Host Identity Payload

Document Proposed charter Host Identity Payload WG (hip-old)
Title Host Identity Payload
Last updated 2003-12-10
State No document state
WG State Concluded
IESG Responsible AD (None)
Charter Edit AD (None)
Send notices to (None)


IP has suffered for the lack of security.  Efforts like IPsec and 
have added various levels of security to IP, but have not addressed 
of the fundamental security deficiencies in IP.  By adding a 
cryptographic Host Identity and a payload for its exchange between two 
hosts, we can greatly enhance the security of IP while addressing a 
fundamental flaw in IP.  This flaw being the lack of a true identity 
a host that is independent of how IP packets are routed to a host.

By adding a Host Identity namespace to the IP protocol, the role of the 
IP address changes to simply a packet forwarding namespace, since all 
the higher protocols are bound to the Host Identity.  This provides for 
cleaner host mobility and addressing realm transition (i.e. NAT) 
methodology.  However, adding a Host Identity provides for a new class 
of Denial Of Service attacks, and thus the Host Identity Payload (HIP) 
and its exchange protocol are carefully crafted to not only avoid 
introducing DOS attacks, but also to lessen the opportunity for the 
existing transport level DOS attacks.