Network Working Group                                       R. Moskowitz
Request for Comments: 4423     ICSA Labs, a division of Cybertrust, Inc.
Category: Informational                                      P. Nikander
                                           Ericsson Research Nomadic Lab
                                                                May 2006
        
Network Working Group                                       R. Moskowitz
Request for Comments: 4423     ICSA Labs, a division of Cybertrust, Inc.
Category: Informational                                      P. Nikander
                                           Ericsson Research Nomadic Lab
                                                                May 2006
        

Host Identity Protocol (HIP) Architecture

主机标识协议(HIP)体系结构

Status of This Memo

关于下段备忘

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2006).

版权所有(C)互联网协会(2006年)。

Abstract

摘要

This memo describes a snapshot of the reasoning behind a proposed new namespace, the Host Identity namespace, and a new protocol layer, the Host Identity Protocol (HIP), between the internetworking and transport layers. Herein are presented the basics of the current namespaces, their strengths and weaknesses, and how a new namespace will add completeness to them. The roles of this new namespace in the protocols are defined. The memo describes the thinking of the authors as of Fall 2003. The architecture may have evolved since. This document represents one stable point in that evolution of understanding.

本备忘录描述了拟议的新名称空间(主机标识名称空间)和新协议层(主机标识协议(HIP))背后的原因,该协议层位于网络互连层和传输层之间。本文介绍了当前名称空间的基础、它们的优点和缺点,以及新名称空间将如何为它们添加完整性。定义了这个新名称空间在协议中的角色。备忘录描述了作者截至2003年秋天的想法。从那时起,架构可能已经发生了变化。本文件代表了理解演变过程中的一个稳定点。

Table of Contents

目录

   1. Disclaimer ......................................................2
   2. Introduction ....................................................2
   3. Terminology .....................................................4
      3.1. Terms Common to Other Documents ............................4
      3.2. Terms Specific to This and Other HIP Documents .............4
   4. Background ......................................................6
      4.1. A Desire for a Namespace for Computing Platforms ...........6
   5. Host Identity Namespace .........................................8
      5.1. Host Identifiers ...........................................9
      5.2. Storing Host Identifiers in DNS ............................9
      5.3. Host Identity Tag (HIT) ...................................10
      5.4. Local Scope Identifier (LSI) ..............................10
   6. New Stack Architecture .........................................11
        
   1. Disclaimer ......................................................2
   2. Introduction ....................................................2
   3. Terminology .....................................................4
      3.1. Terms Common to Other Documents ............................4
      3.2. Terms Specific to This and Other HIP Documents .............4
   4. Background ......................................................6
      4.1. A Desire for a Namespace for Computing Platforms ...........6
   5. Host Identity Namespace .........................................8
      5.1. Host Identifiers ...........................................9
      5.2. Storing Host Identifiers in DNS ............................9
      5.3. Host Identity Tag (HIT) ...................................10
      5.4. Local Scope Identifier (LSI) ..............................10
   6. New Stack Architecture .........................................11
        
      6.1. Transport Associations and End-points .....................11
   7. End-host Mobility and Multi-homing .............................12
      7.1. Rendezvous Mechanism ......................................13
      7.2. Protection against Flooding Attacks .......................13
   8. HIP and IPsec ..................................................14
   9. HIP and NATs ...................................................15
      9.1. HIP and TCP Checksums .....................................15
   10. Multicast .....................................................16
   11. HIP Policies ..................................................16
   12. Benefits of HIP ...............................................16
      12.1. HIP's Answers to NSRG Questions ..........................17
   13. Security Considerations .......................................19
      13.1. HITs Used in ACLs ........................................21
      13.2. Non-security considerations ..............................21
   14. Acknowledgements ..............................................22
   15. Informative References ........................................22
        
      6.1. Transport Associations and End-points .....................11
   7. End-host Mobility and Multi-homing .............................12
      7.1. Rendezvous Mechanism ......................................13
      7.2. Protection against Flooding Attacks .......................13
   8. HIP and IPsec ..................................................14
   9. HIP and NATs ...................................................15
      9.1. HIP and TCP Checksums .....................................15
   10. Multicast .....................................................16
   11. HIP Policies ..................................................16
   12. Benefits of HIP ...............................................16
      12.1. HIP's Answers to NSRG Questions ..........................17
   13. Security Considerations .......................................19
      13.1. HITs Used in ACLs ........................................21
      13.2. Non-security considerations ..............................21
   14. Acknowledgements ..............................................22
   15. Informative References ........................................22
        
1. Disclaimer
1. 免责声明

The purpose of this memo is to provide a stable reference point in the development of the Host Identity Protocol architecture. This memo describes the thinking of the authors as of Fall 2003; their thinking may have evolved since then. Occasionally, this memo may be confusing or self-contradicting. That is (partially) intentional, and it reflects the snapshot nature of this memo.

本备忘录旨在为主机标识协议体系结构的开发提供一个稳定的参考点。这份备忘录描述了作者截至2003年秋天的想法;从那时起,他们的思维可能已经发生了变化。有时,此备忘录可能会令人困惑或自相矛盾。这(部分)是有意的,它反映了本备忘录的快照性质。

This RFC is not a candidate for any level of Internet Standard. The IETF disclaims any knowledge of the fitness of this RFC for any purpose and notes that the decision to publish is not based on IETF review. However, the ideas put forth in this RFC have generated significant interest, including the formation of the IETF HIP Working Group and the IRTF HIP Research Group. These groups are expected to generate further documents, sharing their findings with the whole Internet community.

本RFC不适用于任何级别的互联网标准。IETF不承认任何关于本RFC适用于任何目的的知识,并指出发布的决定并非基于IETF审查。然而,本RFC中提出的想法引起了极大的兴趣,包括成立IETF HIP工作组和IRTF HIP研究组。预计这些小组将生成更多的文件,与整个互联网社区分享他们的发现。

2. Introduction
2. 介绍

The Internet has two important global namespaces: Internet Protocol (IP) addresses and Domain Name Service (DNS) names. These two namespaces have a set of features and abstractions that have powered the Internet to what it is today. They also have a number of weaknesses. Basically, since they are all we have, we try to do too much with them. Semantic overloading and functionality extensions have greatly complicated these namespaces.

Internet有两个重要的全局名称空间:Internet协议(IP)地址和域名服务(DNS)名称。这两个名称空间具有一组特性和抽象,它们为Internet提供了今天的功能。它们也有一些弱点。基本上,因为他们是我们所有的,我们试图用他们做太多。语义重载和功能扩展使这些名称空间变得非常复杂。

The proposed Host Identity namespace fills an important gap between the IP and DNS namespaces. The Host Identity namespace consists of Host Identifiers (HIs). A Host Identifier is cryptographic in its

建议的主机标识名称空间填补了IP和DNS名称空间之间的一个重要空白。主机标识命名空间由主机标识符(HI)组成。主机标识符在其内部是加密的

nature; it is the public key of an asymmetric key-pair. Each host will have at least one Host Identity, but it will typically have more than one. Each Host Identity uniquely identifies a single host; i.e., no two hosts have the same Host Identity. The Host Identity, and the corresponding Host Identifier, can be either public (e.g., published in the DNS) or unpublished. Client systems will tend to have both public and unpublished Identities.

自然界它是非对称密钥对的公钥。每个主机将至少有一个主机标识,但通常会有多个主机标识。每个主机标识唯一标识一个主机;i、 例如,没有两台主机具有相同的主机标识。主机标识和相应的主机标识符可以是公共的(例如,在DNS中发布)或未发布的。客户端系统将倾向于同时具有公共和未发布的身份。

There is a subtle but important difference between Host Identities and Host Identifiers. An Identity refers to the abstract entity that is identified. An Identifier, on the other hand, refers to the concrete bit pattern that is used in the identification process.

主机标识和主机标识符之间存在细微但重要的区别。标识是指被标识的抽象实体。另一方面,标识符是指在识别过程中使用的具体位模式。

Although the Host Identifiers could be used in many authentication systems, such as the Internet Key Exchange (IKEv2) Protocol [9], the presented architecture introduces a new protocol, called the Host Identity Protocol (HIP), and a cryptographic exchange, called the HIP base exchange; see also Section 8. The HIP protocols provide for limited forms of trust between systems, enhance mobility, multi-homing, and dynamic IP renumbering; aid in protocol translation/transition; and reduce certain types of denial-of-service (DoS) attacks.

尽管主机标识符可用于许多认证系统,例如因特网密钥交换(IKEv2)协议[9],但所提出的体系结构引入了一种称为主机标识协议(HIP)的新协议和一种称为HIP基交换的密码交换;另见第8节。HIP协议提供了系统间有限形式的信任,增强了移动性、多归属和动态IP重新编号;协助协议翻译/转换;并减少某些类型的拒绝服务(DoS)攻击。

When HIP is used, the actual payload traffic between two HIP hosts is typically, but not necessarily, protected with IPsec. The Host Identities are used to create the needed IPsec Security Associations (SAs) and to authenticate the hosts. When IPsec is used, the actual payload IP packets do not differ in any way from standard IPsec-protected IP packets.

