summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc6537.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc6537.txt')
-rw-r--r--doc/rfc/rfc6537.txt1123
1 files changed, 1123 insertions, 0 deletions
diff --git a/doc/rfc/rfc6537.txt b/doc/rfc/rfc6537.txt
new file mode 100644
index 0000000..4ca011b
--- /dev/null
+++ b/doc/rfc/rfc6537.txt
@@ -0,0 +1,1123 @@
+
+
+
+
+
+
+Internet Research Task Force (IRTF) J. Ahrenholz
+Request for Comments: 6537 The Boeing Company
+Category: Experimental February 2012
+ISSN: 2070-1721
+
+
+ Host Identity Protocol Distributed Hash Table Interface
+
+Abstract
+
+ This document specifies a common interface for using the Host
+ Identity Protocol (HIP) with a Distributed Hash Table (DHT) service
+ to provide a name-to-Host-Identity-Tag lookup service and a Host-
+ Identity-Tag-to-address lookup service.
+
+Status of This Memo
+
+ This document is not an Internet Standards Track specification; it is
+ published for examination, experimental implementation, and
+ evaluation.
+
+ This document defines an Experimental Protocol for the Internet
+ community. This document is a product of the Internet Research Task
+ Force (IRTF). The IRTF publishes the results of Internet-related
+ research and development activities. These results might not be
+ suitable for deployment. This RFC represents the consensus of the
+ HIP Research Group of the Internet Research Task Force (IRTF).
+ Documents approved for publication by the IRSG are not a candidate
+ for any level of Internet Standard; see Section 2 of RFC 5741.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ http://www.rfc-editor.org/info/rfc6537.
+
+Copyright Notice
+
+ Copyright (c) 2012 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document.
+
+
+
+
+
+
+Ahrenholz Experimental [Page 1]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 2. The OpenDHT Interface ...........................................3
+ 3. HDRR - The HIP DHT Resource Record ..............................6
+ 4. HIP Lookup Services .............................................8
+ 4.1. HIP Name to HIT Lookup .....................................9
+ 4.2. HIP Address Lookup ........................................12
+ 5. Use Cases ......................................................15
+ 6. Issues with DHT Support ........................................16
+ 7. Security Considerations ........................................17
+ 8. IANA Considerations ............................................18
+ 9. Acknowledgments ................................................18
+ 10. References ....................................................19
+ 10.1. Normative References .....................................19
+ 10.2. Informative References ...................................19
+
+1. Introduction
+
+ The Host Identity Protocol (HIP) [RFC5201] may benefit from a lookup
+ service based on Distributed Hash Tables (DHTs). The Host Identity
+ namespace is flat, consisting of public keys, in contrast to the
+ hierarchical Domain Name System (DNS). These keys are hashed and
+ prefixed to form Host Identity Tags (HITs), which appear as large
+ random numbers. As the current DNS system has been heavily optimized
+ for address lookup, it may be worthwhile to experiment with other
+ services such as those defined here. DHTs manage such data well by
+ applying a hash function that distributes data across a number of
+ servers. DHTs are also designed to be updated more frequently than a
+ DNS-based approach. For an alternative method of using HITs to look
+ up IP addresses using DNS, see [HIT2IP].
+
+ One freely available implementation of a DHT is the Bamboo DHT, which
+ is Java-based software that has been deployed on PlanetLab servers to
+ form a free service named OpenDHT. OpenDHT was available via the
+ Internet for any program to store and retrieve arbitrary data.
+ OpenDHT used a well-defined Extensible Markup Language-Remote
+ Procedure Calling (XML-RPC) interface, featuring put, get, and remove
+ operations. OpenLookup, while not implemented as a DHT, is another
+ deployment of open source software compatible with this OpenDHT
+ interface. This document discusses a common way for HIP to use this
+ OpenDHT interface, so that various HIP experimenters may employ
+ lookup services in an interoperable fashion.
+
+ This document is a product of the HIP research group (RG) of the
+ IRTF. The HIP research group reached consensus that this interface
+ specification should be published as an Experimental RFC, based on
+
+
+
+
+Ahrenholz Experimental [Page 2]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ document review by at least six RG members including the chairs, and
+ based on implementation experience. This document is not an IETF
+ product and is not a standard.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+2. The OpenDHT Interface
+
+ OpenDHT [OPENDHT] was a public deployment of Bamboo DHT servers that
+ ran on about 150 PlanetLab nodes, and was retired in July 2009.
+ While the Bamboo project provided the actual software running on the
+ servers, here we will refer only to OpenDHT, which uses a certain
+ defined interface for the XML-RPC calls. Another service compatible
+ with this interface is OpenLookup. One can run their own Bamboo
+ nodes to set up a private ring of servers.
