IRTF HIP Research Group T. Henderson Internet-Draft The Boeing Company Expires: April 13, 2005 A. Gurtov HIIT October 13, 2004 HIP Experiment Report draft-irtf-hip-experiment-00 Status of this Memo This document is an Internet-Draft and is subject to all provisions of section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 13, 2005. Copyright Notice Copyright (C) The Internet Society (2004). Abstract This is the initial draft of the HIP-RG experiment report. Henderson & Gurtov Expires April 13, 2005 [Page 1] Internet-Draft HIP Experiment Report October 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 What is HIP? . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. HIP architectural overview . . . . . . . . . . . . . . . . . . 4 2.1 Basic HIP architectural elements . . . . . . . . . . . . . 4 2.1.1 Separating identifier from locator . . . . . . . . . . 4 2.1.2 Cryptographic name space . . . . . . . . . . . . . . . 4 2.1.3 HIP handshake . . . . . . . . . . . . . . . . . . . . 4 2.1.4 Mobility management . . . . . . . . . . . . . . . . . 4 2.1.5 Initial rendezvous . . . . . . . . . . . . . . . . . . 4 2.1.6 Host multihoming . . . . . . . . . . . . . . . . . . . 4 2.1.7 DNS resource record . . . . . . . . . . . . . . . . . 4 2.2 Advanced HIP concepts . . . . . . . . . . . . . . . . . . 4 2.2.1 Referrals . . . . . . . . . . . . . . . . . . . . . . 4 2.2.2 Overlay routing and rendezvous . . . . . . . . . . . . 5 2.2.3 Lighterweight HIP . . . . . . . . . . . . . . . . . . 5 2.2.4 Common Endpoint Locator Pools (CELP) . . . . . . . . . 5 2.2.5 NAT traversal . . . . . . . . . . . . . . . . . . . . 5 2.2.6 Managing identities and privacy . . . . . . . . . . . 5 2.2.7 BLIND . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.8 native API . . . . . . . . . . . . . . . . . . . . . . 5 2.2.9 HIP cookie mechanism . . . . . . . . . . . . . . . . . 5 3. HIP architectural/deployment impact . . . . . . . . . . . . . 6 4. HIP experience . . . . . . . . . . . . . . . . . . . . . . . . 7 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 8 Intellectual Property and Copyright Statements . . . . . . . . 9 Henderson & Gurtov Expires April 13, 2005 [Page 2] Internet-Draft HIP Experiment Report October 2004 1. Introduction This document summarizes the work and experiences of the Host Identity Protocol IRTF Research Group (HIP-RG). The HIP-RG was chartered to explore the possible benefits and consequences of deploying the Host Identity Protocol architecture [1] in the Internet. 1.1 What is HIP? The Host Identity Protocol introduces a new name space, the "host identity" name space, to the Internet architecture. The express purpose of this new name space is to allow for the decoupling of identifiers (host identities) and locators (IP addresses) in the architecture. The authors and technical contributors to HIP have assumed that HIP will allow for alternative solutions for several of the Internet's challenging technical problems. Although there have been many architectural proposals to decouple identifiers and locators over the past 20 years, HIP is currently the most actively developed proposal in this area. A number of experimental draft specifications are in work in the IETF's HIP Working Group, including the HIP base protocol [2], among other drafts dealing with mobility management, DNS resource records, and HIP rendezvous servers. Section 2 below provides an overview of HIP. 1.2 Scope The research group is tasked with producing an "experiment report" documenting the collective experiences and lessons learned from other studies, related experimentation, and designs completed by the research group. The question of whether the basic identifier/locator split assumption is valid falls beyond the scope of this research group. When indicated by its studies, the HIP RG can suggest extensions and modifications to the protocol and architecture. It is also in scope for the RG to study, in a wider sense, the consequences and effects that wide-scale adoption of any