使用HIP时,两个HIP主机之间的实际有效负载流量通常(但不一定)受IPsec保护。主机标识用于创建所需的IPsec安全关联(SA)并对主机进行身份验证。使用IPsec时,实际有效负载IP数据包与标准IPsec保护的IP数据包没有任何区别。

3. Terminology
3. 术语
3.1. Terms Common to Other Documents
3.1. 其他文件通用的术语
   +--------------+----------------------------------------------------+
   | Term         | Explanation                                        |
   +--------------+----------------------------------------------------+
   | public key   | The public key of an asymmetric cryptographic key  |
   |              | pair.  Used as a publicly known identifier for     |
   |              | cryptographic identity authentication.             |
   |              |                                                    |
   | Private key  | The private or secret key of an asymmetric         |
   |              | cryptographic key pair.  Assumed to be known only  |
   |              | to the party identified by the corresponding       |
   |              | public key. Used by the identified party to        |
   |              | authenticate its identity to other parties.        |
   |              |                                                    |
   | public key   | An asymmetric cryptographic key pair consisting of |
   | pair         | public and private keys.  For example,             |
   |              | Rivest-Shamir-Adelman (RSA) and Digital Signature  |
   |              | Algorithm (DSA) key pairs are such key pairs.      |
   |              |                                                    |
   | end-point    | A communicating entity.  For historical reasons,   |
   |              | the term 'computing platform' is used in this      |
   |              | document as a (rough) synonym for end-point.       |
   +--------------+----------------------------------------------------+
        
   +--------------+----------------------------------------------------+
   | Term         | Explanation                                        |
   +--------------+----------------------------------------------------+
   | public key   | The public key of an asymmetric cryptographic key  |
   |              | pair.  Used as a publicly known identifier for     |
   |              | cryptographic identity authentication.             |
   |              |                                                    |
   | Private key  | The private or secret key of an asymmetric         |
   |              | cryptographic key pair.  Assumed to be known only  |
   |              | to the party identified by the corresponding       |
   |              | public key. Used by the identified party to        |
   |              | authenticate its identity to other parties.        |
   |              |                                                    |
   | public key   | An asymmetric cryptographic key pair consisting of |
   | pair         | public and private keys.  For example,             |
   |              | Rivest-Shamir-Adelman (RSA) and Digital Signature  |
   |              | Algorithm (DSA) key pairs are such key pairs.      |
   |              |                                                    |
   | end-point    | A communicating entity.  For historical reasons,   |
   |              | the term 'computing platform' is used in this      |
   |              | document as a (rough) synonym for end-point.       |
   +--------------+----------------------------------------------------+
        
3.2. Terms Specific to This and Other HIP Documents
3.2. 本文件和其他HIP文件的专用术语

It should be noted that many of the terms defined herein are tautologous, self-referential, or defined through circular reference to other terms. This is due to the succinct nature of the definitions. See the text elsewhere in this document for more elaborate explanations.

应该注意的是,本文定义的许多术语是重复的、自指的,或者通过循环引用其他术语来定义。这是由于定义的简洁性。有关更详细的解释,请参阅本文档其他地方的文本。

   +--------------+----------------------------------------------------+
   | Term         | Explanation                                        |
   +--------------+----------------------------------------------------+
   | computing    | An entity capable of communicating and computing,  |
   | platform     | for example, a computer.  See the definition of    |
   |              | 'end-point', above.                                |
   |              |                                                    |
   | HIP base     | A cryptographic protocol; see also Section 8.      |
   | exchange     |                                                    |
   |              |                                                    |
   | HIP packet   | An IP packet that carries a 'Host Identity         |
   |              | Protocol' message.                                 |
   |              |                                                    |
   | Host         | An abstract concept assigned to a 'computing       |
   | Identity     | platform'.  See 'Host Identifier', below.          |
   |              |                                                    |
   | Host         | A namespace formed by all possible Host            |
   | Identity     | Identifiers.                                       |
   | namespace    |                                                    |
   |              |                                                    |
   | Host         | A protocol used to carry and authenticate Host     |
   | Identity     | Identifiers and other information.                 |
   | Protocol     |                                                    |
   |              |                                                    |
   | Host         | A 128-bit datum created by taking a cryptographic  |
   | Identity Tag | hash over a Host Identifier.                       |
   |              |                                                    |
   | Host         | A public key used as a name for a Host Identity.   |
   | Identifier   |                                                    |
   |              |                                                    |
   | Local Scope  | A 32-bit datum denoting a Host Identity.           |
   | Identifier   |                                                    |
   |              |                                                    |
   | Public Host  | A published or publicly known Host Identifier used |
   | Identifier   | as a public name for a Host Identity, and the      |
   | and Identity | corresponding Identity.                            |
   |              |                                                    |
   | Unpublished  | A Host Identifier that is not placed in any public |
   | Host         | directory, and the corresponding Host Identity.    |
   | Identifier   | Unpublished Host Identities are typically          |
   | and Identity | shortlived in nature, being often replaced and     |
   |              | possibly used just once.                           |
   |              |                                                    |
   | Rendezvous   | A mechanism used to locate mobile hosts based on   |
   | Mechanism    | their Host Identity Tag (HIT).                    |
   +--------------+----------------------------------------------------+
        
   +--------------+----------------------------------------------------+
   | Term         | Explanation                                        |
   +--------------+----------------------------------------------------+
   | computing    | An entity capable of communicating and computing,  |
   | platform     | for example, a computer.  See the definition of    |
   |              | 'end-point', above.                                |
   |              |                                                    |
   | HIP base     | A cryptographic protocol; see also Section 8.      |
   | exchange     |                                                    |
   |              |                                                    |
   | HIP packet   | An IP packet that carries a 'Host Identity         |
   |              | Protocol' message.                                 |
   |              |                                                    |
   | Host         | An abstract concept assigned to a 'computing       |
   | Identity     | platform'.  See 'Host Identifier', below.          |
   |              |                                                    |
   | Host         | A namespace formed by all possible Host            |
   | Identity     | Identifiers.                                       |
   | namespace    |                                                    |
   |              |                                                    |
   | Host         | A protocol used to carry and authenticate Host     |
   | Identity     | Identifiers and other information.                 |
   | Protocol     |                                                    |
   |              |                                                    |
   | Host         | A 128-bit datum created by taking a cryptographic  |
   | Identity Tag | hash over a Host Identifier.                       |
   |              |                                                    |
   | Host         | A public key used as a name for a Host Identity.   |
   | Identifier   |                                                    |
   |              |                                                    |
   | Local Scope  | A 32-bit datum denoting a Host Identity.           |
   | Identifier   |                                                    |
   |              |                                                    |
   | Public Host  | A published or publicly known Host Identifier used |
   | Identifier   | as a public name for a Host Identity, and the      |
   | and Identity | corresponding Identity.                            |
   |              |                                                    |
   | Unpublished  | A Host Identifier that is not placed in any public |
   | Host         | directory, and the corresponding Host Identity.    |
   | Identifier   | Unpublished Host Identities are typically          |
   | and Identity | shortlived in nature, being often replaced and     |
   |              | possibly used just once.                           |
   |              |                                                    |
   | Rendezvous   | A mechanism used to locate mobile hosts based on   |
   | Mechanism    | their Host Identity Tag (HIT).                    |
   +--------------+----------------------------------------------------+
        
4. Background
4. 出身背景

The Internet is built from three principal components: computing platforms (end-points), packet transport (i.e., internetworking) infrastructure, and services (applications). The Internet exists to service two principal components: people and robotic services (silicon-based people, if you will). All these components need to be named in order to interact in a scalable manner. Here we concentrate on naming computing platforms and packet transport elements.

互联网由三个主要组成部分组成:计算平台(端点)、数据包传输(即互联网)基础设施和服务(应用程序)。互联网的存在是为了服务于两个主要组成部分:人和机器人服务(基于硅的人,如果你愿意的话)。所有这些组件都需要命名,以便以可伸缩的方式进行交互。这里我们集中讨论命名计算平台和数据包传输元素。

There are two principal namespaces in use in the Internet for these components: IP numbers and Domain Names. Domain Names provide hierarchically assigned names for some computing platforms and some services. Each hierarchy is delegated from the level above; there is no anonymity in Domain Names. Email, HTTP, and SIP addresses all reference Domain Names.

互联网上有两个主要的名称空间用于这些组件:IP号码和域名。域名为某些计算平台和某些服务提供分层分配的名称。每个层级都是从上面的层级委派的;域名中没有匿名性。电子邮件、HTTP和SIP地址是所有参考域名的地址。

IP numbers are a confounding of two namespaces, the names of a host's networking interfaces and the names of the locations ('confounding' is a term used in statistics to discuss metrics that are merged into one with a gain in indexing, but a loss in informational value). The names of locations should be understood as denoting routing direction vectors, i.e., information that is used to deliver packets to their destinations.

IP编号是两个名称空间的混淆,主机网络接口的名称和位置的名称(“混淆”是统计学中用于讨论合并为一个索引增益但信息值损失的度量的术语)。位置的名称应理解为表示路由方向向量,即用于将分组传送到其目的地的信息。

IP numbers name networking interfaces, and typically only when the interface is connected to the network. Originally, IP numbers had long-term significance. Today, the vast number of interfaces use ephemeral and/or non-unique IP numbers. That is, every time an interface is connected to the network, it is assigned an IP number.

IP编号命名网络接口,通常仅当接口连接到网络时才命名。最初,IP号码具有长期意义。如今,大量的接口使用短暂的和/或非唯一的IP号码。也就是说,每次接口连接到网络时,都会为其分配一个IP号。

In the current Internet, the transport layers are coupled to the IP addresses. Neither can evolve separately from the other. IPng deliberations were strongly shaped by the decision that a corresponding TCPng would not be created.

在当前的Internet中,传输层耦合到IP地址。两者都不能独立发展。IPng的审议受到不创建相应TCPng的决定的强烈影响。

There are three critical deficiencies with the current namespaces. First, dynamic readdressing cannot be directly managed. Second, anonymity is not provided in a consistent, trustable manner. Finally, authentication for systems and datagrams is not provided. All of these deficiencies arise because computing platforms are not well named with the current namespaces.

当前名称空间存在三个关键缺陷。首先,无法直接管理动态重新着装。其次,匿名性不是以一致、可信的方式提供的。最后,不提供系统和数据报的身份验证。所有这些缺陷都是由于计算平台没有使用当前的名称空间进行良好命名而产生的。

4.1. A Desire for a Namespace for Computing Platforms
4.1. 对计算平台名称空间的渴望

An independent namespace for computing platforms could be used in end-to-end operations independent of the evolution of the internetworking layer and across the many internetworking layers.

计算平台的独立名称空间可用于端到端操作中,独立于网络层的演变,并跨许多网络层。

This could support rapid readdressing of the internetworking layer because of mobility, rehoming, or renumbering.

