Using the Host Identity Protocol with Legacy Applications
RFC 5338

Note: This ballot was opened for revision 04 and is now closed.

(Jari Arkko) Yes

(Lars Eggert) (was No Objection) Yes

Comment (2007-06-05 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Section 3.1., paragraph 3:
>    There are a number of ways that HIP could be used in such a scenario.

  I'd be good to discuss that at least the "opportunistic" and "use DNS
  to map IP to HI" ways can incur additional delays compared to using
  plain IP: For opportunistic HIP, you don't know if the other guy
  speaks HIP, so you need to wait for a while before you can be
  reasonably sure no I2 will come in anymore. The DNS adds some
  roundtrips for the lookups.


Section 3.2., paragraph 1:
>    If host identifiers are bound to domain names (with a trusted DNS)
>    the following are possible:

  A third option would be to temporarily cache the HITs returned with a
  DNS lookup, indexed by the IP addresses returned in the same entry,
  and pass the IP addresses up to the application as usual. If an
  application connects to one of those IP addresses within a short time
  after the lookup, initiate a base exchange using the cached HITs. The
  benefit is that this removes the uncertainty/delay associated with
  opportunistic HIP, because you know the peer speaks HIP.

(Mark Townsley) Yes

(Ron Bonica) No Objection

(Ross Callon) No Objection

(Sam Hartman) No Objection

Comment (2007-06-06 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
I support Lisa's comment.  If this has not received apps area review it should.

Good document.

(Russ Housley) (was Discuss) No Objection

(Cullen Jennings) No Objection

(Chris Newman) No Objection

Comment (2007-06-04 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
While this discusses altering the results from DNS lookups to support
HIP, it doesn't go into the details of whether this is done via one of
the typical OS APIs in use or via a customized DNS server or some
combination.  An interesting issue is that certain high-performance
server applications (typically email and web servers) bypass the
OS-provided DNS APIs and perform DNS lookups directly.  This is
necessary because some OS DNS implementations do not support multiple
lookups in progress at the same time.  So how these mechanisms work
may vary by the application.  There is also the question of applications
which have not yet been upgraded to support IPv6 APIs and the impact
this has on these techniques.  Consider these things to think about if
a revision is made which goes into more technical depth.

(Tim Polk) No Objection

(Dan Romascanu) No Objection

Comment (2007-06-06 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
It would be useful to define either in the Abstract or in the Introduction what is meant by 'legacy applications' in this document (i.e. applications that are not HIP aware running in a HIP-aware system)

(Lisa Dusseault) (was Discuss) Abstain

(David Ward) Recuse