Internet Protocol Forum

Contents:

From the Editor
The End of Eternity: Part Two
Resource Certification
Host Identity Protocol
Fragments
 

Download PDF

IP Version 4 address exhaustion and migration to IP Version 6 continues to be the focus of many Internet related organizations and events. The Regional Internet Registries (RIRs), still debating what will happen as the IPv4 address pool runs out, are developing policies for how to manage address-block transfers between address holders. One potential result of the address shortage is that a market (official or otherwise) will develop for the buying and selling of IPv4 addresses. In our last issue, we brought you the first in a two-part series of articles entitled “The End of Eternity,” by Niall Murphy and David Wilson. Part Two, included in this issue, discusses what a market-based IP trading exchange might look like.

IP address allocation, transfers, and even the potential trading market for addresses is ultimately dependent on a reliable and trusted registry for this information. The RIRs have been working on a way to ensure that information about IP Number Resources (that is, IPv4 addresses, IPv6 addresses, and Autonomous System [AS] numbers) are securely stored and distributed so that users of such information can be assured that it is authentic. The underlying technology is a Resource Certificate Public Key Infrastructure (RPKI), and it is described in our second article by Geoff Huston.

The Internet technical community is discussing the so-called identifier/locator split as a major change to the Internet architecture. The IETF is developing several proposals, including the Locator Identifier Separation Protocol (LISP) discussed in our March 2008 issue. In this issue we look at another proposal, the Host Identity Protocol (HIP). The article is by Andrei Gurtov, Miika Komu, and Robert Moskowitz.

As always, your comments, suggestions, and contributions are welcome, including Letters to the Editor, Book Reviews, and of course full-length articles. Contact us by e-mail at ipj@cisco.com

by Niall Murphy, Google, and David Wilson, HEAnet

In our last article^[0], we wrote about the onset of scarcity and the problems that are likely to ensue as a result. We characterized the problem we face as the gap, the length of time between the end of IPv4 plenty and the beginning of a universally reachable IPv6 Internet. Noting that any solution should either make the gap shorter, by bringing forward full IPv6 deployment, or make it less painful, by reducing the pressure of IPv4 scarcity, we propose that the fairest, most neutral way to encourage networks out of IPv4 while providing help for those who need it is to introduce a market-based IP address trading exchange. Let us explore now how such a system could work. (more…)

by Geoff Huston, APNIC

Opinions vary as to what aspect of the Internet infrastructure represents the greatest common vulnerability to the security and safety of Internet users, but it is generally regarded that attacks that are directed at the network infrastructure are the most insidious, and in that case the choice is probably between the Domain Name System (DNS) and the interdomain routing system.

The question of how to improve the robustness of these functions has been a longstanding topic of study. For the DNS it appears that there is convergence on

Domain Name System Security Extensions

(DNSSEC) as the technical solution to securing DNS resolution operations, and the focus of attention in this space has shifted from technical behavior to topics relating to operational deployment. It has been a difficult time for DNSSEC and to say that there is an end in sight may well be premature at this stage, but there are definite signs of progress in this space. The same cannot be said of progress with securing routing, and particularly in securing interdomain routing. Here much remains to be done in order to achieve reasonable consensus on what technical measures to adopt, let alone the second step of study of how such measures could be deployed across the Internet. (more…)

by Andrei Gurtov and Miika Komu, Helsinki Institute for Information Technology, and Robert Moskowitz, ICSAlab

A host and its location are identified using Internet Protocol (IP) addresses in the current Internet architecture. However, IP addresses can serve only as short-term identifiers because a considerable amount of hosts are portable devices and they change their IP addresses when moved from one network to another. Short-term identifiers disrupt long-term transport layer connections, such as Internet phone calls, and make locating the peer host more difficult. Therefore, mobility and multihoming are hard to implement securely in the present Internet. Upon changing an IP address, the host must prove to its peers that it is the same entity they communicated with before, requiring the use of cryptographic identities. (more…)

Allocation Policy for the Remaining IPv4 Address Space Ratified by ICANN

ISOC’s Trust and Identity Initiative

Call for Papers

(more…)