由于移动性、重新命名或重新编号,这可能支持快速重新调整互联网层。

If the namespace for computing platforms is based on public key cryptography, it can also provide authentication services. If this namespace is locally created without requiring registration, it can provide anonymity.

如果计算平台的名称空间基于公钥加密,它还可以提供身份验证服务。如果此命名空间是在本地创建的,而不需要注册,则它可以提供匿名性。

Such a namespace (for computing platforms) and the names in it should have the following characteristics:

此类名称空间(用于计算平台)及其名称应具有以下特征:

o The namespace should be applied to the IP 'kernel'. The IP kernel is the 'component' between applications and the packet transport infrastructure.

o 名称空间应应用于IP“内核”。IP内核是应用程序和数据包传输基础设施之间的“组件”。

o The namespace should fully decouple the internetworking layer from the higher layers. The names should replace all occurrences of IP addresses within applications (like in the Transport Control Block, TCB). This may require changes to the current APIs. In the long run, it is probable that some new APIs are needed.

o 名称空间应将网络互连层与更高层完全解耦。这些名称应替换应用程序中出现的所有IP地址(如在传输控制块TCB中)。这可能需要更改当前的API。从长远来看,可能需要一些新的API。

o The introduction of the namespace should not mandate any administrative infrastructure. Deployment must come from the bottom up, in a pairwise deployment.

o 名称空间的引入不应强制要求任何管理基础结构。部署必须自下而上,成对部署。

o The names should have a fixed-length representation, for easy inclusion in datagram headers and existing programming interfaces (e.g., the TCB).

o 名称应具有固定长度的表示形式,以便于包含在数据报头和现有编程接口(如TCB)中。

o Using the namespace should be affordable when used in protocols. This is primarily a packet size issue. There is also a computational concern in affordability.

o 在协议中使用名称空间时,应该可以负担得起。这主要是一个数据包大小问题。在可承受性方面也存在计算问题。

o Name collisions should be avoided as much as possible. The mathematics of the birthday paradox can be used to estimate the chance of a collision in a given population and hash space. In general, for a random hash space of size n bits, we would expect to obtain a collision after approximately 1.2*sqrt(2**n) hashes were obtained. For 64 bits, this number is roughly 4 billion. A hash size of 64 bits may be too small to avoid collisions in a large population; for example, there is a 1% chance of collision in a population of 640M. For 100 bits (or more), we would not expect a collision until approximately 2**50 (1 quadrillion) hashes were generated.

o 应尽可能避免名称冲突。生日悖论的数学可以用来估计在给定的总体和散列空间中发生碰撞的机会。通常,对于大小为n位的随机散列空间,我们期望在获得大约1.2*sqrt(2**n)散列之后获得冲突。对于64位,这个数字大约是40亿。64位的散列大小可能太小,无法避免大量人群中的冲突;例如,6.4亿人口中有1%的碰撞几率。对于100位(或更多)的数据,在生成大约2**50(1万亿)哈希之前,我们不会期望发生冲突。

o The names should have a localized abstraction that can be used in existing protocols and APIs.

o 这些名称应该具有可在现有协议和API中使用的本地化抽象。

o It must be possible to create names locally. This can provide anonymity at the cost of making resolvability very difficult.

o 必须能够在本地创建名称。这可以提供匿名性,但代价是使可解析性变得非常困难。

* Sometimes the names may contain a delegation component. This is the cost of resolvability.

* 有时,名称可能包含委托组件。这是可处置性的成本。

o The namespace should provide authentication services.

o 命名空间应提供身份验证服务。

o The names should be long-lived, but replaceable at any time. This impacts access control lists; short lifetimes will tend to result in tedious list maintenance or require a namespace infrastructure for central control of access lists.

o 这些名称应该是长期的,但可以随时替换。这会影响访问控制列表;生命周期短往往会导致冗长的列表维护,或者需要一个命名空间基础设施来集中控制访问列表。

In this document, a new namespace approaching these ideas is called the Host Identity namespace. Using Host Identities requires its own protocol layer, the Host Identity Protocol, between the internetworking and transport layers. The names are based on public key cryptography to supply authentication services. Properly designed, it can deliver all of the above-stated requirements.

在本文档中,一个接近这些想法的新名称空间称为主机标识名称空间。使用主机标识需要在互连层和传输层之间有自己的协议层,即主机标识协议。这些名称基于公钥加密来提供身份验证服务。如果设计得当,它可以满足上述所有要求。

5. Host Identity Namespace
5. 主机标识命名空间

A name in the Host Identity namespace, a Host Identifier (HI), represents a statistically globally unique name for naming any system with an IP stack. This identity is normally associated with, but not limited to, an IP stack. A system can have multiple identities, some 'well known', some unpublished or 'anonymous'. A system may self-assert its own identity, or may use a third-party authenticator like DNS Security (DNSSEC) [2], Pretty Good Privacy (PGP), or X.509 to 'notarize' the identity assertion. It is expected that the Host Identifiers will initially be authenticated with DNSSEC and that all implementations will support DNSSEC as a minimal baseline.

主机标识命名空间中的名称,即主机标识符(HI),表示用于命名具有IP堆栈的任何系统的统计全局唯一名称。此标识通常与IP堆栈关联,但不限于此。一个系统可以有多个标识,一些是“已知的”,一些是未发布的或“匿名的”。系统可以自行声明自己的身份,也可以使用第三方身份验证程序,如DNS安全(DNSSEC)[2]、相当好的隐私(PGP)或X.509来“公证”身份声明。预计主机标识符最初将通过DNSSEC进行身份验证,并且所有实现将支持DNSSEC作为最低基线。

In theory, any name that can claim to be 'statistically globally unique' may serve as a Host Identifier. However, in the authors' opinion, a public key of a 'public key pair' makes the best Host Identifier. As will be specified in the Host Identity Protocol specification, a public-key-based HI can authenticate the HIP packets and protect them from man-in-the-middle attacks. Since authenticated datagrams are mandatory to provide much of HIP's DoS protection, the Diffie-Hellman exchange in HIP has to be authenticated. Thus, only public key HI and authenticated HIP messages are supported in practice. In this document, the non-cryptographic forms of HI and HIP are presented to complete the theory of HI, but they should not be implemented as they could produce worse DoS attacks than the Internet has without Host Identity.

理论上,任何可以声称是“统计上全局唯一”的名称都可以用作主机标识符。然而,作者认为,“公钥对”的公钥是最好的主机标识符。正如主机身份协议规范中所规定的,基于公钥的HI可以对HIP数据包进行身份验证,并保护它们免受中间人攻击。由于经过身份验证的数据报必须提供HIP的大部分DoS保护,因此必须对HIP中的Diffie-Hellman交换进行身份验证。因此,实际上只支持公钥HI和经过身份验证的HIP消息。在本文档中,介绍了HI和HIP的非加密形式,以完善HI理论,但不应实施HI和HIP,因为它们可能会产生比没有主机身份的Internet更严重的DoS攻击。

5.1. Host Identifiers
5.1. 主机标识符

Host Identity adds two main features to Internet protocols. The first is a decoupling of the internetworking and transport layers; see Section 6. This decoupling will allow for independent evolution of the two layers. In addition, it can provide end-to-end services over multiple internetworking realms. The second feature is host authentication. Because the Host Identifier is a public key, this key can be used for authentication in security protocols like IPsec.

主机标识为Internet协议添加了两个主要功能。第一个是互联网络和传输层的解耦;见第6节。这种解耦将允许两层的独立演化。此外,它还可以在多个互联领域提供端到端服务。第二个特性是主机身份验证。因为主机标识符是公钥,所以该密钥可用于IPsec等安全协议中的身份验证。

The only completely defined structure of the Host Identity is that of a public/private key pair. In this case, the Host Identity is referred to by its public component, the public key. Thus, the name representing a Host Identity in the Host Identity namespace, i.e., the Host Identifier, is the public key. In a way, the possession of the private key defines the Identity itself. If the private key is possessed by more than one node, the Identity can be considered to be a distributed one.

唯一完全定义的主机标识结构是公钥/私钥对。在这种情况下,主机标识由其公共组件公钥引用。因此,在主机标识名称空间中表示主机标识的名称(即主机标识符)是公钥。在某种程度上,私钥的拥有定义了身份本身。如果私钥由多个节点拥有,则可以将该标识视为分布式标识。

Architecturally, any other Internet naming convention might form a usable base for Host Identifiers. However, non-cryptographic names should only be used in situations of high trust / low risk, that is, any place where host authentication is not needed (no risk of host spoofing and no use of IPsec). However, at least for interconnected networks spanning several operational domains, the set of environments where the risk of host spoofing allowed by non-cryptographic Host Identifiers is acceptable is the null set. Hence, the current HIP documents do not specify how to use any other types of Host Identifiers but public keys.

在体系结构上,任何其他Internet命名约定都可能构成主机标识符的可用基础。但是,非加密名称只能在高信任/低风险的情况下使用,即不需要主机身份验证的任何地方(没有主机欺骗的风险,也没有使用IPsec)。然而,至少对于跨越多个操作域的互连网络,非加密主机标识符允许的主机欺骗风险可接受的环境集是空集。因此,当前的HIP文档没有指定如何使用任何其他类型的主机标识符,而是指定公钥。

The actual Host Identities are never directly used in any Internet protocols. The corresponding Host Identifiers (public keys) may be stored in various DNS or Lightweight Directory Access Protocol (LDAP) directories as identified elsewhere in this document, and they are passed in the HIP base exchange. A Host Identity Tag (HIT) is used in other protocols to represent the Host Identity. Another representation of the Host Identities, the Local Scope Identifier (LSI), can also be used in protocols and APIs.

实际的主机标识从未直接用于任何Internet协议中。相应的主机标识符(公钥)可存储在本文档其他地方标识的各种DNS或轻型目录访问协议(LDAP)目录中,并在HIP base exchange中传递。主机标识标签(HIT)在其他协议中用于表示主机标识。主机标识的另一种表示形式,本地范围标识符(LSI),也可以在协议和API中使用。

5.2. Storing Host Identifiers in DNS
5.2. 在DNS中存储主机标识符

The public Host Identifiers should be stored in DNS; the unpublished Host Identifiers should not be stored anywhere (besides the communicating hosts themselves). The (public) HI is stored in a new Resource Record (RR) type, to be defined. This RR type is likely to be quite similar to the IPSECKEY RR [6].

