One document matched: draft-ponomarev-hip-hit2ip-00.txt
Host Identity Protocol O. Ponomarev
Internet-Draft A. Gurtov
Intended status: Experimental Helsinki Institute for Information
Expires: July 24, 2009 Technology
January 20, 2009
Using DNS as an Access Protocol for Mapping Host Identitity Tags to IP
addresses
draft-ponomarev-hip-hit2ip-00
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 24, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Ponomarev & Gurtov Expires July 24, 2009 [Page 1]
Internet-Draft HIT-TO-IP DNS January 2009
Abstract
This document proposes a mechanism to access and manage Host Identity
Tag (HIT) to IP address mappings using the Domain Name System (DNS).
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. HIT to IP addresses mappings in the DNS . . . . . . . . . . . . 4
2.1. Preconfigured Domain . . . . . . . . . . . . . . . . . . . 4
2.2. Listing IP Addresses of the System . . . . . . . . . . . . 4
2.3. Link to another domain . . . . . . . . . . . . . . . . . . 4
2.4. Managing the Records . . . . . . . . . . . . . . . . . . . 5
3. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
4. Normative References . . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
Ponomarev & Gurtov Expires July 24, 2009 [Page 2]
Internet-Draft HIT-TO-IP DNS January 2009
1. Introduction
One of the approaches to use legacy applications[RFC5338] with Host
Identity Protocol[RFC4423] is to use HIT as IPv6 address. The
application may receive them from the nameserver, store internally
and connect directly to a HIT. The HIP software would receive packet
with HIT as a destination IPv6 address without any additional
information about the current locator and therefore some HIT
resolution service is needed in this case. This document suggests
the DNS as an access protocol to such a service and proposes the
usage conventions.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119[RFC2119].
Ponomarev & Gurtov Expires July 24, 2009 [Page 3]
Internet-Draft HIT-TO-IP DNS January 2009
2. HIT to IP addresses mappings in the DNS
Domain Name System is well-known to systems administators and there
is much experience with operations under high load. It also allows
dynamic modifications to reflect the changes of IP addresses and has
low overhead when compared to many other protocols. It is used now,
for example, to get IP address reputations from various blacklists.
2.1. Preconfigured Domain
The systems using this method MUST have the same domain pre-
configured, for example hit-to-ip.example.net. A HIT is represented
as a sequence of nibbles separated by dots and followed by the suffix
similarly to IPv6 addresses in ip6.arpa[RFC3596]
For example, the domain name corresponding to the HIT
2001:10:1234:5678:9abc:def0:1234:5678
would be
8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
hit-to-ip.example.net
2.2. Listing IP Addresses of the System
The A/AAAA resource record types MAY be used to specify the IP/IPv6
addresses of the system. There MAY be multiple locators listed for a
HIT.
For example, the system with IP address 192.0.2.1 and IPv6 address
2001:DB8::1 would have the following records
8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
hit-to-ip.example.net.
1 IN A 192.0.2.1
8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
hit-to-ip.example.net.
1 IN AAAA 2001:DB8::1
2.3. Link to another domain
The CNAME resource record types MAY be used to specify another domain
to lookup the locators of the system.
8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
hit-to-ip.example.net.
86400 IN CNAME 8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.
Ponomarev & Gurtov Expires July 24, 2009 [Page 4]
Internet-Draft HIT-TO-IP DNS January 2009
4.3.2.1.0.1.0.0.1.0.0.2.hit-to-ip.domain.example.
2.4. Managing the Records
The system MAY send DNS UPDATE[RFC2136] to the server provided by SOA
MNAME field of the domain. The system MUST use HIT as the source
address in this case. The system MAY add or delete A/AAAA or CNAME
records for its own HIT representation. The domain provided in SOA
MNAME field of the preconfigured domain MUST have Host Identity of
the server stored in DNS, the IP addresses MUST be listed in that
domain using suggested method and the server MUST accept DNS UPDATE
messages, which add or delete A/AAAA or CNAME records for the HIT
representation of the client after successfull HIP base exchange.
Ponomarev & Gurtov Expires July 24, 2009 [Page 5]
Internet-Draft HIT-TO-IP DNS January 2009
3. Security Considerations
This section should be added to the draft later on.
Ponomarev & Gurtov Expires July 24, 2009 [Page 6]
Internet-Draft HIT-TO-IP DNS January 2009
4. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound,
"Dynamic Updates in the Domain Name System (DNS UPDATE)",
RFC 2136, April 1997.
[RFC3596] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi,
"DNS Extensions to Support IP Version 6", RFC 3596,
October 2003.
[RFC4423] Moskowitz, R. and P. Nikander, "Host Identity Protocol
(HIP) Architecture", RFC 4423, May 2006.
[RFC5338] Henderson, T., Nikander, P., and M. Komu, "Using the Host
Identity Protocol with Legacy Applications", RFC 5338,
September 2008.
Ponomarev & Gurtov Expires July 24, 2009 [Page 7]
Internet-Draft HIT-TO-IP DNS January 2009
Authors' Addresses
Oleg Ponomarev
Helsinki Institute for Information Technology
HIIT, PO Box 9800
TKK FIN-02015
Finland
Email: oleg.ponomarev@hiit.fi
Andrei Gurtov
Helsinki Institute for Information Technology
HIIT, PO Box 9800
TKK FIN-02015
Finland
Email: gurtov@cs.helsinki.fi
Ponomarev & Gurtov Expires July 24, 2009 [Page 8]
| PAFTECH AB 2003-2026 | 2026-04-24 01:31:33 |