+
+ OpenDHT was chosen because it was a well-known, publicly available
+ DHT used within the research community. Its interface features a
+ simple, standards-based protocol that can be easily implemented by
+ HIP developers. This document does not aim to dictate that only the
+ services and servers described here should be used, but is rather
+ meant to act as a starting point to gain experience with these
+ services, choosing tools that are readily available.
+
+ OpenDHT stores values and indexes those values by using (hash) keys.
+ Keys are limited to 20 bytes in length, and values can be up to 1024
+ bytes. Values are stored for a certain number of seconds, up to a
+ maximum of 604,800 seconds (one week.) For more information, see the
+ OpenDHT website: <http://www.opendht.org/>.
+
+ Three RPC operations are supported: put, get, and rm (remove). Put
+ is called with key and value parameters, causing the value to be
+ stored using the key as its hash index. Get is called with the key
+ parameter, when you have a key and want to retrieve the value. Rm is
+ called with a hash of the value to be removed along with a secret
+ value, a hash of which was included in the put operation.
+
+ The definitions below are taken from the OpenDHT users guide at
+ <http://opendht.org/users-guide.html>.
+
+
+
+
+
+
+
+
+
+
+Ahrenholz Experimental [Page 3]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ The put operation takes the following arguments:
+
+ +----------------+--------------------------------------+
+ | field | type |
+ +----------------+--------------------------------------+
+ | application | string |
+ | | |
+ | client_library | string |
+ | | |
+ | key | byte array, 20 bytes max. |
+ | | |
+ | value | byte array, 1024 bytes max. |
+ | | |
+ | ttl_sec | four-byte integer, max. value 604800 |
+ | | |
+ | secret_hash | optional SHA-1 hash of secret value |
+ +----------------+--------------------------------------+
+
+ The server replies with an integer -- 0 for "success", 1 if it is
+ "over capacity", and 2 indicating "try again". The return code 3
+ indicates "failure" and is used for a modified OpenDHT server that
+ performs signature and HIT verification, see Section 3.
+
+ The get operation takes the following arguments:
+
+ +----------------+---------------------------------------------+
+ | field | type |
+ +----------------+---------------------------------------------+
+ | application | string |
+ | | |
+ | client_library | string |
+ | | |
+ | key | byte array, 20 bytes max. |
+ | | |
+ | maxvals | four-byte singed integer, max. value 2^31-1 |
+ | | |
+ | placemark | byte array, 100 bytes max. |
+ +----------------+---------------------------------------------+
+
+ The server replies with an array of values, and a placemark that can
+ be used for fetching additional values.
+
+
+
+
+
+
+
+
+
+
+Ahrenholz Experimental [Page 4]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ The rm operation takes the following arguments:
+
+ +----------------+----------------------------------------------+
+ | field | type |
+ +----------------+----------------------------------------------+
+ | application | string |
+ | | |
+ | client_library | string |
+ | | |
+ | key | byte array, 20 bytes max. |
+ | | |
+ | value_hash | SHA-1 hash of value to remove |
+ | | |
+ | ttl_sec | four-byte integer, max. value 604800 |
+ | | |
+ | secret | secret value (SHA-1 of this was used in put) |
+ +----------------+----------------------------------------------+
+
+ The server replies with an integer -- 0 for "success", 1 if it is
+ "over capacity", and 2 indicating "try again".
+
+ This is the basic XML-RPC interface provided by OpenDHT. Each
+ "field" from the above tables are XML tags that enclose their
+ corresponding values. The key is a byte array used to index the
+ record for storage and retrieval from the DHT. The value is a byte
+ array of the data being stored in the DHT. The application and
+ client_library fields are metadata used only for logging purposes.
+ The ttl_sec field specifies the number of seconds that the DHT should
+ store the value. The secret_hash field allows values to be later
+ removed from the DHT. The maxvals and placemark fields are for
+ retrieving a maximum number of values and for iterating get results.
+
+ The return code of 0 "success" indicates a successful put or remove
+ operation. The return code of 1 "over capacity" means that a client
+ is using too much storage space on the server. The return value of 2
+ "try again" indicates that the client should retry the put operation
+ because a temporary problem prevented the server from accepting the
+ put.
+
+ In the sections that follow, specific uses for these DHT operations
+ and their XML fields are suggested for use with HIP.
+
+
+
+
+
+
+
+
+
+
+Ahrenholz Experimental [Page 5]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+3. HDRR - The HIP DHT Resource Record
+
+ The two lookup services described in this document use a HIP DHT
+ Resource Record (HDRR) defined in this section. This record is a
+ wrapper around data contained in TLVs, similar to a HIP control
+ packet. The data contained in each HDRR differs between the two
+ services.