公共主机标识符应存储在DNS中;未发布的主机标识符不应存储在任何位置(除了通信主机本身)。(公共)HI存储在待定义的新资源记录(RR)类型中。这种RR类型可能与IPSECKEY RR非常相似[6]。

Alternatively, or in addition to storing Host Identifiers in the DNS, they may be stored in various kinds of Public Key Infrastructure (PKI). Such a practice may allow them to be used for purposes other than pure host identification.

或者,或者除了在DNS中存储主机标识符之外,它们还可以存储在各种公钥基础设施(PKI)中。这种做法可能允许它们用于除纯粹的主机识别以外的目的。

5.3. Host Identity Tag (HIT)
5.3. 主机标识标签(HIT)

A Host Identity Tag is a 128-bit representation for a Host Identity. It is created by taking a cryptographic hash over the corresponding Host Identifier. There are two advantages of using a hash over using the Host Identifier in protocols. First, its fixed length makes for easier protocol coding and also better manages the packet size cost of this technology. Second, it presents the identity in a consistent format to the protocol independent of the cryptographic algorithms used.

主机标识标记是主机标识的128位表示形式。它是通过对相应的主机标识符进行加密哈希来创建的。与在协议中使用主机标识符相比,使用哈希有两个优点。首先,它的固定长度使得协议编码更容易,并且还可以更好地管理该技术的数据包大小成本。第二,它以一致的格式向协议提供身份,与所使用的加密算法无关。

In the HIP packets, the HITs identify the sender and recipient of a packet. Consequently, a HIT should be unique in the whole IP universe as long as it is being used. In the extremely rare case of a single HIT mapping to more than one Host Identity, the Host Identifiers (public keys) will make the final difference. If there is more than one public key for a given node, the HIT acts as a hint for the correct public key to use.

在HIP数据包中,点击标识数据包的发送者和接收者。因此,只要正在使用,HIT在整个IP世界中应该是唯一的。在极少数情况下,一次命中映射到多个主机标识,主机标识符(公钥)将产生最终的区别。如果给定节点有多个公钥,则点击将作为正确公钥使用的提示。

5.4. Local Scope Identifier (LSI)
5.4. 本地范围标识符(LSI)

A Local Scope Identifier (LSI) is a 32-bit localized representation for a Host Identity. The purpose of an LSI is to facilitate using Host Identities in existing protocols and APIs. LSI's advantage over HIT is its size; its disadvantage is its local scope.

本地作用域标识符(LSI)是主机标识的32位本地化表示。LSI的目的是促进在现有协议和API中使用主机标识。LSI相对于HIT的优势在于其规模;它的缺点是它的局部范围。

Examples of how LSIs can be used include: as the address in an FTP command and as the address in a socket call. Thus, LSIs act as a bridge for Host Identities into IPv4-based protocols and APIs.

LSI的使用示例包括:FTP命令中的地址和套接字调用中的地址。因此,LSI充当主机标识到基于IPv4的协议和API的桥梁。

6. New Stack Architecture
6. 新的堆栈结构

One way to characterize Host Identity is to compare the proposed new architecture with the current one. As discussed above, the IP addresses can be seen to be a confounding of routing direction vectors and interface names. Using the terminology from the IRTF Name Space Research Group Report [7] and, e.g., the unpublished Internet Draft "Endpoints and Endpoint Names" [10] by Noel Chiappa, the IP addresses currently embody the dual role of locators and end-point identifiers. That is, each IP address names a topological location in the Internet, thereby acting as a routing direction vector, or locator. At the same time, the IP address names the physical network interface currently located at the point-of-attachment, thereby acting as an end-point name.

描述主机身份的一种方法是将提出的新体系结构与当前体系结构进行比较。如上所述,IP地址可以看作是路由方向向量和接口名称的混淆。使用IRTF名称空间研究小组报告[7]中的术语,以及Noel Chiappa未发布的互联网草案“端点和端点名称”[10],IP地址目前体现了定位器和端点标识符的双重作用。也就是说,每个IP地址命名Internet中的拓扑位置,从而充当路由方向向量或定位器。同时,IP地址命名当前位于连接点的物理网络接口,从而充当端点名称。

In the HIP architecture, the end-point names and locators are separated from each other. IP addresses continue to act as locators. The Host Identifiers take the role of end-point identifiers. It is important to understand that the end-point names based on Host Identities are slightly different from interface names; a Host Identity can be simultaneously reachable through several interfaces.

在HIP体系结构中,端点名称和定位器彼此分离。IP地址继续充当定位器。主机标识符扮演端点标识符的角色。重要的是要理解,基于主机标识的端点名称与接口名称略有不同;可以通过多个接口同时访问主机标识。

The difference between the bindings of the logical entities is illustrated in Figure 1.

逻辑实体绑定之间的差异如图1所示。

   Service ------ Socket                  Service ------ Socket
                    |                                      |
                    |                                      |
                    |                                      |
                    |                                      |
   End-point        |                    End-point --- Host Identity
            \       |                                      |
              \     |                                      |
                \   |                                      |
                  \ |                                      |
   Location --- IP address                Location --- IP address
        
   Service ------ Socket                  Service ------ Socket
                    |                                      |
                    |                                      |
                    |                                      |
                    |                                      |
   End-point        |                    End-point --- Host Identity
            \       |                                      |
              \     |                                      |
                \   |                                      |
                  \ |                                      |
   Location --- IP address                Location --- IP address
        

Figure 1

图1

6.1. Transport Associations and End-points
6.1. 运输协会和终点

Architecturally, HIP provides for a different binding of transport-layer protocols. That is, the transport-layer associations, i.e., TCP connections and UDP associations, are no longer bound to IP addresses but to Host Identities.

在体系结构上,HIP提供了不同的传输层协议绑定。也就是说,传输层关联(即TCP连接和UDP关联)不再绑定到IP地址,而是绑定到主机标识。

It is possible that a single physical computer hosts several logical end-points. With HIP, each of these end-points would have a distinct Host Identity. Furthermore, since the transport associations are bound to Host Identities, HIP provides for process migration and clustered servers. That is, if a Host Identity is moved from one physical computer to another, it is also possible to simultaneously move all the transport associations without breaking them. Similarly, if it is possible to distribute the processing of a single Host Identity over several physical computers, HIP provides for cluster-based services without any changes at the client end-point.

一台物理计算机可能承载多个逻辑端点。对于HIP,每个端点都有一个不同的宿主身份。此外,由于传输关联绑定到主机标识,HIP提供了进程迁移和集群服务器。也就是说,如果主机标识从一台物理计算机移动到另一台物理计算机,也可以同时移动所有传输关联而不中断它们。类似地,如果可以在多台物理计算机上分发对单个主机标识的处理,HIP将提供基于群集的服务,而不需要在客户端端点进行任何更改。

7. End-host Mobility and Multi-homing
7. 终端主机移动性和多主

HIP decouples the transport from the internetworking layer, and binds the transport associations to the Host Identities (through actually either the HIT or LSI). Consequently, HIP can provide for a degree of internetworking mobility and multi-homing at a low infrastructure cost. HIP mobility includes IP address changes (via any method) to either party. Thus, a system is considered mobile if its IP address can change dynamically for any reason like PPP, Dynamic Host Configuration Protocol (DHCP), IPv6 prefix reassignments, or a Network Address Translation (NAT) device remapping its translation. Likewise, a system is considered multi-homed if it has more than one globally routable IP address at the same time. HIP links IP addresses together, when multiple IP addresses correspond to the same Host Identity, and if one address becomes unusable, or a more preferred address becomes available, existing transport associations can easily be moved to another address.

HIP将传输与互联层分离,并将传输关联绑定到主机标识(实际上通过HIT或LSI)。因此,HIP可以以较低的基础设施成本提供一定程度的网络间移动性和多主。HIP移动包括向任何一方更改IP地址(通过任何方法)。因此,如果一个系统的IP地址可以因任何原因(如PPP、动态主机配置协议(DHCP)、IPv6前缀重新分配或网络地址转换(NAT)设备重新映射其转换)而动态更改,则该系统被视为移动系统。同样,如果一个系统同时具有多个全局可路由IP地址,则该系统被视为多宿系统。HIP将IP地址链接在一起,当多个IP地址对应于相同的主机标识时,如果一个地址变得不可用,或者一个更首选的地址变得可用,则可以轻松地将现有传输关联移动到另一个地址。

When a node moves while communication is already ongoing, address changes are rather straightforward. The peer of the mobile node can just accept a HIP or an integrity protected IPsec packet from any address and ignore the source address. However, as discussed in Section 7.2 below, a mobile node must send a HIP readdress packet to inform the peer of the new address(es), and the peer must verify that the mobile node is reachable through these addresses. This is especially helpful for those situations where the peer node is sending data periodically to the mobile node (that is restarting a connection after the initial connection).

当一个节点在通信已在进行的情况下移动时,地址更改相当简单。移动节点的对等方可以只接受来自任何地址的HIP或完整性保护的IPsec数据包,而忽略源地址。然而,如下文第7.2节所述,移动节点必须发送HIP ReadAddress数据包以通知对等方新地址,并且对等方必须验证移动节点可通过这些地址访问。这对于对等节点定期向移动节点发送数据(即在初始连接后重新启动连接)的情况尤其有用。

7.1. Rendezvous Mechanism
7.1. 会合机构

Making a contact to a mobile node is slightly more involved. In order to start the HIP exchange, the initiator node has to know how to reach the mobile node. Although infrequently moving HIP nodes could use Dynamic DNS [1] to update their reachability information in the DNS, an alternative to using DNS in this fashion is to use a piece of new static infrastructure to facilitate rendezvous between HIP nodes.

