HIP - was Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

Thu Aug 28 02:50:22 UTC 2008
Robert Moskowitz <rgm at htt-consult.com>

Rob Townley wrote:
> On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz <rgm at htt-consult.com 
> <mailto:rgm at htt-consult.com>> wrote:
>     Um, as the original poster, I WANT IPv6.  Not make IPv4 lookups
>     faster by ignoring AAAA records.
>     Further testing has IPv6 working just fine.  Thing is when I
>     enable the HIP API intercepts, FIrefox does not work.  Like they
>     are doing something 'non-standard' with the regualr TCP socket API
>     so that HIP can't slide in there.  I tried disabling a number of
>     options, thinking it might be some security setting, but if it is,
>     I have not found it.
> Yep, i fully understood you wanted IPv6.  i just thought you might 
> want to verify what settings you have for Firefox -- making sure 
> Firefox has turned on IPv6 dns.
Default was on. 
> Just curious, what is the motivation for the HIP api stuff, it is not 
> there by default is it? 
read the RFCs on HIP:  4423 and 5201-5206.

4423 provides the justification of HIP and its architecture.  I created 
HIP almost 10 years ago, shortly after (as IPsec co-chair) got the IPsec 
RFCs out.  HIP is much more than an alternative keying protocol for ESP 
(compared to IKE).  It directly addresses secure mobility.  HIP **IS** 
an important change to the TCP/IP architecture; this has been part of 
its slow advancement.  As such it has its own 'native' API:  

I can go into more about HIP if you wish.