[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Machine Identity

To: Stephane Bortzmeyer <bortzmeyer at nic.fr>
Subject: Re: Machine Identity
From: Dave Crocker <dhc at dcrocker.net>
Date: Thu, 28 Feb 2008 08:01:18 -0800
Cc: discuss at apps.ietf.org
Delivered-to: ietfarch-discuss-web-archive at core3.amsl.com
Delivered-to: discuss at core3.amsl.com
In-reply-to: <20080228112318.GA23196 at nic.fr>
List-help: <mailto:discuss-request@ietf.org?subject=help>
List-id: general discussion of application-layer protocols <discuss.ietf.org>
List-post: <mailto:discuss@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=unsubscribe>
References: <20080226130527.GA1404 at generic-nic.net> <20080228112318.GA23196 at nic.fr>
Reply-to: dcrocker at bbiw.net
Sender: discuss-bounces at ietf.org
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)



Stephane Bortzmeyer wrote:

On Tue, Feb 26, 2008 at 02:05:27PM +0100,

Stephane Bortzmeyer <bortzmeyer at nic.fr> wrotea message of 19 lines which said:

There are solutions for some protocols (SSH keys of RFC 4251 or Host
Identifiers of HIP in RFC 4423 are two good examples) but no general
"identity layer" in the Internet architecture.


An example of an Use Case is given by IKE (RFC 4306). Section 3.5
lists several possible identities for a machine, and there is not a
clear unique way to define this identity (identities like ID_IPV4_ADDR
are typically a poor way to define a machine on the network).



What I found was:

     "used for policy lookup... may be used by an
   implementation to perform access control decisions"

That means that the identifier must be persistent and public, I believe. It'sunlikely that a statistically rare (rather than unique) identifier would beacceptable for this. That means a uniqueness registration process is required.


Domain names satisfy these requirements.

So what's wrong with using them for the applications you have in mind?

d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

References:
- Machine Identity
  - From: Stephane Bortzmeyer
- Re: Machine Identity
  - From: Stephane Bortzmeyer

Prev by Date: Re: Machine Identity
Next by Date: Re: Service Identity (Re: Machine Identity)
Previous by thread: Re: Machine Identity
Next by thread: this list is moving and being renamed as apps-discuss at ietf.org
Index(es):
- Date
- Thread