draft-ietf-hip-rfc5205-bis-04.txt   draft-ietf-hip-rfc5205-bis-05.txt 
Network Working Group J. Laganier Network Working Group J. Laganier
Internet-Draft Luminate Wireless, Inc. Internet-Draft Luminate Wireless, Inc.
Obsoletes: 5205 (if approved) January 16, 2014 Obsoletes: 5205 (if approved) July 22, 2014
Intended status: Standards Track Intended status: Standards Track
Expires: July 20, 2014 Expires: January 23, 2015
Host Identity Protocol (HIP) Domain Name System (DNS) Extension Host Identity Protocol (HIP) Domain Name System (DNS) Extension
draft-ietf-hip-rfc5205-bis-04 draft-ietf-hip-rfc5205-bis-05
Abstract Abstract
This document specifies a new resource record (RR) for the Domain This document specifies a new resource record (RR) for the Domain
Name System (DNS), and how to use it with the Host Identity Protocol Name System (DNS), and how to use it with the Host Identity Protocol
(HIP). This RR allows a HIP node to store in the DNS its Host (HIP). This RR allows a HIP node to store in the DNS its Host
Identity (HI, the public component of the node public-private key Identity (HI, the public component of the node public-private key
pair), Host Identity Tag (HIT, a truncated hash of its public key), pair), Host Identity Tag (HIT, a truncated hash of its public key),
and the Domain Names of its rendezvous servers (RVSs). This document and the Domain Names of its rendezvous servers (RVSs). This document
obsoletes RFC5205. obsoletes RFC5205.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 20, 2014. This Internet-Draft will expire on January 23, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 43 skipping to change at page 4, line 43
server as a rendezvous point to maintain reachability with possible server as a rendezvous point to maintain reachability with possible
HIP initiators while moving [RFC5206]. Such a HIP node would publish HIP initiators while moving [RFC5206]. Such a HIP node would publish
in the DNS its RVS domain name(s) in a HIP RR, while keeping its RVS in the DNS its RVS domain name(s) in a HIP RR, while keeping its RVS
up-to-date with its current set of IP addresses. up-to-date with its current set of IP addresses.
When a HIP node wants to initiate a HIP exchange with a Responder, it When a HIP node wants to initiate a HIP exchange with a Responder, it
will perform a number of DNS lookups. Depending on the type of will perform a number of DNS lookups. Depending on the type of
implementation, the order in which those lookups will be issued may implementation, the order in which those lookups will be issued may
vary. For instance, implementations using HIT in APIs may typically vary. For instance, implementations using HIT in APIs may typically
first query for HIP resource records at the Responder FQDN, while first query for HIP resource records at the Responder FQDN, while
those using an IP address in APIs may typically first query for A and those using an IP address in APIs may typically first query for A
/or AAAA resource records. and/or AAAA resource records.
In the following, we assume that the Initiator first queries for HIP In the following, we assume that the Initiator first queries for HIP
resource records at the Responder FQDN. resource records at the Responder FQDN.
If the query for the HIP type was responded to with a DNS answer with If the query for the HIP type was responded to with a DNS answer with
RCODE=3 (Name Error), then the Responder's information is not present RCODE=3 (Name Error), then the Responder's information is not present
in the DNS and further queries for the same owner name SHOULD NOT be in the DNS and further queries for the same owner name SHOULD NOT be
made. made.
In case the query for the HIP records returned a DNS answer with In case the query for the HIP records returned a DNS answer with
skipping to change at page 11, line 38 skipping to change at page 11, line 38
base16-encoded-hit base16-encoded-hit
base64-encoded-public-key ) base64-encoded-public-key )
7. Examples 7. Examples
In the examples below, the public key field containing no whitespace In the examples below, the public key field containing no whitespace
is wrapped since it does not fit in a single line of this document. is wrapped since it does not fit in a single line of this document.
Example of a node with HI and HIT but no RVS: Example of a node with HI and HIT but no RVS:
www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578 www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578
AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI
9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ry
b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D ) ra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXd
XF5D )
Example of a node with a HI, HIT, and one RVS: Example of a node with a HI, HIT, and one RVS:
www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578 www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578
AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI
9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ry
b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D ra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXd
rvs.example.com. ) XF5D
rvs.example.com. )
Example of a node with a HI, HIT, and two RVSs: Example of a node with a HI, HIT, and two RVSs:
www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578 www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578
AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI
9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ry
b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D ra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXd
rvs1.example.com. XF5D
rvs2.example.com. ) rvs1.example.com.
rvs2.example.com. )
8. Security Considerations 8. Security Considerations
This section contains a description of the known threats involved This section contains a description of the known threats involved
with the usage of the HIP DNS Extension. with the usage of the HIP DNS Extension.
In a manner similar to the IPSECKEY RR [RFC4025], the HIP DNS In a manner similar to the IPSECKEY RR [RFC4025], the HIP DNS
Extension allows for the provision of two HIP nodes with the public Extension allows for the provision of two HIP nodes with the public
keying material (HI) of their peer. These HIs will be subsequently keying material (HI) of their peer. These HIs will be subsequently
used in a key exchange between the peers. Hence, the HIP DNS used in a key exchange between the peers. Hence, the HIP DNS
skipping to change at page 14, line 35 skipping to change at page 14, line 38
12.1. Normative references 12.1. Normative references
[I-D.ietf-hip-rfc5201-bis] [I-D.ietf-hip-rfc5201-bis]
Moskowitz, R., Heer, T., Jokela, P., and T. Henderson, Moskowitz, R., Heer, T., Jokela, P., and T. Henderson,
"Host Identity Protocol Version 2 (HIPv2)", draft-ietf- "Host Identity Protocol Version 2 (HIPv2)", draft-ietf-
hip-rfc5201-bis-14 (work in progress), October 2013. hip-rfc5201-bis-14 (work in progress), October 2013.
[I-D.ietf-hip-rfc5204-bis] [I-D.ietf-hip-rfc5204-bis]
Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) Laganier, J. and L. Eggert, "Host Identity Protocol (HIP)
Rendezvous Extension", draft-ietf-hip-rfc5204-bis-03 (work Rendezvous Extension", draft-ietf-hip-rfc5204-bis-04 (work
in progress), December 2013. in progress), June 2014.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987. STD 13, RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
 End of changes. 9 change blocks. 
23 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/