与移动节点联系稍微复杂一些。为了启动HIP交换,发起方节点必须知道如何到达移动节点。虽然不经常移动的HIP节点可以使用动态DNS[1]来更新DNS中的可达性信息,但以这种方式使用DNS的另一种方法是使用一个新的静态基础设施来促进HIP节点之间的会合。

The mobile node keeps the rendezvous infrastructure continuously updated with its current IP address(es). The mobile nodes must trust the rendezvous mechanism to properly maintain their HIT and IP address mappings.

移动节点使用其当前IP地址不断更新集合基础设施。移动节点必须信任集合机制以正确维护其HIT和IP地址映射。

The rendezvous mechanism is also needed if both of the nodes happen to change their address at the same time, either because they are mobile and happen to move at the same time, because one of them is off-line for a while, or because of some other reason. In such a case, the HIP readdress packets will cross each other in the network and never reach the peer node.

如果两个节点碰巧同时更改了地址,则也需要会合机制,原因可能是它们是移动的,并且恰好同时移动,可能是其中一个暂时离线,也可能是其他原因。在这种情况下,HIP ReadAddress数据包将在网络中相互交叉,并且永远不会到达对等节点。

A separate document will specify the details of the HIP rendezvous mechanism.

另一份文件将详细说明髋关节会合机制。

7.2. Protection against Flooding Attacks
7.2. 防止洪水袭击

Although the idea of informing about address changes by simply sending packets with a new source address appears appealing, it is not secure enough. That is, even if HIP does not rely on the source address for anything (once the base exchange has been completed), it appears to be necessary to check a mobile node's reachability at the new address before actually sending any larger amounts of traffic to the new address.

虽然通过简单地发送带有新源地址的数据包来通知地址更改的想法看起来很有吸引力,但它还不够安全。也就是说,即使HIP不依赖于源地址(一旦基本交换完成),在实际向新地址发送任何较大的流量之前,似乎有必要检查移动节点在新地址的可达性。

Blindly accepting new addresses would potentially lead to flooding DoS attacks against third parties [8]. In a distributed flooding attack, an attacker opens high-volume HIP connections with a large number of hosts (using unpublished HIs), and then claims to all of these hosts that it has moved to a target node's IP address. If the peer hosts were to simply accept the move, the result would be a packet flood to the target node's address. To close this attack, HIP includes an address check mechanism where the reachability of a node is separately checked at each address before using the address for larger amounts of traffic.

盲目接受新地址可能会导致针对第三方的大量DoS攻击[8]。在分布式泛洪攻击中,攻击者打开与大量主机(使用未发布的HIs)的高容量HIP连接,然后向所有这些主机声称它已移动到目标节点的IP地址。如果对等主机只是接受移动,结果将是数据包涌入目标节点的地址。为了关闭此攻击,HIP包括一个地址检查机制,其中在使用地址进行更大流量的通信之前,在每个地址分别检查节点的可达性。

Whenever HIP is used between two hosts that fully trust each other, the hosts may optionally decide to skip the address tests. However,

当在两个完全信任对方的主机之间使用HIP时,主机可以选择跳过地址测试。然而

such performance optimization must be restricted to peers that are known to be trustworthy and capable of protecting themselves from malicious software.

这种性能优化必须限制在已知可信任且能够保护自己免受恶意软件攻击的对等方。

8. HIP and IPsec
8. HIP与IPsec

The preferred way of implementing HIP is to use IPsec to carry the actual data traffic. As of today, the only completely defined method is to use IPsec Encapsulating Security Payload (ESP) to carry the data packets. In the future, other ways of transporting payload data may be developed, including ones that do not use cryptographic protection.

实现HIP的首选方法是使用IPsec来承载实际的数据流量。到目前为止,唯一完全定义的方法是使用IPsec封装安全有效负载(ESP)来承载数据包。将来,可能会开发其他传输有效负载数据的方法,包括不使用密码保护的方法。

In practice, the HIP base exchange uses the cryptographic Host Identifiers to set up a pair of ESP Security Associations (SAs) to enable ESP in an end-to-end manner. This is implemented in a way that can span addressing realms.

实际上,HIP base exchange使用加密主机标识符设置一对ESP安全关联(SA),以端到端方式启用ESP。这是以一种可以跨越寻址领域的方式实现的。

While it would be possible, at least in theory, to use some existing cryptographic protocol, such as IKEv2 together with Host Identifiers, to establish the needed SAs, HIP defines a new protocol. There are a number of historical reasons for this, and there are also a few architectural reasons. First, IKE and IKEv2 were not designed with middle boxes in mind. As adding a new naming layer allows one to potentially add a new forwarding layer (see Section 9, below), it is very important that the HIP protocols are friendly toward any middle boxes.

虽然至少在理论上,可以使用一些现有的加密协议(如IKEv2)和主机标识符来建立所需的SAs,但HIP定义了一个新的协议。这有很多历史原因,也有一些建筑原因。首先,IKE和IKEv2在设计时没有考虑中间框。由于添加一个新的命名层可以潜在地添加一个新的转发层(参见下面的第9节),因此HIP协议对任何中间框都友好是非常重要的。

Second, from a conceptual point of view, the IPsec Security Parameter Index (SPI) in ESP provides a simple compression of the HITs. This does require per-HIT-pair SAs (and SPIs), and a decrease of policy granularity over other Key Management Protocols, such as IKE and IKEv2. In particular, the current thinking is limited to a situation where, conceptually, there is only one pair of SAs between any given pair of HITs. In other words, from an architectural point of view, HIP only supports host-to-host (or endpoint-to-endpoint) Security Associations. If two hosts need more pairs of parallel SAs, they should use separate HITs for that. However, future HIP extensions may provide for more granularity and creation of several ESP SAs between a pair of HITs.

其次,从概念上看,ESP中的IPsec安全参数索引(SPI)提供了对命中的简单压缩。与其他密钥管理协议(如IKE和IKEv2)相比,这确实需要每命中对SAs(和SPI)和策略粒度的降低。特别是,当前的想法仅限于这样一种情况,即从概念上讲,任何给定的命中对之间只有一对SA。换句话说,从体系结构的角度来看,HIP只支持主机到主机(或端点到端点)的安全关联。如果两台主机需要更多的并行SA对,它们应该为此使用单独的HITs。但是,未来的HIP扩展可能会提供更高的粒度,并在一对命中之间创建多个ESP SA。

Since HIP is designed for host usage, not for gateways or so-called Bump-in-the-Wire (BITW) implementations, only ESP transport mode is supported. An ESP SA pair is indexed by the SPIs and the two HITs (both HITs since a system can have more than one HIT). The SAs need not be bound to IP addresses; all internal control of the SA is by the HITs. Thus, a host can easily change its address using Mobile IP, DHCP, PPP, or IPv6 readdressing and still maintain the SAs.

由于HIP是为主机使用而设计的,而不是为网关或所谓的线内通气(BITW)实现而设计的,因此仅支持ESP传输模式。ESP SA对由SPI和两次命中(两次命中都是因为系统可以有多个命中)索引。SAs不需要绑定到IP地址;SA的所有内部控制均由HITs执行。因此,主机可以使用移动IP、DHCP、PPP或IPv6重新配置轻松更改其地址,并且仍然可以维护SAs。

Since the transports are bound to the SA (via an LSI or a HIT), any active transport is also maintained. Thus, real-world conditions like loss of a PPP connection and its re-establishment or a mobile handover will not require a HIP negotiation or disruption of transport services [12].

由于传输绑定到SA(通过LSI或HIT),因此也会保持任何活动传输。因此,现实世界中的情况,如PPP连接的丢失及其重建或移动切换,不需要进行激烈的协商或中断交通服务[12]。

Since HIP does not negotiate any SA lifetimes, all lifetimes are local policy. The only lifetimes a HIP implementation must support are sequence number rollover (for replay protection) and SA timeout. An SA times out if no packets are received using that SA. Implementations may support lifetimes for the various ESP transforms.

由于HIP不协商任何SA生存期,因此所有生存期均为当地政策。HIP实现必须支持的唯一生命周期是序列号翻转(用于重播保护)和SA超时。如果没有使用SA接收到数据包,SA将超时。实现可能支持各种ESP转换的生存期。

9. HIP and NATs
9. HIP和NATs

Passing packets between different IP addressing realms requires changing IP addresses in the packet header. This may happen, for example, when a packet is passed between the public Internet and a private address space, or between IPv4 and IPv6 networks. The address translation is usually implemented as Network Address Translation (NAT) [4] or NAT Protocol Translation (NAT-PT) [3].

在不同IP寻址域之间传递数据包需要更改数据包头中的IP地址。例如,当数据包在公共Internet和专用地址空间之间传递,或在IPv4和IPv6网络之间传递时,可能会发生这种情况。地址转换通常实现为网络地址转换(NAT)[4]或NAT协议转换(NAT-PT)[3]。

In a network environment where identification is based on the IP addresses, identifying the communicating nodes is difficult when NAT is used. With HIP, the transport-layer end-points are bound to the Host Identities. Thus, a connection between two hosts can traverse many addressing realm boundaries. The IP addresses are used only for routing purposes; they may be changed freely during packet traversal.

在基于IP地址进行识别的网络环境中,当使用NAT时,识别通信节点是困难的。使用HIP,传输层端点将绑定到主机标识。因此,两台主机之间的连接可以跨越许多寻址域边界。IP地址仅用于路由目的;它们可以在数据包遍历期间自由更改。

For a HIP-based flow, a HIP-aware NAT or NAT-PT system tracks the mapping of HITs, and the corresponding IPsec SPIs, to an IP address. The NAT system has to learn mappings both from HITs and from SPIs to IP addresses. Many HITs (and SPIs) can map to a single IP address on a NAT, simplifying connections on address-poor NAT interfaces. The NAT can gain much of its knowledge from the HIP packets themselves; however, some NAT configuration may be necessary.