type of separation of the identifier and locator roles of IP addresses is likely to have. Henderson & Gurtov Expires April 13, 2005 [Page 3] Internet-Draft HIP Experiment Report October 2004 2. HIP architectural overview Note: The purpose of this section is to summarize basic features (identifier name space, handshake, mob. mgmt., multi-homing, DNS RR, and initial rendezvous) and then introduce more advanced proposals (HIT resolution, advanced rendezvous/overlay architectures, lighterweight HIP, ...). For example, some infrastructure impacts might be overcome by a clever idea that someone proposed but that is not yet included in the HIP-WG scope. 2.1 Basic HIP architectural elements 2.1.1 Separating identifier from locator Reference Saltzer, Chiappa, others... Just briefly touch on the implications of this (less security if not secured somehow, need for new name service) 2.1.2 Cryptographic name space Introduce motivation for this part of HIP 2.1.3 HIP handshake Reference SIGMA and client puzzles papers for more information 2.1.4 Mobility management briefly describe how this works, and provide reference 2.1.5 Initial rendezvous briefly describe how this works, and provide reference 2.1.6 Host multihoming briefly describe how this works, and provide reference 2.1.7 DNS resource record briefly describe how this works, and provide reference 2.2 Advanced HIP concepts 2.2.1 Referrals a.k.a. HIT resolution Henderson & Gurtov Expires April 13, 2005 [Page 4] Internet-Draft HIP Experiment Report October 2004 2.2.2 Overlay routing and rendezvous Discuss the work on i3, Lars's more advanced draft, ... 2.2.3 Lighterweight HIP Discuss and reference the multi6 proposal. 2.2.4 Common Endpoint Locator Pools (CELP) Introduce the problem, and reference Crocker/Doria. 2.2.5 NAT traversal Dealing with legacy middleboxes. 2.2.6 Managing identities and privacy e.g. location privacy 2.2.7 BLIND keeping complete identity protection 2.2.8 native API reference Mika's work 2.2.9 HIP cookie mechanism more egalitarian cookie functions? Henderson & Gurtov Expires April 13, 2005 [Page 5] Internet-Draft HIP Experiment Report October 2004 3. HIP architectural/deployment impact This section describes positive and negative implications of deploying HIP. Where possible, we provide experimental evidence to support claims-- otherwise, identify them as conjecture. Initial list of issues to cover here: 1. Impact on host stack implementations 2. application impact and API 3. impact on DNS 4. managing and securing host identities 5. access control lists 6. firewall/NAT issues 7. HIT resolution infrastructure 8. location privacy issues 9. advanced rendezvous/overlay architectures 10. lighterweight HIP Henderson & Gurtov Expires April 13, 2005 [Page 6] Internet-Draft HIP Experiment Report October 2004 4. HIP experience This section describes any real-world HIP experience. Include also recommendations to change HIP? HIP experience: 1. DoS protection on HIP handshake 2. managing locator sets 3. NAT traversal experience 4. rendezvous server experience 5. application experience 6. implementation experience Henderson & Gurtov Expires April 13, 2005 [Page 7] Internet-Draft HIP Experiment Report October 2004 5. Acknowledgments 6 References [1] Moskowitz, R., "Host Identity Protocol Architecture", draft-moskowitz-hip-arch-06 (work in progress), June 2004. [2] Moskowitz, R., Nikander, P., Jokela, P. and T. Henderson, "Host Identity Protocol", draft-ietf-hip-base-00 (work in progress), June 2004. Authors' Addresses Tom Henderson The Boeing Company P.O. Box 3707 Seattle, WA USA EMail: thomas.r.henderson@boeing.com Andrei Gurtov HIIT Helsinki Institute for Information Technology Advanced Research Unit (ARU) P.O. Box 9800 Helsinki FIN-02015-HUT FINLAND Phone: +358 9 451 1 EMail: gurtov@cs.helsinki.fi Henderson & Gurtov Expires April 13, 2005 [Page 8] Internet-Draft HIP Experiment Report October 2004 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Henderson & Gurtov Expires April 13, 2005 [Page 9]