+
+ The HDRR uses the same binary format as HIP packets (defined in
+ [RFC5201].) This packet encoding is used as a convenience, even
+ though this data is actually a resource record stored and retrieved
+ by the DHT servers, not a packet sent on the wire by a HIP protocol
+ daemon. Note that this HDRR format is different than the HIP RR used
+ by the Domain Name System as defined in [RFC5205]. The reason it is
+ different is that it is a different record from a functional point of
+ view: in DNS, the query key is a Fully Qualified Domain Name (FQDN),
+ and the return value is a HIT, while here, the query key is a HIT.
+
+ HIP header values for the HDRR:
+
+ HIP Header:
+ Packet Type = 20 DHT Resource Record
+ SRC HIT = Sender's HIT
+ DST HIT = NULL
+
+ HDRR used with HIT lookup:
+ HIP ( [CERT] )
+
+ HDRR used with address lookup:
+ HIP ( LOCATOR, SEQ, HOST_ID, [CERT], HIP_SIGNATURE )
+
+ The Initiator HIT (Sender's HIT, SRC HIT) MUST be set to the HIT that
+ the host wishes to make available using the lookup service. With the
+ HIT lookup service, this is the main piece of information returned by
+ a get operation. For the address lookup service, this HIT MUST be
+ the same one used to derive the HIT_KEY used as the DHT key. The
+ Responder HIT (Receiver's HIT, DST HIT) MUST be NULL (all zeroes)
+ since the data is intended for any host.
+
+ The only other TLV used with the HIT lookup service is an optional
+ CERT parameter containing a certificate for validating the name that
+ is used as the DHT key. The CERT parameter is defined in [RFC6253].
+ The DHT server SHOULD use the certificate to verify that the client
+ is authorized to use the name used for the DHT key, using the hash of
+ the name found in the certificate. The Common Name (CN) field from
+ the Distinguished Name (DN) of the X.509.v3 certificate MUST be used.
+ Which certificates are considered trusted is a local policy issue.
+
+
+
+
+Ahrenholz Experimental [Page 6]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ The remaining parameters described here are used with the address
+ lookup service.
+
+ The LOCATOR parameter contains the addresses that the host wishes to
+ make available using the lookup service. A host MAY publish its
+ current preferred IPv4 and IPv6 locators, for example.
+
+ The SEQ parameter contains an unsigned 32-bit sequence number, the
+ Update ID. This is typically initialized to zero and incremented by
+ one for each new HDRR that is published by the host. The host SHOULD
+ retain the last Update ID value it used for each HIT across reboots,
+ or perform a self lookup in the DHT. The Update ID value may be
+ retained in the DHT records and will determine the preferred address
+ used by peers.
+
+ The HOST_ID parameter contains the Host Identity that corresponds
+ with the Sender's HIT. (The encoding of this parameter is defined in
+ Section 5.2.8 of [RFC5201].)
+
+ The HOST_ID parameter and HIP_SIGNATURE parameter MUST be used with
+ the HDRR so that HIP clients receiving the record can validate the
+ sender and the included LOCATOR parameter. The HIT_KEY used for the
+ DHT key will also be verified against the Host Identity.
+
+ The client that receives the HDRR from the DHT response MUST perform
+ the signature and HIT_KEY verification. If the signature is invalid
+ for the given Host Identity or the HIT_KEY used to retrieve the
+ record does not match the Host Identity, the DHT record retrieved
+ MUST be ignored. Note that for client-only verification, the DHT
+ server does not need to be modified.
+
+ The Sender's HIT in the HDRR MUST correspond with the key used for
+ the lookup and Host Identity verification. The Receiver's HIT MUST
+ be NULL (all zeroes) in the HDRR header.
+
+ When several HDRR records are returned by the server, the client
+ SHOULD pick the most recent record as indicated by the Update ID in
+ the SEQ TLV of the HDRR and perform verification on that record. The
+ order in which records are returned should not be considered.
+
+ The DHT server MAY also verify the SIGNATURE and HOST_ID, with some
+ modifications to the Bamboo DHT software and a new return code with
+ the OpenDHT interface. The signature in the put MUST be verified
+ using the given Host Identity (public key), and the HIT_KEY provided
+ as the lookup key MUST match this Host Identity according to the
+ Overlay Routable Cryptographic Hash Identifiers (ORCHID) generation
+ method defined by [RFC4843]. If either signature or HIT verification
+
+
+
+
+Ahrenholz Experimental [Page 7]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ fails, the put MUST not be recorded into the DHT, and the server
+ returns a failure code. The failure code is an additional return
+ code not defined by OpenDHT, with a value of 3.
+
+ This server-side verification of records could introduce a source of
+ a denial-of-service attack. The server policy could require clients
+ to have an active HIP association. See Section 7 for further
+ discussion.
+
+4. HIP Lookup Services
+
+ This document defines a HIT lookup and address lookup service for use
+ with HIP. The HIT lookup uses a text name to discover a peer's HIT.
+ The address lookup uses a peer's HIT to discover its current
+ addresses.
