Host Identity Protocol (HIP) Domain Name System (DNS) Extensions
RFC 5205
Document Type RFC - Experimental (April 2008; Errata)
Obsoleted by RFC 8005
Last updated 2018-10-02
Stream IETF
Formats plain text pdf html bibtex
Reviews
SECDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5205 (Experimental)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Mark Townsley
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                        P. Nikander
Request for Comments: 5205                  Ericsson Research NomadicLab
Category: Experimental                                       J. Laganier
                                                        DoCoMo Euro-Labs
                                                              April 2008

    Host Identity Protocol (HIP) Domain Name System (DNS) Extension

Status of This Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Abstract

   This document specifies a new resource record (RR) for the Domain
   Name System (DNS), and how to use it with the Host Identity Protocol
   (HIP).  This RR allows a HIP node to store in the DNS its Host
   Identity (HI, the public component of the node public-private key
   pair), Host Identity Tag (HIT, a truncated hash of its public key),
   and the Domain Names of its rendezvous servers (RVSs).

Nikander & Laganier           Experimental                      [Page 1]
RFC 5205                   HIP DNS Extension                  April 2008

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Conventions Used in This Document  . . . . . . . . . . . . . .  3
   3.  Usage Scenarios  . . . . . . . . . . . . . . . . . . . . . . .  4
     3.1.  Simple Static Singly Homed End-Host  . . . . . . . . . . .  5
     3.2.  Mobile end-host  . . . . . . . . . . . . . . . . . . . . .  6
   4.  Overview of Using the DNS with HIP . . . . . . . . . . . . . .  8
     4.1.  Storing HI, HIT, and RVS in the DNS  . . . . . . . . . . .  8
     4.2.  Initiating Connections Based on DNS Names  . . . . . . . .  8
   5.  HIP RR Storage Format  . . . . . . . . . . . . . . . . . . . .  9
     5.1.  HIT Length Format  . . . . . . . . . . . . . . . . . . . .  9
     5.2.  PK Algorithm Format  . . . . . . . . . . . . . . . . . . .  9
     5.3.  PK Length Format . . . . . . . . . . . . . . . . . . . . . 10
     5.4.  HIT Format . . . . . . . . . . . . . . . . . . . . . . . . 10
     5.5.  Public Key Format  . . . . . . . . . . . . . . . . . . . . 10
     5.6.  Rendezvous Servers Format  . . . . . . . . . . . . . . . . 10
   6.  HIP RR Presentation Format . . . . . . . . . . . . . . . . . . 10
   7.  Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 12
     8.1.  Attacker Tampering with an Insecure HIP RR . . . . . . . . 12
     8.2.  Hash and HITs Collisions . . . . . . . . . . . . . . . . . 13
     8.3.  DNSSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 13
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 13
   10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 14
   11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
     11.1. Normative references . . . . . . . . . . . . . . . . . . . 14
     11.2. Informative references . . . . . . . . . . . . . . . . . . 15

Nikander & Laganier           Experimental                      [Page 2]
RFC 5205                   HIP DNS Extension                  April 2008

1.  Introduction

   This document specifies a new resource record (RR) for the Domain
   Name System (DNS) [RFC1034], and how to use it with the Host Identity
   Protocol (HIP) [RFC5201].  This RR allows a HIP node to store in the
   DNS its Host Identity (HI, the public component of the node public-
   private key pair), Host Identity Tag (HIT, a truncated hash of its
   HI), and the Domain Names of its rendezvous servers (RVSs) [RFC5204].

   Currently, most of the Internet applications that need to communicate
   with a remote host first translate a domain name (often obtained via
   user input) into one or more IP address(es).  This step occurs prior
   to communication with the remote host, and relies on a DNS lookup.

   With HIP, IP addresses are intended to be used mostly for on-the-wire
   communication between end hosts, while most Upper Layer Protocols
   (ULP) and applications use HIs or HITs instead (ICMP might be an
   example of an ULP not using them).  Consequently, we need a means to
   translate a domain name into an HI.  Using the DNS for this
   translation is pretty straightforward: We define a new HIP resource
   record.  Upon query by an application or ULP for a name to IP address
   lookup, the resolver would then additionally perform a name to HI
   lookup, and use it to construct the resulting HI to IP address
   mapping (which is internal to the HIP layer).  The HIP layer uses the
   HI to IP address mapping to translate HIs and HITs into IP addresses
   and vice versa.

   The HIP Rendezvous Extension [RFC5204] allows a HIP node to be
   reached via the IP address(es) of a third party, the node's
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools