Skip to main content

Host Identity Payload
charter-ietf-hip-old-01

Document Proposed charter Host Identity Payload WG (hip-old)
Title Host Identity Payload
Last updated 2003-12-10
State No document state
WG State Concluded
IESG Responsible AD (None)
Charter edit AD (None)
Send notices to (None)

charter-ietf-hip-old-01

IP has suffered for the lack of security. Efforts like IPsec and
DNSSEC
have added various levels of security to IP, but have not addressed
some
of the fundamental security deficiencies in IP. By adding a
cryptographic Host Identity and a payload for its exchange between two
hosts, we can greatly enhance the security of IP while addressing a
fundamental flaw in IP. This flaw being the lack of a true identity
for
a host that is independent of how IP packets are routed to a host.

By adding a Host Identity namespace to the IP protocol, the role of the
IP address changes to simply a packet forwarding namespace, since all
of
the higher protocols are bound to the Host Identity. This provides for
cleaner host mobility and addressing realm transition (i.e. NAT)
methodology. However, adding a Host Identity provides for a new class
of Denial Of Service attacks, and thus the Host Identity Payload (HIP)
and its exchange protocol are carefully crafted to not only avoid
introducing DOS attacks, but also to lessen the opportunity for the
existing transport level DOS attacks.