draft-ietf-hip-rfc4423-bis-17.txt   draft-ietf-hip-rfc4423-bis-18.txt 
Network Working Group R. Moskowitz, Ed. Network Working Group R. Moskowitz, Ed.
Internet-Draft HTT Consulting Internet-Draft HTT Consulting
Obsoletes: 4423 (if approved) M. Komu Obsoletes: 4423 (if approved) M. Komu
Intended status: Informational Ericsson Intended status: Informational Ericsson
Expires: February 8, 2018 August 7, 2017 Expires: May 27, 2018 November 23, 2017
Host Identity Protocol Architecture Host Identity Protocol Architecture
draft-ietf-hip-rfc4423-bis-17 draft-ietf-hip-rfc4423-bis-18
Abstract Abstract
This memo describes a new namespace, the Host Identity namespace, and This memo describes a new namespace, the Host Identity namespace, and
a new protocol layer, the Host Identity Protocol, between the a new protocol layer, the Host Identity Protocol, between the
internetworking and transport layers. Herein are presented the internetworking and transport layers. Herein are presented the
basics of the current namespaces, their strengths and weaknesses, and basics of the current namespaces, their strengths and weaknesses, and
how a new namespace will add completeness to them. The roles of this how a new namespace will add completeness to them. The roles of this
new namespace in the protocols are defined. new namespace in the protocols are defined.
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 8, 2018. This Internet-Draft will expire on May 27, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 12, line 50 skipping to change at page 12, line 50
The public Host Identifiers should be stored in DNS; the unpublished The public Host Identifiers should be stored in DNS; the unpublished
Host Identifiers should not be stored anywhere (besides the Host Identifiers should not be stored anywhere (besides the
communicating hosts themselves). The (public) HI along with the communicating hosts themselves). The (public) HI along with the
supported HIHs are stored in a new RR type. This RR type is defined supported HIHs are stored in a new RR type. This RR type is defined
in HIP DNS Extension [RFC8005]. in HIP DNS Extension [RFC8005].
Alternatively, or in addition to storing Host Identifiers in the DNS, Alternatively, or in addition to storing Host Identifiers in the DNS,
they may be stored in various other directories. For instance, a they may be stored in various other directories. For instance, a
directory based on the Lightweight Directory Access Protocol (LDAP) directory based on the Lightweight Directory Access Protocol (LDAP)
or a Public Key Infrastructure (PKI) [I-D.ietf-hip-rfc6253-bis] may or a Public Key Infrastructure (PKI) [RFC8002] may be used.
be used. Alternatively, Distributed Hash Tables (DHTs) [RFC6537] Alternatively, Distributed Hash Tables (DHTs) [RFC6537] have
have successfully been utilized [RFC6538]. Such a practice may allow successfully been utilized [RFC6538]. Such a practice may allow them
them to be used for purposes other than pure host identification. to be used for purposes other than pure host identification.
Some types of applications may cache and use Host Identifiers Some types of applications may cache and use Host Identifiers
directly, while others may indirectly discover them through symbolic directly, while others may indirectly discover them through symbolic
host name (such as FQDN) look up from a directory. Even though Host host name (such as FQDN) look up from a directory. Even though Host
Identities can have a substantially longer lifetime associated with Identities can have a substantially longer lifetime associated with
them than routable IP addresses, directories may be a better approach them than routable IP addresses, directories may be a better approach
to manage the lifespan of Host Identities. For example, an LDAP- to manage the lifespan of Host Identities. For example, an LDAP-
based directory or DHT can be used for locally published identities based directory or DHT can be used for locally published identities
whereas DNS can be more suitable for public advertisement. whereas DNS can be more suitable for public advertisement.
skipping to change at page 34, line 16 skipping to change at page 34, line 16
16.1. Normative References 16.1. Normative References
[I-D.ietf-hip-dex] [I-D.ietf-hip-dex]
Moskowitz, R. and R. Hummen, "HIP Diet EXchange (DEX)", Moskowitz, R. and R. Hummen, "HIP Diet EXchange (DEX)",
draft-ietf-hip-dex-05 (work in progress), February 2017. draft-ietf-hip-dex-05 (work in progress), February 2017.