+
+ The two lookups are defined below. The abbreviated notation refers
+ to the HIP parameter types; for example, HIP_SIG is the HIP signature
+ parameter defined by [RFC5201].
+
+ HDRR([CERT]) = get(SHA-1("name"))
+ HDRR(LOCATOR, SEQ, HOST_ID, [CERT], HIP_SIG) = get(HIT_KEY)
+
+ The HIT lookup service returns the Host Identity Tag of a peer given
+ a name. The name SHOULD be the FQDN, hostname, or some other alias.
+ This HIT is found in the Sender's HIT field of the HDRR. The HIT is
+ the hash of the public-key-based Host Identity as described in
+ [RFC5201]. There are no security properties of the name, unlike the
+ HIT. An optional certificate MAY be included in the record, for
+ validating the name, providing some measure of security. Which
+ certificates are considered trusted is a local policy issue. This
+ service is intended for use when legacy DNS servers do not support
+ HIP resource records, or when hosts do not have administrative access
+ to publish their own DNS records. Such an unmanaged naming service
+ may help facilitate experimentation.
+
+ The address lookup returns a locator and other validation data in the
+ HDRR for a given HIT. Before a HIP association can be initiated (not
+ in opportunistic mode), a HIP host needs to know the peer's HIT and
+ the current address at which the peer is reachable. Often the HIT
+ will be pre-configured, available via DNS lookup using a hostname
+ lookup [RFC5205], or retrieved using the HIT lookup service defined
+ in this document. With HIP mobility [RFC5206], IP addresses may be
+ used as locators and may often change. The Host Identity and the HIT
+ remain relatively constant and can be used to securely identify a
+ host, so the HIT serves as a suitable DHT key for storing and
+ retrieving addresses.
+
+
+
+
+Ahrenholz Experimental [Page 8]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ The address lookup service includes the peer's Host Identity and a
+ signature over the locators. This allows the DHT client or server to
+ validate the address information stored in the DHT.
+
+ These two separate lookups are defined instead of one because the
+ address record is expected to change more frequently, while the name-
+ to-HIT binding should remain relatively constant. For example, local
+ policy may specify checking the name-to-HIT binding on a daily basis,
+ while the address record is updated hourly for active peers. Also,
+ the client and server validation of the two records is different,
+ with the HIT lookup using certificates verifying the name and the
+ address lookup using a signature produced by the bearer of a
+ particular Host Identity/HIT.
+
+ These services reduce the amount of pre-configuration required at
+ each HIP host. The address of each peer no longer needs to be known
+ ahead of time, if peers also participate by publishing their
+ addresses. If peers choose to publish their HITs with a name, peer
+ HITs also no longer require pre-configuration. However, discovering
+ an available DHT server for servicing these lookups will require some
+ additional configuration.
+
+4.1. HIP Name to HIT Lookup
+
+ Given the SHA-1 hash of a name, a lookup returns the HIT of the peer.
+ The hash of a name is used because OpenDHT keys are limited to 20
+ bytes, so this allows for longer names. Publish, lookup, and remove
+ operations are defined below.
+
+ HDRR([CERT]) = get(SHA-1("name"))
+ put(SHA-1("name"), HDRR([CERT]), [SHA-1(secret)])
+ rm(SHA-1("name"), SHA-1(HDRR), secret)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Ahrenholz Experimental [Page 9]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ HIT publish
+
+ +----------------+----------------------------------------+---------+
+ | field | value | data |
+ | | | type |
+ +----------------+----------------------------------------+---------+
+ | application | "hip-name-hit" | string |
+ | | | |
+ | client_library | (implementation dependent) | string |
+ | | | |
+ | key | SHA-1 hash of a name | base64 |
+ | | | encoded |
+ | | | |
+ | value | HDRR([CERT]), with the HIT to be | base64 |
+ | | published contained in the Sender's | encoded |
+ | | HIT field of the HDRR, and an optional | |
+ | | certificate for validating the name | |
+ | | used as the key | |
+ | | | |
+ | ttl_sec | lifetime for this record, value from | numeric |
+ | | 0-604800 seconds | string |
+ | | | |
+ | secret_hash | optional SHA-1 hash of secret value | base64 |
+ | | | encoded |
+ +----------------+----------------------------------------+---------+
+
+ HIT lookup
+
+ +----------------+---------------------------------+----------------+
+ | field | value | data type |
+ +----------------+---------------------------------+----------------+
+ | application | "hip-name-hit" | string |
+ | | | |
+ | client_library | (implementation dependent) | string |
+ | | | |
+ | key | SHA-1 hash of a name | base64 encoded |
+ | | | |
+ | maxvals | (implementation dependent) | numeric string |
+ | | | |
+ | placemark | (NULL, or used from server | base64 encoded |
+ | | reply) | |
+ +----------------+---------------------------------+----------------+
+
+
+
+
+
+
+
+
+
+Ahrenholz Experimental [Page 10]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ HIT remove (optional)
+
+ +----------------+----------------------------------------+---------+
+ | field | value | data |
+ | | | type |
+ +----------------+----------------------------------------+---------+
+ | application | "hip-name-hit" | string |
+ | | | |
+ | client_library | (implementation dependent) | string |
+ | | | |
+ | key | SHA-1 hash of a name | base64 |
+ | | | encoded |
+ | | | |
+ | value_hash | SHA-1 hash of HDRR (value used during | base64 |
+ | | publish) to remove | encoded |
+ | | | |
+ | ttl_sec | lifetime for the remove should be | numeric |
+ | | greater than or equal to the amount of | string |
+ | | time remaining for the record | |
+ | | | |
+ | secret | secret value (SHA-1 of this was used | base64 |
+ | | in put) | encoded |
+ +----------------+----------------------------------------+---------+
+
+ The key for both HIT publish and lookup is the SHA-1 hash of the
+ name. The name does not necessarily need to be associated with a
+ valid DNS or host name. It does not need to be related to the Domain
+ Identifier found in the HI TLV. OpenDHT limits the keys to 20 bytes
+ in length, so the SHA-1 hash is used to allow arbitrary name lengths.
