Host Identity Protocol (HIP) Domain Name System (DNS) Extensions
RFC 5205
| Document | Type |
RFC - Experimental
(April 2008; Errata)
Obsoleted by RFC 8005
Was draft-ietf-hip-dns (hip WG)
|
|
|---|---|---|---|
| Last updated | 2018-10-02 | ||
| Stream | IETF | ||
| Formats | plain text pdf htmlized with errata bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 5205 (Experimental) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Mark Townsley | ||
| Send notices to | (None) | ||
Network Working Group P. Nikander
Request for Comments: 5205 Ericsson Research NomadicLab
Category: Experimental J. Laganier
DoCoMo Euro-Labs
April 2008
Host Identity Protocol (HIP) Domain Name System (DNS) Extension
Status of This Memo
This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Abstract
This document specifies a new resource record (RR) for the Domain
Name System (DNS), and how to use it with the Host Identity Protocol
(HIP). This RR allows a HIP node to store in the DNS its Host
Identity (HI, the public component of the node public-private key
pair), Host Identity Tag (HIT, a truncated hash of its public key),
and the Domain Names of its rendezvous servers (RVSs).
Nikander & Laganier Experimental [Page 1]
RFC 5205 HIP DNS Extension April 2008
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions Used in This Document . . . . . . . . . . . . . . 3
3. Usage Scenarios . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Simple Static Singly Homed End-Host . . . . . . . . . . . 5
3.2. Mobile end-host . . . . . . . . . . . . . . . . . . . . . 6
4. Overview of Using the DNS with HIP . . . . . . . . . . . . . . 8
4.1. Storing HI, HIT, and RVS in the DNS . . . . . . . . . . . 8
4.2. Initiating Connections Based on DNS Names . . . . . . . . 8
5. HIP RR Storage Format . . . . . . . . . . . . . . . . . . . . 9
5.1. HIT Length Format . . . . . . . . . . . . . . . . . . . . 9
5.2. PK Algorithm Format . . . . . . . . . . . . . . . . . . . 9
5.3. PK Length Format . . . . . . . . . . . . . . . . . . . . . 10
5.4. HIT Format . . . . . . . . . . . . . . . . . . . . . . . . 10
5.5. Public Key Format . . . . . . . . . . . . . . . . . . . . 10
5.6. Rendezvous Servers Format . . . . . . . . . . . . . . . . 10
6. HIP RR Presentation Format . . . . . . . . . . . . . . . . . . 10
7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8. Security Considerations . . . . . . . . . . . . . . . . . . . 12
8.1. Attacker Tampering with an Insecure HIP RR . . . . . . . . 12
8.2. Hash and HITs Collisions . . . . . . . . . . . . . . . . . 13
8.3. DNSSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 13
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
11.1. Normative references . . . . . . . . . . . . . . . . . . . 14
11.2. Informative references . . . . . . . . . . . . . . . . . . 15
Nikander & Laganier Experimental [Page 2]
RFC 5205 HIP DNS Extension April 2008
1. Introduction
This document specifies a new resource record (RR) for the Domain
Name System (DNS) [RFC1034], and how to use it with the Host Identity
Protocol (HIP) [RFC5201]. This RR allows a HIP node to store in the
DNS its Host Identity (HI, the public component of the node public-
private key pair), Host Identity Tag (HIT, a truncated hash of its
HI), and the Domain Names of its rendezvous servers (RVSs) [RFC5204].
Currently, most of the Internet applications that need to communicate
with a remote host first translate a domain name (often obtained via
user input) into one or more IP address(es). This step occurs prior
to communication with the remote host, and relies on a DNS lookup.
With HIP, IP addresses are intended to be used mostly for on-the-wire
communication between end hosts, while most Upper Layer Protocols
(ULP) and applications use HIs or HITs instead (ICMP might be an
example of an ULP not using them). Consequently, we need a means to
translate a domain name into an HI. Using the DNS for this
translation is pretty straightforward: We define a new HIP resource
record. Upon query by an application or ULP for a name to IP address
lookup, the resolver would then additionally perform a name to HI
lookup, and use it to construct the resulting HI to IP address
mapping (which is internal to the HIP layer). The HIP layer uses the
HI to IP address mapping to translate HIs and HITs into IP addresses
and vice versa.
The HIP Rendezvous Extension [RFC5204] allows a HIP node to be
reached via the IP address(es) of a third party, the node's
Show full document text