--- 1/draft-ietf-hip-rfc5205-bis-04.txt 2014-07-22 13:14:31.550173918 -0700 +++ 2/draft-ietf-hip-rfc5205-bis-05.txt 2014-07-22 13:14:31.586174795 -0700 @@ -1,19 +1,19 @@ Network Working Group J. Laganier Internet-Draft Luminate Wireless, Inc. -Obsoletes: 5205 (if approved) January 16, 2014 +Obsoletes: 5205 (if approved) July 22, 2014 Intended status: Standards Track -Expires: July 20, 2014 +Expires: January 23, 2015 Host Identity Protocol (HIP) Domain Name System (DNS) Extension - draft-ietf-hip-rfc5205-bis-04 + draft-ietf-hip-rfc5205-bis-05 Abstract This document specifies a new resource record (RR) for the Domain Name System (DNS), and how to use it with the Host Identity Protocol (HIP). This RR allows a HIP node to store in the DNS its Host Identity (HI, the public component of the node public-private key pair), Host Identity Tag (HIT, a truncated hash of its public key), and the Domain Names of its rendezvous servers (RVSs). This document obsoletes RFC5205. @@ -26,21 +26,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on July 20, 2014. + This Internet-Draft will expire on January 23, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -171,22 +171,22 @@ server as a rendezvous point to maintain reachability with possible HIP initiators while moving [RFC5206]. Such a HIP node would publish in the DNS its RVS domain name(s) in a HIP RR, while keeping its RVS up-to-date with its current set of IP addresses. When a HIP node wants to initiate a HIP exchange with a Responder, it will perform a number of DNS lookups. Depending on the type of implementation, the order in which those lookups will be issued may vary. For instance, implementations using HIT in APIs may typically first query for HIP resource records at the Responder FQDN, while - those using an IP address in APIs may typically first query for A and - /or AAAA resource records. + those using an IP address in APIs may typically first query for A + and/or AAAA resource records. In the following, we assume that the Initiator first queries for HIP resource records at the Responder FQDN. If the query for the HIP type was responded to with a DNS answer with RCODE=3 (Name Error), then the Responder's information is not present in the DNS and further queries for the same owner name SHOULD NOT be made. In case the query for the HIP records returned a DNS answer with @@ -489,38 +489,41 @@ base64-encoded-public-key ) 7. Examples In the examples below, the public key field containing no whitespace is wrapped since it does not fit in a single line of this document. Example of a node with HI and HIT but no RVS: www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578 - AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p -9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ -b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D ) + AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI + vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ry + ra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXd + XF5D ) Example of a node with a HI, HIT, and one RVS: www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578 - AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p -9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ -b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D + AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI + vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ry + ra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXd + XF5D rvs.example.com. ) Example of a node with a HI, HIT, and two RVSs: www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578 - AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p -9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ -b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D + AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI + vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ry + ra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXd + XF5D rvs1.example.com. rvs2.example.com. ) 8. Security Considerations This section contains a description of the known threats involved with the usage of the HIP DNS Extension. In a manner similar to the IPSECKEY RR [RFC4025], the HIP DNS Extension allows for the provision of two HIP nodes with the public @@ -629,22 +631,22 @@ 12.1. Normative references [I-D.ietf-hip-rfc5201-bis] Moskowitz, R., Heer, T., Jokela, P., and T. Henderson, "Host Identity Protocol Version 2 (HIPv2)", draft-ietf- hip-rfc5201-bis-14 (work in progress), October 2013. [I-D.ietf-hip-rfc5204-bis] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) - Rendezvous Extension", draft-ietf-hip-rfc5204-bis-03 (work - in progress), December 2013. + Rendezvous Extension", draft-ietf-hip-rfc5204-bis-04 (work + in progress), June 2014. [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987. [RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.