+
+ The value used in the publish and lookup response MUST be the base64-
+ encoded HDRR containing the HIT, and MAY include an optional
+ certificate. The HIT MUST be stored in the Sender's HIT field in the
+ HDRR header and is a 128-bit value that can be identified as a HIT
+ both by its length and by the ORCHID prefix [RFC4843] that it starts
+ with.
+
+ If a certificate is included in this HIT record, the name used for
+ the DHT key MUST be listed in the certificate. The CERT parameter is
+ defined in [RFC6253]. The Common Name (CN) field from the
+ Distinguished Name (DN) of the X.509.v3 certificate MUST be used.
+ The server can hash this name to verify it matches the DHT key.
+
+ The ttl_sec field specifies the number of seconds requested by the
+ client that the entry should be stored by the DHT server, which is
+ implementation or policy dependent.
+
+
+
+
+
+Ahrenholz Experimental [Page 11]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ The secret_hash is an optional field used with HIT publish if the
+ value will later be removed with an rm operation. It is RECOMMENDED
+ that clients support these rm operations for the values they publish.
+ The secret_hash contains the base64-encoded SHA-1 hash of some secret
+ value known only to the publishing host. A different secret value
+ SHOULD be used for each put because rm requests are visible on the
+ network. The max_vals and placemark fields used with the HIT lookup
+ are defined by the get XML-RPC interface.
+
+4.2. HIP Address Lookup
+
+ Given a HIT, a lookup returns the IP address of the peer. The
+ address is contained in a LOCATOR TLV inside the HDRR, along with
+ other validation data. This interface has publish, lookup, and
+ remove operations. A summary of these three operations is listed
+ below. The abbreviated notation refers to the HIP parameter types;
+ for example, HIP_SIG is the HIP signature parameter defined by
+ [RFC5201]. The details of these DHT operations is then described in
+ greater detail.
+
+ HDRR(LOCATOR, SEQ, HOST_ID, [CERT], HIP_SIG) = get(HIT_KEY)
+ put(HIT_KEY, HDRR(LOCATOR, SEQ, HOST_ID, [CERT], HIP_SIG),
+ [SHA-1(secret)])
+ rm(HIT_KEY, SHA-1(HDRR), secret)
+
+ The HDRR is defined in Section 3. It contains one or more locators
+ that the peer wants to publish, a sequence number, the peer's Host
+ Identity, an optional certificate, and a signature over the contents.
+
+ The HIT_KEY is comprised of the last 100 bits of the HIT appended
+ with 60 zero bits. This is the portion of the HIT used as a DHT key.