[I-D.ietf-hip-native-nat-traversal] [I-D.ietf-hip-native-nat-traversal]
Keranen, A., Melen, J., and M. Komu, "Native NAT Traversal Keranen, A., Melen, J., and M. Komu, "Native NAT Traversal
Mode for the Host Identity Protocol", draft-ietf-hip- Mode for the Host Identity Protocol", draft-ietf-hip-
native-nat-traversal-16 (work in progress), February 2017. native-nat-traversal-23 (work in progress), November 2017.
[I-D.ietf-hip-rfc6253-bis]
Heer, T. and S. Varjonen, "Host Identity Protocol
Certificates", draft-ietf-hip-rfc6253-bis-09 (work in
progress), July 2016.
[RFC5482] Eggert, L. and F. Gont, "TCP User Timeout Option", [RFC5482] Eggert, L. and F. Gont, "TCP User Timeout Option",
RFC 5482, DOI 10.17487/RFC5482, March 2009, RFC 5482, DOI 10.17487/RFC5482, March 2009,
<http://www.rfc-editor.org/info/rfc5482>. <https://www.rfc-editor.org/info/rfc5482>.
[RFC7343] Laganier, J. and F. Dupont, "An IPv6 Prefix for Overlay [RFC7343] Laganier, J. and F. Dupont, "An IPv6 Prefix for Overlay
Routable Cryptographic Hash Identifiers Version 2 Routable Cryptographic Hash Identifiers Version 2
(ORCHIDv2)", RFC 7343, DOI 10.17487/RFC7343, September (ORCHIDv2)", RFC 7343, DOI 10.17487/RFC7343, September
2014, <http://www.rfc-editor.org/info/rfc7343>. 2014, <https://www.rfc-editor.org/info/rfc7343>.
[RFC7401] Moskowitz, R., Ed., Heer, T., Jokela, P., and T. [RFC7401] Moskowitz, R., Ed., Heer, T., Jokela, P., and T.
Henderson, "Host Identity Protocol Version 2 (HIPv2)", Henderson, "Host Identity Protocol Version 2 (HIPv2)",
RFC 7401, DOI 10.17487/RFC7401, April 2015, RFC 7401, DOI 10.17487/RFC7401, April 2015,
<http://www.rfc-editor.org/info/rfc7401>. <https://www.rfc-editor.org/info/rfc7401>.
[RFC7402] Jokela, P., Moskowitz, R., and J. Melen, "Using the [RFC7402] Jokela, P., Moskowitz, R., and J. Melen, "Using the
Encapsulating Security Payload (ESP) Transport Format with Encapsulating Security Payload (ESP) Transport Format with
the Host Identity Protocol (HIP)", RFC 7402, the Host Identity Protocol (HIP)", RFC 7402,
DOI 10.17487/RFC7402, April 2015, DOI 10.17487/RFC7402, April 2015, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc7402>. editor.org/info/rfc7402>.
[RFC8002] Heer, T. and S. Varjonen, "Host Identity Protocol
Certificates", RFC 8002, DOI 10.17487/RFC8002, October
2016, <https://www.rfc-editor.org/info/rfc8002>.
[RFC8003] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) [RFC8003] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP)
Registration Extension", RFC 8003, DOI 10.17487/RFC8003, Registration Extension", RFC 8003, DOI 10.17487/RFC8003,
October 2016, <http://www.rfc-editor.org/info/rfc8003>. October 2016, <https://www.rfc-editor.org/info/rfc8003>.
[RFC8004] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) [RFC8004] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP)
Rendezvous Extension", RFC 8004, DOI 10.17487/RFC8004, Rendezvous Extension", RFC 8004, DOI 10.17487/RFC8004,
October 2016, <http://www.rfc-editor.org/info/rfc8004>. October 2016, <https://www.rfc-editor.org/info/rfc8004>.
