Host Identity Payload BOF
BOF Chair: Tim Shepard
Summary of meeting (written by Tim Shepard)
The HIP BOF was held Tuesday afternoon at the 50th IETF in Minneapolis.
HIP is currently a collection of three internet drafts authored by Robert Moskowitz:
HIP introduces a Host Identity (HID) which is a public key. In HIP, transport connections would be bound to the HID instead of the IP addresses. How this is used is described in the drafts. It proposes changing end systems, not routers (but there are implications for middle boxes).
Doing HIP may simplify the solutions to some problems such as address renumbering, mobility, establishment of quick security associations for IPSEC, and NAT traversal of IPSEC protected traffic. Each of these problems is already being addressed in one form or another elsewhere in the IETF. Addressing these problems in a unified approach my yield a cleaner architecture and simpler and/or better solutions.
The drafts were presented by Robert Moskowitz and discussed briefly.
Then we had an open discussion about what we should do. Most all expressed concerns, though more than a few expressed support.
At the end, Jeff asked for a show of hands to determine if we should or should not pursue further work on HIP and the show of hands was an overwhelming "yes we should pursue further work", though a few (less than 10) showed hands for "we should not pursue further work".
But we were unsure of specifics and were out of time, so the meeting was adjourned without a discussion of charter specifics.
Notes collected by Luis Sanchez during meeting (edited by Tim Shepard)
HIP Overview (Bob Moskowitz)
HIP is a crypt based host identity. We are naming the kernel. It is a payload, protocol and port number with a state machine. THere are 3 drafts out there. There is work is progress with comments. What are the design goals?
o TO separate IP and TCP.
o TO support mobility,
o TO provide addressing realm friendliness
- HIP has security built-in
- It contains self-signed cert.
- It is resilient and provides opportunistic negotiation
What is Host Identity
- It is a public key.
- Contains defaults 128 bits keys for global in scope
- Includes system calls
- 32 bit hash for IPv4 accommodation mode
- replace IP address as a name system
- minimum support infrastructure
- Use dnssec
- DoS resiliency built in
- expanding addressing realms
- address Realm gateway
- host local address management
- mimiman computational
- 4 packet handshake
Protocol Control MEchanism
- rekeying is a local decision
Bob Francis: Would HIP works with vanilla NAT boxes?
Bob M. Yes, it would.
Michael: If HIP it used you will loose the ability to aggregate addresses.
Bob M. There is a special format for aggregation. See section 4.1 of implementation draft. Communities of tags and set tags.
??: How does HIP work with QoS?
Bob M. Same as with ESP now. If you are using ESP with NULL encryption then ok, otherwise the host marks the DSCP code.
Steve Kent: We need better characterization of the problem. ESP transport only in syntax not in the appropriate context.
Bob M: ESP and IPsec would have to change.
??: How does this idea enable fast mobility?
Bob M.: IP addresses are not important only the SA so the binding exists regardless. THere is no need for MObile IP.
Discussions (Tim Shepard)
HIP proclaims that it can solve several problems. Each one of these problems is being addressed somewhere else in the IETF. So what should we do next?
- Take this through the standards process?
Hilarie Orman: So what is the problem again? Mobility, multihoming and security? You presented a mechanism rather than problem statement.
JI: It is not clear that we need this and why it needs to be HIP. Sure we should have relaxed the SPI lookup. Once we have the cryptographic credential then we don't need anything else. In most cases we don't care what it is.
??: This seems like a layer 3 processing what about the routers. Would HIP introduce fundamental changes to IP routing?
Bob M.: Routers will forward like they do now.
??: we have ACLs so forget about it. Separating the transport from IP and fixing the APIs is useful. There is another proposal in this space (PPK).
The one thing we do poorly in the IETF is architecture so this work might be useful.
M. Patton: What Bob is proposing reminds me of NIMROD. I like it as a base.
S. Bellovin: A real identity would be good. I'm concern about the difficulty of deploying this. IPsec is already hard to deploy. Very intrusive. We need a challenge.
P. Roberts: If someone is moving how do we get the address routed correctly.
Bob M.: The applications are bound. Yes this is layer 3.5 and HIP is an example of PPK. NIMROD is a change to the infrastructure. HIP is to the end user. If both move then we are hose.
??: this really looks like Steve Bellovin previous approach.
Steve Deering: This affects end-hosts and middle boxes. How does HIP really support mobility? DNS is used to get the identifier.
Huge: we need more people to work on this.
??: 1 to 1 correlation.
JI: I did MIP about 10 ago. We deciding that changing the stack will not work. Microsft is not going to do it. Stream depression about changing kernel.
??: How about multicast?
Bob M.: Weed to modify HIP to support multicast (surprise!)
Christian: It is difficult to change the host stack. Microsoft has IPsec in W2k. Problems with NATs perhaps.
??: Don't use this to multicast.
Bill S.: Apps need to migrate. Shims might be available.
B. Dixon: Microsoft needs to change their stack to deploy v6 so we could do this.
???: there are good reasons to migrate.
What do we do?
Tim: show of hands. Would you be interested in HIP?
??: don't we need to figure out a problem and requirements first.
Jeff: Show of hands. How many people believe that we need to explore this in the context of a WG? Show of hands: Yes: many (> 50) No: 7 (approx).
HIP -- The Host Identity Payload/Protocol