+ The last 100 bits are used to avoid uneven distribution of the stored
+ values across the DHT servers. The HIT's ORCHID Prefix (defined by
+ [RFC4843]) is comprised of the first 28 bits, and this prefix is
+ dropped because it is the same for all HITs, which would cause this
+ uneven distribution. Zero padding is appended to this 100-bit value
+ to fill the length required by the DHT, 160 bits total.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Ahrenholz Experimental [Page 12]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ Address publish
+
+ +----------------+----------------------------------------+---------+
+ | field | value | data |
+ | | | type |
+ +----------------+----------------------------------------+---------+
+ | application | "hip-addr" | string |
+ | | | |
+ | client_library | (implementation dependent) | string |
+ | | | |
+ | key | HIT_KEY | base64 |
+ | | | encoded |
+ | | | |
+ | value | HDRR(LOCATOR, SEQ, HOST_ID, [CERT], | base64 |
+ | | HIP_SIG), with the IP address to be | encoded |
+ | | published contained in the LOCATOR TLV | |
+ | | in the HDRR, along with other | |
+ | | validation data | |
+ | | | |
+ | ttl_sec | amount of time HDRR should be valid, | numeric |
+ | | or the lifetime of the preferred | string |
+ | | address, a value from 0-604800 seconds | |
+ | | | |
+ | secret_hash | optional SHA-1 hash of secret value | base64 |
+ | | | encoded |
+ +----------------+----------------------------------------+---------+
+
+ Address lookup
+
+ +----------------+---------------------------------+----------------+
+ | field | value | data type |
+ +----------------+---------------------------------+----------------+
+ | application | "hip-addr" | string |
+ | | | |
+ | client_library | (implementation dependent) | string |
+ | | | |
+ | key | HIT_KEY | base64 encoded |
+ | | | |
+ | maxvals | (implementation dependent) | numeric string |
+ | | | |
+ | placemark | (NULL, or used from server | base64 encoded |
+ | | reply) | |
+ +----------------+---------------------------------+----------------+
+
+
+
+
+
+
+
+
+Ahrenholz Experimental [Page 13]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ Address remove (optional)
+
+ +----------------+-------------------------------------+------------+
+ | field | value | data type |
+ +----------------+-------------------------------------+------------+
+ | application | "hip-addr" | string |
+ | | | |
+ | client_library | (implementation dependent) | string |
+ | | | |
+ | key | HIT_KEY | base64 |
+ | | | encoded |
+ | | | |
+ | value_hash | SHA-1 hash of HDRR (value used | base64 |
+ | | during publish) to remove | encoded |
+ | | | |
+ | ttl_sec | old address lifetime | numeric |
+ | | | string |
+ | | | |
+ | secret | secret value (SHA-1 of this was | base64 |
+ | | used in put) | encoded |
+ +----------------+-------------------------------------+------------+
+
+ The application and client_library fields are used for logging in
+ OpenDHT. The client_library may vary between different
+ implementations, specifying the name of the XML-RPC library used or
+ the application that directly makes XML-RPC calls.
+
+ The key used with the address lookup and with publishing the address
+ is the HIT_KEY as defined above, 160 bits base64 encoded [RFC2045].
+ The value used in the publish and lookup response is the base64-
+ encoded HDRR containing one or more LOCATORs.
+
+ The ttl_sec field used with address publish indicates the time-to-
+ live (TTL). This is the number of seconds for which the entry will
+ be stored by the DHT. The TTL SHOULD be set to the number of seconds
+ remaining in the address lifetime.
+
+ The secret_hash is an optional field that MAY be used with address
+ publish if the value will later be removed with an rm operation. The
+ secret_hash contains the base64-encoded SHA-1 hash of some secret
+ value that MUST be known only to the publishing host. Clients SHOULD
+ include the secret_hash and remove outdated values to reduce the
+ amount of data the peer needs to handle. A different secret value
+ SHOULD be used for each put because rm requests are visible on the
+ network.
+
+
+
+
+
+
+Ahrenholz Experimental [Page 14]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ The max_vals and placemark fields used with address lookup are
+ defined by the get XML-RPC interface. The get operation needs to
+ know the maximum number of values to retrieve. The placemark is a
+ value found in the server reply that causes the get to continue to
+ retrieve values starting where it left off.
+
+5. Use Cases
+
+ Below are some suggestions of when a HIP implementation MAY want to
+ use the HIT and address lookup services.
+
+ To learn of a peer's HIT, a host might first consult DNS using the
+ peer's hostname if the DNS server supports the HIP resource record
+ defined by [RFC5205]. Sometimes hosts do not have administrative
+ authority over their DNS entries and/or the DNS server is not able to
+ support HIP resource records. Hosts may want to associate other non-
+ DNS names with their HITs. For these and other reasons, a host MAY
+ use the HIT publish service defined in Section 4.1. The peer HIT may
+ be learned by performing a DHT lookup of such a name.
+
+ Once a peer HIT is learned or configured, an address lookup MAY be
+ performed so that the LOCATORs can be cached and immediately
+ available for when an association is requested. Implementations
+ might load a list of peer HITs on startup, resulting in several
+ lookups that can take some time to complete.
+
+ However, cached LOCATORs may quickly become obsolete, depending on
+ how often the peer changes its preferred address. Performing an
+ address lookup before sending the I1 may be needed. At this time,
+ the latency of a lookup may be intolerable, and a lookup could
+ instead be performed after the I1 retransmission timer fires -- when
+ no R1 reply has been received -- to detect any change in address.
+
+ A HIP host SHOULD publish its preferred LOCATORs upon startup, so
+ other hosts may determine where it is reachable. The host SHOULD
+ periodically refresh its HDRR entry because each entry carries a TTL
+ and will eventually expire. Also, when there is a change in the
+ preferred address, usually associated with sending UPDATE packets
+ with included locator parameters, the host SHOULD update its HDRR
+ with the DHT. The old HDRR SHOULD be removed using the rm operation,
+ if a secret value was used in the put.
