HIPRG meeting Thursday December 6, 2007 1300-1500 Oak Room Notes courtesy of Andrew McGregor. Approximately 40 people attended the RG meeting. Administrative note: Supplemental site (wiki) was taken down due to spam, is moving into the IRTF wiki, details to be posted. -Security issues with HIP middlebox traversal. draft-heer-hip-middle-auth-00.txt P2P WiFi sharing architecture talk/demo. (Tobias Heer) --20 min Philip Matthews: There has been a lot of work in the IETF on how to talk to middleboxes... 15 ways, only 3 non-failures. You might want to go off and join the discussion so this doesn't disappear. Miika Komu: I think this is a good application of HIP. Andrew McGregor: I'm a bit concerned about making the responder solve a puzzle... that somewhat breaks the design of HIP. Also, this could be a solution for authenticating to IPv6 firewalls to allow HIT-based ACLs. Martin S: I'm somewhat confused by what the middlebox is... is it a NAT or what? A: It could be a more generic middlebox. Miika K: It could also be a MM proxy/rvs. -HIP and the Secure Mobile Architecture (SMA)- (Richard Paine) --10 minutes Andrew M: I totally agree about the size of the SCADA market... it's huge. Also, this is a really cool bit of networking :-) Philip M: So, this is basically a HIP-based VPN? A: Sort of... there's broader access control, in that sometimes these need to talk to, for example, logging services. -Update on HIPL experimentation and InfraHIP II project. (Miika Komu). --15 min -Host Identity Specific Multicast (Andrei Gurtov for Rolland Vida). --20 min - P2PSIP-related presentations David Bryan: It would be nice for some HIP people to show up in P2PSIP lists, and post impressions of these talks there too. Miika: Would it be useful to have a HIP intro at the next IETF? Dave: I think so, but it's a bit late for P2PSIP Andrew M: I think the multicast material looks like a useful primitive. Also, HIP has a fairly strong running-code tradition, which should be emphasised. -P2PSIP proxy talk/demo. (Joakim Koskela) draft-hautakorpi-p2psip-with-hip-01.txt --15 min ?: I think there's a HIP draft which explains HIP resolution via DHT? A: This is about the ability to send the HIP base exchange via the overlay, to help with NAT traversal for example. Andrew M: General P2PSIP question: how much interest/work is there in P2PSIP about supporting applications other than SIP? Philip M: I'd say a year ago, primarily SIP, but now there's much more interest in running general applications, and all the leading proposals do at least theoretically support more general apps. -P2PSIP system that is using the NodeID architecture (Martin Stiemerling). Experience on HIP deployment in Ambient Networks. --20 min -- this is a general overlay (I was a bit previous) Tom H: How large a client population have you tried? MS: Some, but not huge as so far we've largely been functional testing. MS: zeroconf and bootstrap are part of the project... just not part of this talk -Problems in using HIP for P2PSIP (Philip Matthews) Credentials: Why not just use a credential-bound HI? Bare HIT: Overlay should do neighbour discovery for these PM: node running in multiple overlays simultaneously regarding HIT vs IPv6 LSI PM: HIP allows P2P overlays to run legacy apps without change discussion of applications using embedded addresses AM: practical experience with HIP shows that it's not a very big problem AM: another possibility is to have the overlays try and route the HIT