However, if we aim for the kind of hybrid LISP-HIP-proxy design that
I've been suggesting, I believe that the packet formats could be much
simpler.
I'm not exactly sure how; xTR means IP-in-IP encapsulation.
Were you meaning for it to mean something else?
What I have been trying to describe is taking the LISP architecture
and then replacing some parts of the xTR functionality with proxy-HIP.
With RANGER/VET/SEAL, I am looking for a way for the ITR to
establish sufficient securing state in the ETR through a single
message sent forward before any data messages are sent (i.e.,
a "1-way handshake"). Can HIP do that?
Depends on your security requirements and what you store in your
mapping system.
A very short answer is that if you care about all the security threats
HIP cares about, then if the ETR stores the HIP puzzle into the
mapping system so that the ITR gets the puzzle along the ETR RLOC,
then HIP can do that.
--Pekka
_______________________________________________
rrg mailing list
[email protected]
http://www.irtf.org/mailman/listinfo/rrg
