[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HIP and PKI reqs [RE: Identifier/locator recap]
On Tue, 18 Mar 2003, Tim Shepard wrote:
> My real point is that perhaps we do not need to solve this problem.
> We can do as ssh does, and start with a DNS name which gets us an IP
> address (and perhaps a HIT), then initiate a HIP exchange with
> whatever is at that IP address.
That's fine if you're the one initiating the session, but what if you
are on the receiving end? You then get locator IP addresses which may
not have good PTR records (remember, HIP is for mobility too) and a HIP
id that can't be resolved into a name.
> (In any case, implementing some sort of DHT as Pekka Nikander suggests
> sounds like a cool idea and an interesting research question. And
> it may be as easy as he believes.)
Tell me how this can be secure.