[RFC8005] Laganier, J., "Host Identity Protocol (HIP) Domain Name [RFC8005] Laganier, J., "Host Identity Protocol (HIP) Domain Name
System (DNS) Extension", RFC 8005, DOI 10.17487/RFC8005, System (DNS) Extension", RFC 8005, DOI 10.17487/RFC8005,
October 2016, <http://www.rfc-editor.org/info/rfc8005>. October 2016, <https://www.rfc-editor.org/info/rfc8005>.
[RFC8046] Henderson, T., Ed., Vogt, C., and J. Arkko, "Host Mobility [RFC8046] Henderson, T., Ed., Vogt, C., and J. Arkko, "Host Mobility
with the Host Identity Protocol", RFC 8046, with the Host Identity Protocol", RFC 8046,
DOI 10.17487/RFC8046, February 2017, DOI 10.17487/RFC8046, February 2017, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc8046>. editor.org/info/rfc8046>.
[RFC8047] Henderson, T., Ed., Vogt, C., and J. Arkko, "Host [RFC8047] Henderson, T., Ed., Vogt, C., and J. Arkko, "Host
Multihoming with the Host Identity Protocol", RFC 8047, Multihoming with the Host Identity Protocol", RFC 8047,
DOI 10.17487/RFC8047, February 2017, DOI 10.17487/RFC8047, February 2017, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc8047>. editor.org/info/rfc8047>.
16.2. Informative references 16.2. Informative references
[amir-hip] [amir-hip]
Amir, K., Forsgren, H., Grahn, K., Karvi, T., and G. Amir, K., Forsgren, H., Grahn, K., Karvi, T., and G.
Pulkkis, "Security and Trust of Public Key Cryptography Pulkkis, "Security and Trust of Public Key Cryptography
for HIP and HIP Multicast", International Journal of for HIP and HIP Multicast", International Journal of
Dependable and Trustworthy Information Systems (IJDTIS), Dependable and Trustworthy Information Systems (IJDTIS),
2(3), 17-35, DOI: 10.4018/jdtis.2011070102, 2013. 2(3), 17-35, DOI: 10.4018/jdtis.2011070102, 2013.
skipping to change at page 38, line 24 skipping to change at page 38, line 24
[pham-leap] [pham-leap]
Pham, V. and T. Aura, "Security Analysis of Leap-of-Faith Pham, V. and T. Aura, "Security Analysis of Leap-of-Faith
Protocols", Seventh ICST International Conference on Protocols", Seventh ICST International Conference on
Security and Privacy for Communication Networks, , Security and Privacy for Communication Networks, ,
September 2011. September 2011.
[RFC2136] Vixie, P., Ed., Thomson, S., Rekhter, Y., and J. Bound, [RFC2136] Vixie, P., Ed., Thomson, S., Rekhter, Y., and J. Bound,
"Dynamic Updates in the Domain Name System (DNS UPDATE)", "Dynamic Updates in the Domain Name System (DNS UPDATE)",
RFC 2136, DOI 10.17487/RFC2136, April 1997, RFC 2136, DOI 10.17487/RFC2136, April 1997,
<http://www.rfc-editor.org/info/rfc2136>. <https://www.rfc-editor.org/info/rfc2136>.
[RFC2535] Eastlake 3rd, D., "Domain Name System Security [RFC2535] Eastlake 3rd, D., "Domain Name System Security
Extensions", RFC 2535, DOI 10.17487/RFC2535, March 1999, Extensions", RFC 2535, DOI 10.17487/RFC2535, March 1999,
<http://www.rfc-editor.org/info/rfc2535>. <https://www.rfc-editor.org/info/rfc2535>.
