[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HIP BOF Review

To: "James Kempf" <kempf@docomolabs-usa.com>, <iab@iab.org>, <iesg@ietf.org>
Subject: Re: HIP BOF Review
From: Geoff Huston <gih@telstra.net>
Date: Tue, 11 Nov 2003 09:15:18 +1100
In-reply-to: <060401c3a7ca$7f3c3370$b36015ac@dclkempt40>

At 12:37 PM 10/11/2003 -0800, James Kempf wrote:

I basically agree with EKR's review, but have a few additional comments. I
think it might be helpful to get them to try separating out the components
of HIP that EKR identified and think about other possible options to replace
them. In particular, either though experiment or careful analysis, I think
they need to explain what benefits the cryptographic identity binding has
beyond simply separating the identity and location. If they can't come up
with a very good reason for that, then generating the identifier
anynonomously or by hashing the DNS name


Well if you did that then the DNS name is the identifier isn't it and the
mapping from DNS name to IS is effectively 1:1 (well 1:0.x because of the
hashing). I personally think it better to use an explicit DNS mapping in order
to allow other than 1:1 relationship with the DNS.

You want benefits. I'd prefer to see damage in this case. i.e. I see no harm in using the key as the identifier, and unless there is a compelling story that this approach is broken then this strikes me as acceptable.

(theres also a second story that has more to do with the commercialization
of the DNS namespace, but I'll refrain from proceeding any further! )

Geoff

References:
- HIP BOF Review
  - From: "James Kempf" <kempf@docomolabs-usa.com>

Prev by Date: Re: HIP BOF Review
Next by Date: Re: HIP BOF Review
Previous by thread: Re: HIP BOF Review
Next by thread: Re: HIP BOF Review
Index(es):
- Date
- Thread