datatracker.ietf.org
Sign in
Version 5.6.2.p6, 2014-09-03
Report a bug

Host Identity Protocol (HIP) Domain Name System (DNS) Extensions
RFC 5205

Document type: RFC - Experimental (April 2008; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5205 (Experimental)
Responsible AD: Mark Townsley
Send notices to: hip-chairs@tools.ietf.org

Network Working Group                                        P. Nikander
Request for Comments: 5205                  Ericsson Research NomadicLab
Category: Experimental                                       J. Laganier
                                                        DoCoMo Euro-Labs
                                                              April 2008

    Host Identity Protocol (HIP) Domain Name System (DNS) Extension

Status of This Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Abstract

   This document specifies a new resource record (RR) for the Domain
   Name System (DNS), and how to use it with the Host Identity Protocol
   (HIP).  This RR allows a HIP node to store in the DNS its Host
   Identity (HI, the public component of the node public-private key
   pair), Host Identity Tag (HIT, a truncated hash of its public key),
   and the Domain Names of its rendezvous servers (RVSs).

Nikander & Laganier           Experimental                      [Page 1]
RFC 5205                   HIP DNS Extension                  April 2008

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Conventions Used in This Document  . . . . . . . . . . . . . .  3
   3.  Usage Scenarios  . . . . . . . . . . . . . . . . . . . . . . .  4
     3.1.  Simple Static Singly Homed End-Host  . . . . . . . . . . .  5
     3.2.  Mobile end-host  . . . . . . . . . . . . . . . . . . . . .  6
   4.  Overview of Using the DNS with HIP . . . . . . . . . . . . . .  8
     4.1.  Storing HI, HIT, and RVS in the DNS  . . . . . . . . . . .  8
     4.2.  Initiating Connections Based on DNS Names  . . . . . . . .  8
   5.  HIP RR Storage Format  . . . . . . . . . . . . . . . . . . . .  9
     5.1.  HIT Length Format  . . . . . . . . . . . . . . . . . . . .  9
     5.2.  PK Algorithm Format  . . . . . . . . . . . . . . . . . . .  9
     5.3.  PK Length Format . . . . . . . . . . . . . . . . . . . . . 10
     5.4.  HIT Format . . . . . . . . . . . . . . . . . . . . . . . . 10
     5.5.  Public Key Format  . . . . . . . . . . . . . . . . . . . . 10
     5.6.  Rendezvous Servers Format  . . . . . . . . . . . . . . . . 10
   6.  HIP RR Presentation Format . . . . . . . . . . . . . . . . . . 10
   7.  Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 12
     8.1.  Attacker Tampering with an Insecure HIP RR . . . . . . . . 12
     8.2.  Hash and HITs Collisions . . . . . . . . . . . . . . . . . 13
     8.3.  DNSSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 13
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 13
   10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 14
   11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
     11.1. Normative references . . . . . . . . . . . . . . . . . . . 14
     11.2. Informative references . . . . . . . . . . . . . . . . . . 15

Nikander & Laganier           Experimental                      [Page 2]
RFC 5205                   HIP DNS Extension                  April 2008

1.  Introduction

   This document specifies a new resource record (RR) for the Domain
   Name System (DNS) [RFC1034], and how to use it with the Host Identity
   Protocol (HIP) [RFC5201].  This RR allows a HIP node to store in the
   DNS its Host Identity (HI, the public component of the node public-
   private key pair), Host Identity Tag (HIT, a truncated hash of its
   HI), and the Domain Names of its rendezvous servers (RVSs) [RFC5204].

   Currently, most of the Internet applications that need to communicate
   with a remote host first translate a domain name (often obtained via
   user input) into one or more IP address(es).  This step occurs prior
   to communication with the remote host, and relies on a DNS lookup.

   With HIP, IP addresses are intended to be used mostly for on-the-wire
   communication between end hosts, while most Upper Layer Protocols
   (ULP) and applications use HIs or HITs instead (ICMP might be an
   example of an ULP not using them).  Consequently, we need a means to
   translate a domain name into an HI.  Using the DNS for this
   translation is pretty straightforward: We define a new HIP resource
   record.  Upon query by an application or ULP for a name to IP address
   lookup, the resolver would then additionally perform a name to HI
   lookup, and use it to construct the resulting HI to IP address
   mapping (which is internal to the HIP layer).  The HIP layer uses the
   HI to IP address mapping to translate HIs and HITs into IP addresses

[include full document text]