对于基于HIP的流,HIP感知NAT或NAT-PT系统会跟踪HIT和相应IPsec SPI到IP地址的映射。NAT系统必须学习HITs和SPI到IP地址的映射。许多点击(和SPI)可以映射到NAT上的单个IP地址,从而简化了地址贫乏的NAT接口上的连接。NAT可以从HIP数据包本身获得很多知识;但是,可能需要一些NAT配置。

NAT systems cannot touch the datagrams within the IPsec envelope; thus, application-specific address translation must be done in the end systems. HIP provides for 'Distributed NAT', and uses the HIT or the LSI as a placeholder for embedded IP addresses.

NAT系统不能接触IPsec信封内的数据报;因此,特定于应用程序的地址转换必须在终端系统中完成。HIP提供“分布式NAT”,并使用HIT或LSI作为嵌入式IP地址的占位符。

9.1. HIP and TCP Checksums
9.1. HIP和TCP校验和

There is no way for a host to know if any of the IP addresses in an IP header are the addresses used to calculate the TCP checksum. That is, it is not feasible to calculate the TCP checksum using the actual IP addresses in the pseudo header; the addresses received in the incoming packet are not necessarily the same as they were on the

主机无法知道IP报头中的任何IP地址是否是用于计算TCP校验和的地址。即,使用伪报头中的实际IP地址来计算TCP校验和是不可行的;传入数据包中接收到的地址不一定与数据包上的地址相同

sending host. Furthermore, it is not possible to recompute the upper-layer checksums in the NAT/NAT-PT system, since the traffic is IPsec protected. Consequently, the TCP and UDP checksums are calculated using the HITs in the place of the IP addresses in the pseudo header. Furthermore, only the IPv6 pseudo header format is used. This provides for IPv4/IPv6 protocol translation.

发送主机。此外,由于流量受IPsec保护,因此无法在NAT/NAT-PT系统中重新计算上层校验和。因此,TCP和UDP校验和是使用命中代替伪报头中的IP地址来计算的。此外,仅使用IPv6伪报头格式。这提供了IPv4/IPv6协议转换。

10. Multicast
10. 多播

Back in the Fall of 2003, there were little if any concrete thoughts about how HIP might affect IP-layer or application-layer multicast.

早在2003年秋天,关于HIP如何影响IP层或应用层多播,几乎没有具体的想法。

11. HIP Policies
11. 时髦的政策

There are a number of variables that will influence the HIP exchanges that each host must support. All HIP implementations should support at least 2 HIs, one to publish in DNS and an unpublished one for anonymous usage. Although unpublished HIs will be rarely used as responder HIs, they are likely be common for initiators. Support for multiple HIs is recommended.

有许多变量将影响每位主持人必须支持的髋关节置换。所有HIP实现应至少支持2个HI,一个用于在DNS中发布,另一个用于匿名使用的未发布。虽然未发布的HIs很少用作HIs的响应者,但它们对于发起者来说可能很常见。建议支持多个HIs。

Many initiators would want to use a different HI for different responders. The implementations should provide for a policy of initiator HIT to responder HIT. This policy should also include preferred transforms and local lifetimes.

许多发起者希望为不同的响应者使用不同的HI。这些实现应该提供启动器对响应程序命中的策略。此策略还应包括首选转换和本地生存期。

Responders would need a similar policy, describing the hosts allowed to participate in HIP exchanges, and the preferred transforms and local lifetimes.

响应者需要类似的策略,描述允许参与HIP交换的主机、首选转换和本地生存时间。

12. Benefits of HIP
12. 髋关节的益处

In the beginning, the network layer protocol (i.e., IP) had the following four "classic" invariants:

起初,网络层协议(即IP)具有以下四个“经典”不变量:

o Non-mutable: The address sent is the address received.

o 不可变:发送的地址是接收的地址。

o Non-mobile: The address does not change during the course of an "association".

o “在非关联过程中,移动地址不会更改”。

o Reversible: A return header can always be formed by reversing the source and destination addresses.

o 可逆:始终可以通过反转源地址和目标地址来形成返回头。

o Omniscient: Each host knows what address a partner host can use to send packets to it.

o 全知:每个主机都知道伙伴主机可以使用哪个地址向其发送数据包。

Actually, the fourth can be inferred from 1 and 3, but it is worth mentioning for reasons that will be obvious soon if not already.

事实上,第四个可以从1和3中推断出来,但值得一提的原因很快就会很明显,如果还没有的话。

In the current "post-classic" world, we are intentionally trying to get rid of the second invariant (both for mobility and for multi-homing), and we have been forced to give up the first and the fourth. Realm Specific IP [5] is an attempt to reinstate the fourth invariant without the first invariant. IPv6 is an attempt to reinstate the first invariant.

在当前的“后经典”世界中,我们有意地试图摆脱第二个不变量(无论是对于移动性还是对于多主),我们被迫放弃第一个和第四个不变量。领域特定IP[5]试图在不使用第一个不变量的情况下恢复第四个不变量。IPv6试图恢复第一个不变量。

Few systems on the Internet have DNS names that are meaningful. That is, if they have a Fully Qualified Domain Name (FQDN), that name typically belongs to a NAT device or a dial-up server, and does not really identify the system itself but its current connectivity. FQDNs (and their extensions as email names) are application-layer names, more frequently naming services than a particular system. This is why many systems on the Internet are not registered in the DNS; they do not have services of interest to other Internet hosts.

Internet上很少有系统具有有意义的DNS名称。也就是说,如果它们具有完全限定的域名(FQDN),则该名称通常属于NAT设备或拨号服务器,并且不真正标识系统本身,而是标识其当前连接。FQDN(及其作为电子邮件名称的扩展名)是应用程序层名称,比特定系统更频繁地命名服务。这就是为什么互联网上的许多系统没有在DNS中注册;他们没有其他互联网主机感兴趣的服务。

DNS names are references to IP addresses. This only demonstrates the interrelationship of the networking and application layers. DNS, as the Internet's only deployed, distributed database, is also the repository of other namespaces, due in part to DNSSEC-specific and application-specific key records. Although each namespace can be stretched (IP with v6, DNS with KEY records), neither can adequately provide for host authentication or act as a separation between internetworking and transport layers.

DNS名称是对IP地址的引用。这仅仅说明了网络层和应用层之间的相互关系。DNS作为Internet上唯一部署的分布式数据库,也是其他名称空间的存储库,部分原因是特定于DNSSEC和特定于应用程序的密钥记录。尽管每个名称空间都可以扩展(使用v6的IP,使用密钥记录的DNS),但这两个名称空间都不能充分提供主机身份验证,也不能作为互连层和传输层之间的分隔。

The Host Identity (HI) namespace fills an important gap between the IP and DNS namespaces. An interesting thing about the HI is that it actually allows one to give up all but the 3rd network-layer invariant. That is to say, as long as the source and destination addresses in the network-layer protocol are reversible, then things work OK because HIP takes care of host identification, and reversibility allows one to get a packet back to one's partner host. You do not care if the network-layer address changes in transit (mutable), and you do not care what network-layer address the partner is using (non-omniscient).

主机标识(HI)命名空间填补了IP和DNS命名空间之间的一个重要空白。关于HI的一个有趣的事情是,它实际上允许人们放弃除第三网络层不变量之外的所有网络层不变量。也就是说,只要网络层协议中的源地址和目标地址是可逆的,那么一切都正常,因为HIP负责主机标识,可逆性允许将数据包返回到伙伴主机。您不关心网络层地址是否在传输过程中更改(可变),也不关心合作伙伴使用的网络层地址(非全知)。

12.1. HIP's Answers to NSRG Questions
12.1. HIP对NSRG问题的回答

The IRTF Name Space Research Group has posed a number of evaluating questions in its report [7]. In this section, we provide answers to these questions.

IRTF名称空间研究小组在其报告中提出了许多评估问题[7]。在本节中,我们将回答这些问题。

1. How would a stack name improve the overall functionality of the Internet?

1. 堆栈名称如何改善Internet的整体功能?

HIP decouples the internetworking layer from the transport layer, allowing each to evolve separately. The decoupling makes end-host mobility and multi-homing easier, also across

HIP将网络互连层与传输层分离,允许每一层单独发展。这种分离使得终端主机的移动性和多主定位更加容易,而且跨网络也更加容易

IPv4 and IPv6 networks. HIs make network renumbering easier, and they also make process migration and clustered servers easier to implement. Furthermore, being cryptographic in nature, they provide the basis for solving the security problems related to end-host mobility and multi-homing.

IPv4和IPv6网络。HIs使网络重新编号变得更容易,同时也使进程迁移和集群服务器更容易实现。此外,它们本质上是加密的,为解决与终端主机移动性和多归属相关的安全问题提供了基础。

2. What does a stack name look like?

2. 堆栈名是什么样子的?

A HI is a cryptographic public key. However, instead of using the keys directly, most protocols use a fixed-size hash of the public key.

HI是一种加密公钥。然而,大多数协议没有直接使用密钥,而是使用固定大小的公钥散列。

3. What is its lifetime?

3. 它的寿命是多少?

HIP provides both stable and temporary Host Identifiers. Stable HIs are typically long-lived, with a lifetime of years or more. The lifetime of temporary HIs depends on how long the upper-layer connections and applications need them, and can range from a few seconds to years.

HIP提供稳定和临时主机标识符。稳定的HIs通常寿命长,寿命长达数年或更长。临时HI的生存期取决于上层连接和应用程序需要多长时间,可以是几秒钟到几年。

4. Where does it live in the stack?

4. 它在堆栈中的哪个位置?

The HIs live between the transport and internetworking layers.

HIs生活在传输层和互联层之间。

5. How is it used on the end-points?

5. 如何在端点上使用它?

The Host Identifiers may be used directly or indirectly (in the form of HITs or LSIs) by applications when they access network services. In addition, the Host Identifiers, as public keys, are used in the built-in key agreement protocol, called the HIP base exchange, to authenticate the hosts to each other.

当应用程序访问网络服务时,可以直接或间接地(以HITs或LSI的形式)使用主机标识符。此外,主机标识符(作为公钥)用于内置密钥协商协议(称为HIP-base exchange),以相互验证主机。

6. What administrative infrastructure is needed to support it?

6. 需要什么管理基础设施来支持它?

