT based solution should not be too
complicated.  However, to really see how DHTs would fit in
to the DNS model would require some kind of an idea how DNS
servers are going to be distributed in the IPv6 space, and I
don't currently have any good guesses for that.  If someone
could provide one, that might help.

The question is really about load balancing between DNS
servers so that no one gets too much load.  Integrity is
not much a problem.   I see some potential DoS problems,
but it is easy enough to provide completely independent
servers with DHT structures.

So effectively the HIP
identifier serves no identifying purpose.

I couldn't understand that.  Could you please explain?

Note that I'm not anti-HIP. I'm sure there are problems that can be
solved by HIP. But it can't be a general solution for multihoming as it
only moves the problem to a different area.

So you want me to come up with a completely worked out solution?
Cool!  :-)   Should I will crawl back to my research cubicle until
I find someting?  :-)

More seriously, personally I believe that HIP has large potential
for end-host multi-homing.  Much more than the ID->locator
mapping I see the crypto overhead (Diffie-Hellman) as a problem.
There are also lots of other details to be worked out, with time.
Furthermore, HIP is definitely not a solution for doing large site
multi-homing, other solutions are needed for that.

--Pekka Nikander

Follow-Ups:
- Re: HIP and PKI reqs [RE: Identifier/locator recap]
  - From: Tim Shepard <shep@alum.mit.edu>
- Re: HIP and PKI reqs [RE: Identifier/locator recap]
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Re: HIP and PKI reqs [RE: Identifier/locator recap]
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: RE: Again no multi6 at IETF#56
Next by Date: Re: HIP and PKI reqs [RE: Identifier/locator recap]
Previous by thread: Re: HIP and PKI reqs [RE: Identifier/locator recap]
Next by thread: Re: HIP and PKI reqs [RE: Identifier/locator recap]
Index(es):
- Date
- Thread