[RFC2766] Tsirtsis, G. and P. Srisuresh, "Network Address [RFC2766] Tsirtsis, G. and P. Srisuresh, "Network Address
Translation - Protocol Translation (NAT-PT)", RFC 2766, Translation - Protocol Translation (NAT-PT)", RFC 2766,
DOI 10.17487/RFC2766, February 2000, DOI 10.17487/RFC2766, February 2000, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc2766>. editor.org/info/rfc2766>.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, Address Translator (Traditional NAT)", RFC 3022,
DOI 10.17487/RFC3022, January 2001, DOI 10.17487/RFC3022, January 2001, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc3022>. editor.org/info/rfc3022>.
[RFC3102] Borella, M., Lo, J., Grabelsky, D., and G. Montenegro, [RFC3102] Borella, M., Lo, J., Grabelsky, D., and G. Montenegro,
"Realm Specific IP: Framework", RFC 3102, "Realm Specific IP: Framework", RFC 3102,
DOI 10.17487/RFC3102, October 2001, DOI 10.17487/RFC3102, October 2001, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc3102>. editor.org/info/rfc3102>.
[RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
Levkowetz, Ed., "Extensible Authentication Protocol Levkowetz, Ed., "Extensible Authentication Protocol
(EAP)", RFC 3748, DOI 10.17487/RFC3748, June 2004, (EAP)", RFC 3748, DOI 10.17487/RFC3748, June 2004,
<http://www.rfc-editor.org/info/rfc3748>. <https://www.rfc-editor.org/info/rfc3748>.
[RFC4225] Nikander, P., Arkko, J., Aura, T., Montenegro, G., and E. [RFC4225] Nikander, P., Arkko, J., Aura, T., Montenegro, G., and E.
Nordmark, "Mobile IP Version 6 Route Optimization Security Nordmark, "Mobile IP Version 6 Route Optimization Security
Design Background", RFC 4225, DOI 10.17487/RFC4225, Design Background", RFC 4225, DOI 10.17487/RFC4225,
December 2005, <http://www.rfc-editor.org/info/rfc4225>. December 2005, <https://www.rfc-editor.org/info/rfc4225>.
[RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2)
Protocol", RFC 4306, DOI 10.17487/RFC4306, December 2005, Protocol", RFC 4306, DOI 10.17487/RFC4306, December 2005,
<http://www.rfc-editor.org/info/rfc4306>. <https://www.rfc-editor.org/info/rfc4306>.
[RFC4423] Moskowitz, R. and P. Nikander, "Host Identity Protocol [RFC4423] Moskowitz, R. and P. Nikander, "Host Identity Protocol
(HIP) Architecture", RFC 4423, DOI 10.17487/RFC4423, May (HIP) Architecture", RFC 4423, DOI 10.17487/RFC4423, May
2006, <http://www.rfc-editor.org/info/rfc4423>. 2006, <https://www.rfc-editor.org/info/rfc4423>.
[RFC5218] Thaler, D. and B. Aboba, "What Makes for a Successful [RFC5218] Thaler, D. and B. Aboba, "What Makes for a Successful
Protocol?", RFC 5218, DOI 10.17487/RFC5218, July 2008, Protocol?", RFC 5218, DOI 10.17487/RFC5218, July 2008,
<http://www.rfc-editor.org/info/rfc5218>. <https://www.rfc-editor.org/info/rfc5218>.
[RFC5338] Henderson, T., Nikander, P., and M. Komu, "Using the Host [RFC5338] Henderson, T., Nikander, P., and M. Komu, "Using the Host
Identity Protocol with Legacy Applications", RFC 5338, Identity Protocol with Legacy Applications", RFC 5338,
DOI 10.17487/RFC5338, September 2008, DOI 10.17487/RFC5338, September 2008, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc5338>. editor.org/info/rfc5338>.
[RFC5887] Carpenter, B., Atkinson, R., and H. Flinck, "Renumbering [RFC5887] Carpenter, B., Atkinson, R., and H. Flinck, "Renumbering
Still Needs Work", RFC 5887, DOI 10.17487/RFC5887, May Still Needs Work", RFC 5887, DOI 10.17487/RFC5887, May
2010, <http://www.rfc-editor.org/info/rfc5887>. 2010, <https://www.rfc-editor.org/info/rfc5887>.