In some environments, it is possible to use HIP opportunistically, without any infrastructure. However, to gain full benefit from HIP, the HIs must be stored in the DNS or a PKI, and a new rendezvous mechanism is needed. Such a new rendezvous mechanism may need new infrastructure to be deployed.

在某些环境中,可以在没有任何基础设施的情况下机会主义地使用HIP。然而,为了充分利用HIP,HIs必须存储在DNS或PKI中,并且需要一种新的会合机制。这种新的会合机制可能需要部署新的基础设施。

7. If we add an additional layer, would it make the address list in Stream Control Transmission Protocol (SCTP) unnecessary?

7. 如果我们增加一个额外的层,它会使流控制传输协议(SCTP)中的地址列表变得不必要吗?

Yes.

8. What additional security benefits would a new naming scheme offer?

8. 新的命名方案将提供哪些额外的安全好处?

HIP reduces dependency on IP addresses, making the so-called address ownership [11] problems easier to solve. In practice, HIP provides security for end-host mobility and multi-homing. Furthermore, since HIP Host Identifiers are public keys, standard public key certificate infrastructures can be applied on the top of HIP.

HIP减少了对IP地址的依赖,使所谓的地址所有权问题更容易解决[11]。在实践中,HIP为终端主机移动性和多归属提供了安全性。此外,由于HIP主机标识符是公钥,因此可以在HIP的顶部应用标准公钥证书基础结构。

9. What would the resolution mechanisms be, or what characteristics of a resolution mechanisms would be required?

9. 解决机制是什么,或者需要解决机制的哪些特征?

For most purposes, an approach where DNS names are resolved simultaneously to HIs and IP addresses is sufficient. However, if it becomes necessary to resolve HIs into IP addresses or back to DNS names, a flat resolution infrastructure is needed. Such an infrastructure could be based on the ideas of Distributed Hash Tables, but would require significant new development and deployment.

在大多数情况下,DNS名称同时解析为HIs和IP地址的方法就足够了。但是,如果需要将HIs解析为IP地址或返回DNS名称,则需要一个平面解析基础结构。这种基础设施可以基于分布式哈希表的思想,但需要大量的新开发和部署。

13. Security Considerations
13. 安全考虑

HIP takes advantage of the new Host Identity paradigm to provide secure authentication of hosts and to provide a fast key exchange for IPsec. HIP also attempts to limit the exposure of the host to various Denial-of-Service (DoS) and Man-in-the-Middle (MitM) attacks. In so doing, HIP itself is subject to its own DoS and MitM attacks that potentially could be more damaging to a host's ability to conduct business as usual.

HIP利用新的主机标识范例来提供主机的安全身份验证,并为IPsec提供快速密钥交换。HIP还试图限制主机受到各种拒绝服务(DoS)和中间人(MitM)攻击。在这种情况下,HIP本身也会受到其自身的DoS和MitM攻击,这可能会对主机正常开展业务的能力造成更大的损害。

Resource-exhausting DoS attacks take advantage of the cost of setting up a state for a protocol on the responder compared to the 'cheapness' on the initiator. HIP allows a responder to increase the cost of the start of state on the initiator and makes an effort to reduce the cost to the responder. This is done by having the responder start the authenticated Diffie-Hellman exchange instead of the initiator, making the HIP base exchange 4 packets long. There are more details on this process in the Host Identity Protocol.

消耗资源的DoS攻击利用了在响应程序上为协议设置状态的成本,而不是启动器上的“便宜”。HIP允许响应者增加启动器状态开始的成本,并努力降低响应者的成本。这是通过让响应者启动经过身份验证的Diffie-Hellman交换而不是启动器来完成的,使HIP-base交换4个数据包长。主机标识协议中有关于此过程的更多详细信息。

HIP optionally supports opportunistic negotiation. That is, if a host receives a start of transport without a HIP negotiation, it can attempt to force a HIP exchange before accepting the connection. This has the potential for DoS attacks against both hosts. If the method to force the start of HIP is expensive on either host, the attacker need only spoof a TCP SYN. This would put both systems into the expensive operations. HIP avoids this attack by having the responder send a simple HIP packet that it can pre-build. Since this

HIP支持机会主义谈判。也就是说,如果主机在没有HIP协商的情况下接收到传输启动,它可以尝试在接受连接之前强制进行HIP交换。这可能会对两台主机进行DoS攻击。如果强制启动HIP的方法在任一主机上都很昂贵,则攻击者只需欺骗TCP SYN即可。这将使这两个系统投入昂贵的运营。HIP通过让响应者发送一个可以预构建的简单HIP数据包来避免这种攻击。从此

packet is fixed and easily replayed, the initiator reacts to it only if it has just started a connection to the responder.

数据包是固定的,很容易重放,只有当它刚刚开始与响应程序的连接时,发起程序才会对它作出反应。

MitM attacks are difficult to defend against, without third-party authentication. A skillful MitM could easily handle all parts of the HIP base exchange, but HIP indirectly provides the following protection from an MitM attack. If the responder's HI is retrieved from a signed DNS zone or secured by some other means, the initiator can use this to authenticate the signed HIP packets. Likewise, if the initiator's HI is in a secure DNS zone, the responder can retrieve it and validate the signed HIP packets. However, since an initiator may choose to use an unpublished HI, it knowingly risks an MitM attack. The responder may choose not to accept a HIP exchange with an initiator using an unknown HI.

如果没有第三方身份验证,MitM攻击很难防御。熟练的MitM可以轻松处理髋关节基底交换的所有部分,但髋关节间接地提供以下保护,以防MitM攻击。如果响应者的HI是从签名DNS区域检索到的,或者是通过某种其他方式进行保护的,则发起方可以使用该方法对签名的HIP数据包进行身份验证。同样,如果发起方的HI位于安全DNS区域中,则响应方可以检索它并验证签名的HIP数据包。但是,由于发起者可能选择使用未发布的HI,因此会故意冒MitM攻击的风险。响应者可以选择不接受使用未知HI的启动器的HIP交换。

In HIP, the Security Association for IPsec is indexed by the SPI; the source address is always ignored, and the destination address may be ignored as well. Therefore, HIP-enabled IPsec Encapsulated Security Payload (ESP) is IP address independent. This might seem to make it easier for an attacker, but ESP with replay protection is already as well protected as possible, and the removal of the IP address as a check should not increase the exposure of IPsec ESP to DoS attacks.

在HIP中,IPsec的安全关联由SPI索引;源地址始终被忽略,目标地址也可能被忽略。因此,支持HIP的IPsec封装安全负载(ESP)与IP地址无关。这似乎使攻击者更容易攻击,但具有重播保护的ESP已经得到了尽可能好的保护,删除IP地址作为检查不应增加IPsec ESP遭受DoS攻击的风险。

Since not all hosts will ever support HIP, ICMPv4 'Destination Unreachable, Protocol Unreachable' and ICMPv6 'Parameter Problem, Unrecognized Next Header' messages are to be expected and present a DoS attack. Against an initiator, the attack would look like the responder does not support HIP, but shortly after receiving the ICMP message, the initiator would receive a valid HIP packet. Thus, to protect against this attack, an initiator should not react to an ICMP message until a reasonable time has passed, allowing it to get the real responder's HIP packet. A similar attack against the responder is more involved.

由于并非所有主机都支持HIP、ICMPv4“目标不可访问、协议不可访问”和ICMPv6“参数问题”,因此可能会出现无法识别的下一个标头”消息,并导致DoS攻击。针对发起方,攻击看起来像响应方不支持HIP,但在收到ICMP消息后不久,发起方将收到有效的HIP数据包。因此,为了防止这种攻击,发起者不应该对ICMP消息做出反应,直到经过一段合理的时间,允许它获得真正响应者的HIP数据包。针对响应者的类似攻击更为复杂。

Another MitM attack is simulating a responder's administrative rejection of a HIP initiation. This is a simple ICMP 'Destination Unreachable, Administratively Prohibited' message. A HIP packet is not used because it would have to either have unique content, and thus difficult to generate, resulting in yet another DoS attack, or be just as spoofable as the ICMP message. Like in the previous case, the defense against this attack is for the initiator to wait a reasonable time period to get a valid HIP packet. If one does not come, then the initiator has to assume that the ICMP message is valid. Since this is the only point in the HIP base exchange where this ICMP message is appropriate, it can be ignored at any other point in the exchange.

另一个MitM攻击是模拟响应者对髋部启动的行政拒绝。这是一条简单的ICMP“目的地不可到达,管理禁止”消息。不使用HIP数据包是因为它必须具有唯一的内容,因此很难生成,从而导致另一次DoS攻击,或者与ICMP消息一样具有欺骗性。与前一种情况一样,针对这种攻击的防御措施是让启动器等待一段合理的时间来获取有效的HIP数据包。如果没有,则发起方必须假定ICMP消息有效。由于这是HIP base exchange中唯一适合此ICMP消息的点,因此可以在exchange中的任何其他点忽略它。

13.1. HITs Used in ACLs
13.1. ACL中使用的HITs

It is expected that HITs will be used in Access Control Lists (ACLs). Future firewalls can use HITs to control egress and ingress to networks, with an assurance level difficult to achieve today. As discussed above in Section 8, once a HIP session has been established, the SPI value in an IPsec packet may be used as an index, indicating the HITs. In practice, firewalls can inspect HIP packets to learn of the bindings between HITs, SPI values, and IP addresses. They can even explicitly control IPsec usage, dynamically opening IPsec ESP only for specific SPI values and IP addresses. The signatures in HIP packets allow a capable firewall to ensure that the HIP exchange is indeed happening between two known hosts. This may increase firewall security.