+
+ Addresses from the private address space SHOULD NOT be published to
+ the DHT. If the host is located behind a NAT, for example, the host
+ could publish the address of its Rendezvous Server (RVS, from
+ [RFC5204]) to the DHT if that is how it is reachable. In this case,
+ however, a peer could instead simply use the RVS field of the NATed
+ host's HIP DNS record, which would eliminate a separate DHT lookup.
+
+
+
+Ahrenholz Experimental [Page 15]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ A HIP host SHOULD also publish its HIT upon startup or whenever a new
+ HIT is configured, for use with the HIT lookup service, if desired.
+ The host SHOULD first check if the name already exists in the DHT by
+ performing a lookup, to avoid interfering with an existing name-to-
+ HIT mapping. The name-to-HIT binding needs to be refreshed
+ periodically before the TTL expires.
+
+ When publishing data to the DHT server, care should be taken to check
+ the response from the server. The server may respond with an "over
+ capacity" code, indicating that its resources are too burdened to
+ honor the given size and TTL. The host SHOULD then select another
+ server for publishing or reduce the TTL and retry the put operation.
+
+6. Issues with DHT Support
+
+ The DHT put operation does not replace existing values. If a host
+ does not remove its old HDRR before adding another, several entries
+ may be present. A client performing a lookup SHOULD determine the
+ most recent address based on the Update ID from the SEQ TLV of the
+ HDRR. The order of values returned in the server's response may not
+ be guaranteed. Before performing each put, a host SHOULD remove its
+ old HDRR data using the rm operation.
+
+ In the case of the HIT lookup service, there is nothing preventing
+ different hosts from publishing the same name. A lookup performed on
+ this name will return multiple HITs that belong to different devices.
+ The server may enforce a policy that requires clients to include a
+ certificate when publishing a HIT, and only store HITs with a name
+ that has been authorized by some trusted certificate. Otherwise,
+ this is an unmanaged free-for-all service, and it is RECOMMENDED that
+ a host simply pick another name.
+
+ Selecting an appropriate DHT server to use is not covered here. If a
+ particular server becomes unavailable, the connect will timeout and
+ some server selection algorithm SHOULD be performed, such as trying
+ the next server in a configured list. OpenDHT formerly provided a
+ DNS-based anycast service; when one performed a lookup of
+ "opendht.nyuld.net", it returned the two nearest OpenDHT servers.
+
+ The latency involved with the DHT put and get operations should be
+ considered when using these services with HIP. The calls rely on
+ servers that may be located across the Internet and may trigger
+ communications between servers that add delay. The DHT operations
+ themselves may be slow to produce a response.
+
+ The maximum size of 1024 bytes for the value field will limit the
+ maximum size of the Host Identity and certificates that may be used
+ within the HDRR.
+
+
+
+Ahrenholz Experimental [Page 16]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+7. Security Considerations
+
+ There are two classes of attacks on this information exchange between
+ the host and DHT server: attacks on the validity of the information
+ provided by the DHT to the host (such as a spoofed DHT response) and
+ attacks on the DHT records themselves (such as polluted records for a
+ given key). Without the server performing some measure of
+ verification, not much can be done to prevent these attacks.
+
+ For the HIT lookup based on a name (Section 4.1), there are no
+ guarantees on the validity of the HIT. Users concerned with the
+ validity of HITs found in the DHT SHOULD simply exchange HITs out-of-
+ band with peers. Including a signature will not help here because
+ the HIT that identifies the Host Identity for signing is not known
+ ahead of time. A certificate MAY be included with the HIT, which
+ guarantees that the name used for the lookup has been authorized by
+ some third-party authority. Which certificates are considered
+ trusted is a local policy issue.
+
+ For the address lookup based on HIT (Section 4.2), the validity of
+ the DHT response MUST be checked with the HOST_ID and SIGNATURE
+ parameters in the HDRR. A HIP initiating host SHOULD also validate
+ the DHT response after the R1 message is received during a HIP
+ exchange. The Host Identity provided in the R1 can be hashed to
+ obtain a HIT that MUST be checked against the original HIT. However,
+ a legacy OpenDHT service without server modifications does not
+ prevent an attacker from polluting the DHT records for a known HIT,
+ thereby causing a denial-of-service attack, since server validation
+ is not performed.
+
+ Relying solely on client validation may be harmful. An attacker can
+ replay the put packets containing the signed HDRR, possibly causing
+ stale or invalid information to exist in the DHT. If an attacker
+ replays the signed put message and changes some aspect each time, and
+ if the server is not performing signature and HIT validation, there
+ could be a multitude of invalid entries stored in the DHT. When a
+ client retrieves these records, it would need to perform signature
+ and HIT verification on each one, which could cause unacceptable
+ amounts of delay or computation.