[RFC6078] Camarillo, G. and J. Melen, "Host Identity Protocol (HIP) [RFC6078] Camarillo, G. and J. Melen, "Host Identity Protocol (HIP)
Immediate Carriage and Conveyance of Upper-Layer Protocol Immediate Carriage and Conveyance of Upper-Layer Protocol
Signaling (HICCUPS)", RFC 6078, DOI 10.17487/RFC6078, Signaling (HICCUPS)", RFC 6078, DOI 10.17487/RFC6078,
January 2011, <http://www.rfc-editor.org/info/rfc6078>. January 2011, <https://www.rfc-editor.org/info/rfc6078>.
[RFC6250] Thaler, D., "Evolution of the IP Model", RFC 6250, [RFC6250] Thaler, D., "Evolution of the IP Model", RFC 6250,
DOI 10.17487/RFC6250, May 2011, DOI 10.17487/RFC6250, May 2011, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc6250>. editor.org/info/rfc6250>.
[RFC6281] Cheshire, S., Zhu, Z., Wakikawa, R., and L. Zhang, [RFC6281] Cheshire, S., Zhu, Z., Wakikawa, R., and L. Zhang,
"Understanding Apple's Back to My Mac (BTMM) Service", "Understanding Apple's Back to My Mac (BTMM) Service",
RFC 6281, DOI 10.17487/RFC6281, June 2011, RFC 6281, DOI 10.17487/RFC6281, June 2011,
<http://www.rfc-editor.org/info/rfc6281>. <https://www.rfc-editor.org/info/rfc6281>.
[RFC6317] Komu, M. and T. Henderson, "Basic Socket Interface [RFC6317] Komu, M. and T. Henderson, "Basic Socket Interface
Extensions for the Host Identity Protocol (HIP)", Extensions for the Host Identity Protocol (HIP)",
RFC 6317, DOI 10.17487/RFC6317, July 2011, RFC 6317, DOI 10.17487/RFC6317, July 2011,
<http://www.rfc-editor.org/info/rfc6317>. <https://www.rfc-editor.org/info/rfc6317>.
[RFC6537] Ahrenholz, J., "Host Identity Protocol Distributed Hash [RFC6537] Ahrenholz, J., "Host Identity Protocol Distributed Hash
Table Interface", RFC 6537, DOI 10.17487/RFC6537, February Table Interface", RFC 6537, DOI 10.17487/RFC6537, February
2012, <http://www.rfc-editor.org/info/rfc6537>. 2012, <https://www.rfc-editor.org/info/rfc6537>.
[RFC6538] Henderson, T. and A. Gurtov, "The Host Identity Protocol [RFC6538] Henderson, T. and A. Gurtov, "The Host Identity Protocol
(HIP) Experiment Report", RFC 6538, DOI 10.17487/RFC6538, (HIP) Experiment Report", RFC 6538, DOI 10.17487/RFC6538,
March 2012, <http://www.rfc-editor.org/info/rfc6538>. March 2012, <https://www.rfc-editor.org/info/rfc6538>.
[sarela-bloom] [sarela-bloom]
Saerelae, M., Esteve Rothenberg, C., Zahemszky, A., Saerelae, M., Esteve Rothenberg, C., Zahemszky, A.,
Nikander, P., and J. Ott, "BloomCasting: Security in Bloom Nikander, P., and J. Ott, "BloomCasting: Security in Bloom
filter based multicast", , Lecture Notes in Computer filter based multicast", , Lecture Notes in Computer
Science 2012, , pages 1-16, Springer Berlin Heidelberg, Science 2012, , pages 1-16, Springer Berlin Heidelberg,
2012. 2012.
[schuetz-intermittent] [schuetz-intermittent]
Schuetz, S., Eggert, L., Schmid, S., and M. Brunner, Schuetz, S., Eggert, L., Schmid, S., and M. Brunner,
 End of changes. 32 change blocks. 
48 lines changed or deleted 47 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/