预计访问控制列表(ACL)中将使用点击。未来的防火墙可以使用HITs来控制网络的进出,其保证级别在今天很难实现。如上文在第8节中所讨论的,一旦建立了HIP会话,IPsec分组中的SPI值可以用作指示命中的索引。实际上,防火墙可以检查HIP数据包以了解HIT、SPI值和IP地址之间的绑定。它们甚至可以显式地控制IPsec的使用,仅为特定的SPI值和IP地址动态打开IPsec ESP。HIP数据包中的签名允许一个功能强大的防火墙来确保HIP交换确实发生在两个已知主机之间。这可能会增加防火墙的安全性。

There has been considerable bad experience with distributed ACLs that contain public-key-related material, for example, with Secure SHell Protocol (SSH). If the owner of a key needs to revoke it for any reason, the task of finding all locations where the key is held in an ACL may be impossible. If the reason for the revocation is due to private key theft, this could be a serious issue.

对于包含公钥相关材料的分布式ACL(例如,使用Secure SHell Protocol(SSH))有相当多的不良经验。如果密钥的所有者出于任何原因需要撤销密钥,则查找ACL中密钥所在的所有位置的任务可能是不可能的。如果撤销的原因是私钥被盗,这可能是一个严重的问题。

A host can keep track of all of its partners that might use its HIT in an ACL by logging all remote HITs. It should only be necessary to log responder hosts. With this information, the host can notify the various hosts about the change to the HIT. There has been no attempt to develop a secure method to issue the HIT revocation notice.

主机可以通过记录所有远程命中来跟踪可能在ACL中使用其命中的所有伙伴。应该只需要记录响应程序主机。有了这些信息,主机可以通知各个主机对HIT的更改。没有人试图开发一种安全的方法来发布HIT撤销通知。

HIP-aware NATs, however, are transparent to the HIP-aware systems by design. Thus, the host may find it difficult to notify any NAT that is using a HIT in an ACL. Since most systems will know of the NATs for their network, there should be a process by which they can notify these NATs of the change of the HIT. This is mandatory for systems that function as responders behind a NAT. In a similar vein, if a host is notified of a change in a HIT of an initiator, it should notify its NAT of the change. In this manner, NATs will get updated with the HIT change.

然而,HIP感知NAT在设计上对HIP感知系统是透明的。因此,主机可能会发现很难通知正在ACL中使用HIT的任何NAT。由于大多数系统都知道其网络的NAT,因此应该有一个过程,通过该过程,它们可以将HIT的变化通知这些NAT。这对于在NAT后面充当响应者的系统是强制性的。类似地,如果主机被通知启动器的命中发生了更改,它应该将此更改通知其NAT。通过这种方式,NAT将随着HIT更改而更新。

13.2. Non-security considerations
13.2. 非安全考虑

The definition of the Host Identifier states that the HI need not be a public key. It implies that the HI could be any value; for example, an FQDN. This document does not describe how to support such a non-cryptographic HI. A non-cryptographic HI would still offer the services of the HIT or LSI for NAT traversal. It would be possible to carry HITs in HIP packets that had neither privacy nor authentication. Since such a mode would offer so little additional functionality for so much addition to the IP kernel, it has not been

主机标识符的定义声明HI不需要是公钥。这意味着HI可以是任何值;例如,FQDN。本文档不描述如何支持此类非加密HI。非加密HI仍将为NAT穿越提供HIT或LSI的服务。可以在既没有隐私也没有身份验证的HIP数据包中携带点击。由于这样一种模式只提供很少的额外功能,而对IP内核的添加却如此之多,所以它还没有被开发出来

defined. Given how little public key cryptography HIP requires, HIP should only be implemented using public key Host Identities.

定义鉴于HIP对公钥加密的要求很低,HIP应该只使用公钥主机身份来实现。

If it is desirable to use HIP in a low-security situation where public key computations are considered expensive, HIP can be used with very short Diffie-Hellman and Host Identity keys. Such use makes the participating hosts vulnerable to MitM and connection hijacking attacks. However, it does not cause flooding dangers, since the address check mechanism relies on the routing system and not on cryptographic strength.

如果希望在认为公钥计算昂贵的低安全性情况下使用HIP,HIP可以与非常短的Diffie-Hellman和主机标识密钥一起使用。这种使用使得参与主机容易受到MitM和连接劫持攻击。但是,由于地址检查机制依赖于路由系统,而不是密码强度,因此它不会造成洪水危险。

14. Acknowledgements
14. 致谢

For the people historically involved in the early stages of HIP, see the Acknowledgements section in the Host Identity Protocol specification.

对于历史上参与HIP早期阶段的人员,请参阅主机标识协议规范中的确认部分。

During the later stages of this document, when the editing baton was transfered to Pekka Nikander, the comments from the early implementors and others, including Jari Arkko, Tom Henderson, Petri Jokela, Miika Komu, Mika Kousa, Andrew McGregor, Jan Melen, Tim Shepard, Jukka Ylitalo, and Jorma Wall, were invaluable. Finally, Lars Eggert, Spencer Dawkins, and Dave Crocker provided valuable input during the final stages of publication, most of which was incorporated but some of which the authors decided to ignore in order to get this document published in the first place.

在本文档的后期阶段,当编辑指挥棒移交给Pekka Nikander时,早期实施者和其他人的评论,包括Jari Arkko、Tom Henderson、Petri Jokela、Miika Komu、Mika Kousa、Andrew McGregor、Jan Melen、Tim Shepard、Jukka Ylitalo和Jorma Wall,是非常宝贵的。最后,Lars Eggert、Spencer Dawkins和Dave Crocker在出版的最后阶段提供了有价值的投入,其中大部分被合并,但一些作者决定忽略,以便首先出版本文档。

15. Informative References
15. 资料性引用

[1] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound, "Dynamic Updates in the Domain Name System (DNS UPDATE)", RFC 2136, April 1997.

[1] Vixie,P.,Thomson,S.,Rekhter,Y.,和J.Bound,“域名系统中的动态更新(DNS更新)”,RFC 21361997年4月。

[2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, March 2005.

[2] Arends,R.,Austein,R.,Larson,M.,Massey,D.,和S.Rose,“DNS安全介绍和要求”,RFC 4033,2005年3月。

Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Resource Records for the DNS Security Extensions", RFC 4034, March 2005.

Arends,R.,Austein,R.,Larson,M.,Massey,D.,和S.Rose,“DNS安全扩展的资源记录”,RFC 40342005年3月。

Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Protocol Modifications for the DNS Security Extensions", RFC 4035, March 2005

Arends,R.,Austein,R.,Larson,M.,Massey,D.,和S.Rose,“DNS安全扩展的协议修改”,RFC 4035,2005年3月

[3] Tsirtsis, G. and P. Srisuresh, "Network Address Translation - Protocol Translation (NAT-PT)", RFC 2766, February 2000.

[3] Tsirtsis,G.和P.Srisuresh,“网络地址转换-协议转换(NAT-PT)”,RFC 2766,2000年2月。

[4] Srisuresh, P. and K. Egevang, "Traditional IP Network Address Translator (Traditional NAT)", RFC 3022, January 2001.

[4] Srisuresh,P.和K.Egevang,“传统IP网络地址转换器(传统NAT)”,RFC 3022,2001年1月。

[5] Borella, M., Lo, J., Grabelsky, D., and G. Montenegro, "Realm Specific IP: Framework", RFC 3102, October 2001.

[5] Borella,M.,Lo,J.,Grabelsky,D.,和G.黑山,“特定领域知识产权:框架”,RFC 3102,2001年10月。

[6] Richardson, M., "A Method for Storing IPsec Keying Material in DNS", RFC 4025, March 2005.

[6] Richardson,M.“在DNS中存储IPsec密钥材料的方法”,RFC 4025,2005年3月。

[7] Lear, E. and R. Droms, "What's In A Name: Thoughts from the NSRG", Work in Progress, September 2003.

[7] Lear,E.和R.Droms,“名称的含义:来自NSRG的想法”,进展中的工作,2003年9月。

[8] Nikander, P., et al, "Mobile IP Version 6 Route Optimization Security Design Background", RFC 4225, December 2005.

[8] Nikander,P.等人,“移动IP版本6路由优化安全设计背景”,RFC 42252005年12月。

[9] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005.

[9] Kaufman,C.,“因特网密钥交换(IKEv2)协议”,RFC 4306,2005年12月。

[10] Chiappa, J., "Endpoints and Endpoint Names: A Proposed Enhancement to the Internet Architecture", URL http://users.exis.net/~jnc/tech/endpoints.txt, 1999.

[10] Chiappa,J.,“端点和端点名称:对互联网架构的改进建议”,URLhttp://users.exis.net/~jnc/tech/endpoints.txt,1999年。

[11] Nikander, P., "Denial-of-Service, Address Ownership, and Early Authentication in the IPv6 World", in Security Protocols, 9th International Workshop, Cambridge, UK, April 25-27 2001, LNCS 2467, pp. 12-26, Springer, 2002.

[11] Nikander,P.,“IPv6世界中的拒绝服务、地址所有权和早期身份验证”,《安全协议》,第9届国际研讨会,英国剑桥,2001年4月25-27日,LNCS 2467,第12-26页,Springer,2002年。

[12] Bellovin, S., "EIDs, IPsec, and HostNAT", in Proceedings of the 41st IETF, Los Angeles, CA, March 1998.

[12] Bellovin,S.,“EIDs,IPsec和HostNAT”,载于第41届IETF会议记录,加利福尼亚州洛杉矶,1998年3月。

Authors' Addresses

作者地址

Robert Moskowitz ICSAlabs, a Division of Cybertrust Corporation 1000 Bent Creek Blvd, Suite 200 Mechanicsburg, PA USA

Robert Moskowitz ICSAlabs,Cybertrust Corporation的一个部门,地址:美国宾夕法尼亚州Mechanicsburg Bent Creek大道1000号200室

   EMail: rgm@icsalabs.com
        
   EMail: rgm@icsalabs.com
        

Pekka Nikander Ericsson Research Nomadic Lab JORVAS FIN-02420 FINLAND

佩卡·尼坎德·爱立信游牧研究实验室JORVAS FIN-02420芬兰

   Phone: +358 9 299 1
   EMail: pekka.nikander@nomadiclab.com
        
   Phone: +358 9 299 1
   EMail: pekka.nikander@nomadiclab.com
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2006).

版权所有(C)互联网协会(2006年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).

RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。