+
+ To protect against this type of attack, the DHT server SHOULD perform
+ signature and HIT verification of each put operation as described in
+ Section 3. Another option would be the server running HIP itself and
+ requiring client authentication with a HIP association before
+ accepting HDRR puts. Further validation would be only accepting HIT
+ and address records from the association bound to the same HIT.
+
+
+
+
+
+Ahrenholz Experimental [Page 17]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+ Performing server-side verification adds to the processing burden of
+ the DHT server and may be a source for a denial-of-service attack.
+ Requiring a HIP association before accepting HDRR puts may help here.
+ The HIT verification is less computationally intensive by design,
+ using a hash algorithm. Certificate validation (for name lookups)
+ and signature verification (for HDRRs) may cause unacceptable amounts
+ of computation. A server may rate limit the number of puts that it
+ allows.
+
+ The SHA-1 message digest algorithm is used in two ways in this
+ document, and the security of using this algorithm should be
+ considered within the context of [RFC6194]. The first use is with
+ the OpenDHT put and remove operations, described in Section 2, and
+ the second is to reduce the size of the name string for the HIT
+ lookup service in Section 4.1.
+
+ The first use is intended to protect the secret values used to store
+ records in the DHT as described by the OpenDHT interface. An
+ attacker would be able to remove a record, after capturing the
+ plaintext put, if a secret value could be found that produces the
+ same secret hash. The purpose of this document is to maintain
+ interoperable compatibility with that interface, which prescribes the
+ use of SHA-1. Future revisions of that interface should consider
+ hash algorithm agility. The OpenDHT FAQ states that future support
+ for other hash algorithms is planned.
+
+ The second use of the SHA-1 algorithm is to reduce the arbitrarily
+ sized name strings to fit the fixed OpenDHT key size. No security
+ properties of the SHA-1 algorithm are used in this context.
+
+8. IANA Considerations
+
+ This document defines a new HIP Packet Type, the "HIP Distributed
+ Hash Table Resource Record (HDRR)". This packet type is defined in
+ Section 3 with a value of 20.
+
+9. Acknowledgments
+
+ Thanks to Tom Henderson, Samu Varjonen, Andrei Gurtov, Miika Komu,
+ Kristian Slavov, Ken Rimey, Ari Keranen, and Martin Stiemerling for
+ providing comments. Samu most notably contributed the resolver
+ packet and its suggested parameters, which became the HDRR here.
+
+
+
+
+
+
+
+
+
+Ahrenholz Experimental [Page 18]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+10. References
+
+10.1. Normative References
+
+ [OPENDHT] Rhea, S., Godfrey, B., Karp, B., Kubiatowicz, J.,
+ Ratnasamy, S., Shenker, S., Stocia, I., and H. Yu,
+ "OpenDHT: A Public DHT Service and Its Uses", Proceedings
+ of ACM SIGCOMM 2005, August 2005.
+
+ [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
+ Extensions (MIME) Part One: Format of Internet Message
+ Bodies", RFC 2045, November 1996.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC4843] Nikander, P., Laganier, J., and F. Dupont, "An IPv6 Prefix
+ for Overlay Routable Cryptographic Hash Identifiers
+ (ORCHID)", RFC 4843, April 2007.
+
+ [RFC5201] Moskowitz, R., Nikander, P., Jokela, P., and T. Henderson,
+ "Host Identity Protocol", RFC 5201, April 2008.
+
+ [RFC5205] Nikander, P. and J. Laganier, "Host Identity Protocol
+ (HIP) Domain Name System (DNS) Extensions", RFC 5205,
+ April 2008.
+
+ [RFC6194] Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security
+ Considerations for the SHA-0 and SHA-1 Message-Digest
+ Algorithms", RFC 6194, March 2011.
+
+ [RFC6253] Heer, T. and S. Varjonen, "Host Identity Protocol
+ Certificates", RFC 6253, May 2011.
+
+10.2. Informative References
+
+ [HIT2IP] Ponomarev, O. and A. Gurtov, "Embedding Host Identity Tags
+ Data in DNS", Work in Progress, July 2009.
+
+ [RFC5204] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP)
+ Rendezvous Extension", RFC 5204, April 2008.
+
+ [RFC5206] Nikander, P., Henderson, T., Vogt, C., and J. Arkko, "End-
+ Host Mobility and Multihoming with the Host Identity
+ Protocol", RFC 5206, April 2008.
+
+
+
+
+
+
+Ahrenholz Experimental [Page 19]
+
+RFC 6537 HIP DHT Interface February 2012
+
+
+Author's Address
+
+ Jeff Ahrenholz
+ The Boeing Company
+ P.O. Box 3707
+ Seattle, WA
+ USA
+
+ EMail: jeffrey.m.ahrenholz@boeing.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Ahrenholz Experimental [Page 20]
+