Abstract
The necessity to split the endpoint identity and locator has been understood since sometime both from routing and security perspective. Today endpoints are identified by IP address that is location dependent and attributed by ISPs, whereas the identity neither depends on location nor on ISP. So splitting the routing and identification space is expected to make network operation such as mobility, multihoming and traffic engineering transparent for the end user. While in the operator side the use of a single space for routing and identification brings scaling issues. The operators will benefit from the split by decreased routing table size.
Within IETF/IRTF solutions are being developed to separate the IP layer into Endpoint Identifier (EID) space and routing locator (RLOC) space in the form of Locator/ID Separation Protocol (LISP). In LISP the Identifier (ID) has the format of a IPv4 or IPv6 address. This architecture provides ID to locator resolution so that the packets can be routed through the Internet.
This paper proposes a solution that considers an Endpoint Identifier (EID) as the combination of a domain name and a cryptographic Identifier (cryptoID). Such EIDs are hosted in a mixed DNS/Distributed Hash Table (DHT) architecture. Resolution involves a DNS and a DHT resolution. We show how the use of DNSSEC enhances the routing algorithm of the DHT resolution, and present advantages a such an architecture in term of deployment and future use of the Internet.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Huston, G.: Architectural Commentary on Site Multi-homing using a Level 3 Shim (January 2005)
Moskowitz, R., Nikander, P.: Host Identity Protocol (HIP) Architecture. RFC 4423 (Informational) (May 2006)
Kaashoek, F., Karger, D., Morris, R., Sit, E., Stribling, J., Brunskill, E., Cox, R., Dabek, F., Li, J., Muthitacharoen, A., Stoica, I.: Chord
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements. RFC 4033 (Proposed Standard) (March 2005)
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: Resource Records for the DNS Security Extensions. RFC 4034 (Proposed Standard) (March 2005)
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: Protocol Modifications for the DNS Security Extensions. RFC 4035 (Proposed Standard) (March 2005)
Ramasubramanian, V., Sirer, E.G.: Beehive: O(1)lookup performance for power-law query distributions in peer-to-peer overlays. In: NSDI 2004. Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation, Berkeley, CA, USA, USENIX Association, p. 8 (2004)
Ramasubramanian, V., Sirer, E.G.: The design and implementation of a next generation name service for the internet. In: SIGCOMM 2004. Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, pp. 331–342. ACM Press, New York (2004)
Pappas, V., Massey, D., Terzis, A., Zhang, L.: A Comparative Study of the DNS Design with DHT-Based Alternatives (March 2005)
Stoica, I., Morris, R., Karger, D., Kaashoek, F.M., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. In: SIGCOMM 2001. Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, vol. 31, pp. 149–160. ACM Press, New York (2001)
Cox, R., Muthitacharoen, A., Morris, R.T.: Serving DNS using a Peer-to-Peer Lookup Service (March 2002)
Farinacci, D., Fuller, V., Oran, D., Meyer, D.: Locator/ID Separation Protocol (LISP) (July 2007)
Jen, D., Meisel, M., Massey, D., Wang, L., Zhang, B., Zhang, L.: APT: A Practical Transit Mapping Service (July 2007)
Brim, S., Chiappa, N., Farinacci, D., Fuller, V., Lewis, D., Meyer, D.: LISP-CONS: A Content distribution Overlay Network Service for LISP (July 2007)
Lear, E.: NERD: A Not-so-novel EID to RLOC Database (July 2007)
Doi, Y.: Dns meets dht: Treating massive id resolution using dns over dht. In: Saint, pp. 9–15 (2005)
Considine, J., Walfish, M., Andersen, D.G.: A pragmatic approach to dht adoption. Technical report
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Migault, D., Brunner, M. (2007). Description of a Naming Architecture Managing Cryptographic Identifiers. In: Medhi, D., Nogueira, J.M., Pfeifer, T., Wu, S.F. (eds) IP Operations and Management. IPOM 2007. Lecture Notes in Computer Science, vol 4786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75853-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-75853-2_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75852-5
Online ISBN: 978-3-540-75853-2
eBook Packages: Computer ScienceComputer Science (R0)