HIP - was Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

Thu Aug 28 03:49:56 UTC 2008
Rob Townley <rob.townley at gmail.com>

On Wed, Aug 27, 2008 at 9:50 PM, Robert Moskowitz <rgm at htt-consult.com>wrote:

>
>
> Rob Townley wrote:
>
>> On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz <rgm at htt-consult.com<mailto:
>> rgm at htt-consult.com>> wrote:
>>
>>    Um, as the original poster, I WANT IPv6.  Not make IPv4 lookups
>>    faster by ignoring AAAA records.
>>
>>    Further testing has IPv6 working just fine.  Thing is when I
>>    enable the HIP API intercepts, FIrefox does not work.  Like they
>>    are doing something 'non-standard' with the regualr TCP socket API
>>    so that HIP can't slide in there.  I tried disabling a number of
>>    options, thinking it might be some security setting, but if it is,
>>    I have not found it.
>>
>>
>> Yep, i fully understood you wanted IPv6.  i just thought you might want to
>> verify what settings you have for Firefox -- making sure Firefox has turned
>> on IPv6 dns.
>>
> Default was on.
>
>> Just curious, what is the motivation for the HIP api stuff, it is not
>> there by default is it?
>>
> read the RFCs on HIP:  4423 and 5201-5206.
>
> 4423 provides the justification of HIP and its architecture.  I created HIP
> almost 10 years ago, shortly after (as IPsec co-chair) got the IPsec RFCs
> out.  HIP is much more than an alternative keying protocol for ESP (compared
> to IKE).  It directly addresses secure mobility.  HIP **IS** an important
> change to the TCP/IP architecture; this has been part of its slow
> advancement.  As such it has its own 'native' API:
> http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-05.txt.
>
> I can go into more about HIP if you wish.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


So HIP isn't in any distribution by default or is it?  How does one know?
Would it make sense to include HIP in a Wireless Access Point firmware or a
RADIUS type machine?   Looks interesting, will have to keep it in mind for
wlan sec.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080827/e5370707/attachment-0005.html>