[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: HIP issue



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Watson Ladd wrote:
> What *exactly* are we talking about using HIP for? Node-to-node
> connections, or the connections the client makes to tunnel traffic?

I would say, both.

> For the first one we have TLS.  

Various arguments can be made on HIP vs. TLS discussion. Some people
prefer end-to-end IPsec rather than TLS.

> For the second one, HIP solves the wrong
> problem. We want to authenticate nodes to users, not each to the other.

It is possible to use "anonymous identities" from node side that are not
publicly announced and/or frequently regenerated. There has been
significant work on HIP privacy extensions.

> While HIP is more efficient then TLS, we could use SSH for the
> connections to gain on efficiency.(Talking about the first problem).
> SSH is one of the most scrutinized protocols in existence, so it could
> be a good choice.

Might be so, though TLS/SSH does not support mobility and multihoming,
Denial-of-service protection, and so on. With HIP e.g. IPv6-only Tor
client in China could talk to IPv4 client in EU.

Andrei
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFPKndP7jp0uceFkQRAmn4AJ40kw4LJE/oGyKwlDKFyWqV/v74GgCg2Dhn
b+i/3GCNTwx2f3CjSlsnQnw=
=bsbE
-----END PGP SIGNATURE-----