Host Identity Protocol
description
Transcript of Host Identity Protocol
![Page 1: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/1.jpg)
Host Identity Protocol
Pekka NikanderEricsson Research Nomadiclab and
Helsinki Institute for Information Technologyhttp://www.hip4inter.net
![Page 2: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/2.jpg)
2
•Introduction: What and why?
•Background
•HIP in a Nutshell
•Mobility and multi-homing (multi-addressing)
•HIP infrastructure: Hi3
•Current status
•Summary
Presentation outline
![Page 3: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/3.jpg)
3
What is HIP?
•HIP = Host Identity Protocol
•A proposal to separate identifier from locator at the network layer of the TCP/IP stack
•A new name space of public keys
•A protocol for discovering and authenticating bindings between public keys and IP addresses
•Secured using signatures and keyed hashes (hash in combination with a secret key)
![Page 4: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/4.jpg)
4
Motivation
•Not to standardise a solution to a problem
•No explicit problem statement
•Exploring the consequences of the id / loc split
•Try it out in real life, in the live Internet
•A different look at many problems
•Mobility, multi-homing, end-to-end security, signalling, control/data plane separation, rendezvous, NAT traversal, firewall security, ...
![Page 5: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/5.jpg)
5
Background
•A brief history of HIP
•Architectural background
•Related IETF Working Groups
![Page 6: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/6.jpg)
6
A Brief History of HIP
•1999 : idea discussed briefly at the IETF
•2001: two BoFs, no WG created at that time
•02-03: development at the corridors
•2004: WG and RG created
•Now: base protocol more or less ready
•Four interoperating implementations
•More work needed on mobility, multi-homing,NAT traversal, infrastructure, and other issues
![Page 7: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/7.jpg)
7
•IP addresses serve the dual role of being
•End-point Identifiers
•Names of network interfaces on hosts
•Locators
•Names of naming topological locations
•This duality makes many things hard
Architectural background
![Page 8: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/8.jpg)
8
New requirements to Internet Addressing
•Mobile hosts
•Need to change IP address dynamically
•Multi-interface hosts
•Have multiple independent addresses
•Mobile, multi-interface hosts most challenging
•Multiple, dynamically changing addresses
•More complex environment
•e.g. local-only connectivity
![Page 9: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/9.jpg)
9
nsrg
ID/loc split
Related IETF WGs and RGsMobilit
ymip6mip4mipshop
Security
ipsec
mobike
btns
multi6
tsvwg
(sctp) shim
6
Multi-homing
hip
IPv6 Signaling and Handoff
Optimization
Site multihoming for IPv6minimize adverse effectsSite multihoming by IPv6
Intermediation, new shim layer, based on Multi6
IKEv2 mobility and multi-homing support.
Multiple/changing prefixes in SA.
Better-Than-Nothing Security,
IKE requires authentication (shared secret, certificate,
Kerberos),Unauthenticated IKE,
Bare RSA keys, self-signed certificates, late binding
Namespace research group
(IRTF), need other namespace than IP?
API implications.
![Page 10: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/10.jpg)
10
•Introduction: What and why?
•Background
•HIP in a Nutshell
•Mobility and multi-homing (multi-addressing)
•HIP infrastructure: Hi3
•Current status
•Summary
Presentation outline
![Page 11: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/11.jpg)
11
HIP in a Nutshell
•Architectural change to TCP/IP structure
•Integrates security, mobility, and multi-homing
•Opportunistic host-to-host IPsec ESP
•End-host mobility, across IPv4 and IPv6
•End-host multi-address multi-homing, IPv4/v6
•IPv4 / v6 interoperability for apps
•A new layer between IP and transport
•Introduces cryptographic Host Identifiers
![Page 12: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/12.jpg)
12
IP addr
•A new Name Space of Host Identifiers (HI)
•Public crypto keys!
•Presented as 128-bit long hash values, Host ID Tags (HIT)
•Sockets bound to HIs, not to IP addresses
•HIs translated to IP addresses in the kernel
The Idea
ProcessProcessProcessProcess
TransportTransportTransportTransport
IP layerIP layerIP layerIP layer
Link layerLink layerLink layerLink layer
IP address
< , port>
Host Host IdentityIdentityHost Host
IdentityIdentityHost ID
Host ID
![Page 13: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/13.jpg)
13
An analogy: What if people were hosts
Connect towhoever happens
to be at +1-123-456-7890
Connect to
Current IP HIP
![Page 14: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/14.jpg)
14
IP layerIP layerIP layerIP layer
Fragmentation
Fragmentation
More detailed layering
Link LayerLink LayerLink LayerLink Layer
ForwardingForwardingForwardingForwarding
IPsecIPsec
Transport LayerTransport LayerTransport LayerTransport LayerEnd-to-
end, HITs
Hop-by-hop, IP
addresses
HIPHIP
MobilityMobilityMobilityMobility
Multi-homingMulti-homingMulti-homingMulti-homing
v4/v6 bridgev4/v6 bridgev4/v6 bridgev4/v6 bridge
![Page 15: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/15.jpg)
15
Protocol overviewInitiator Responder
I1: HITI, HIT
R or NULL
R1: HITI, [HIT
R, puzzle, DH
R, HI
R]sig
I2: [HITI, HIT
R, solution, DH
I, {HI
I}]
sigR2: [HIT
I, HIT
R, authenticator]
sigUser data messagesUser data messages
Con
trol
Con
trol
Dat
aD
ata
![Page 16: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/16.jpg)
16
Puzzle Mechanism
•Responder supplies random number I
•Initiator must find number J so that
•Lowest order K bits in RHASH(HITS || I || J) are zeros
•K is the difficult of the puzzle
•The computation time is exponential to the number K
![Page 17: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/17.jpg)
17
Base exchange
Initiator
Responder
I1 HITI, HIT
R or NULL
R1 HITI, [HIT
R, puzzle, DH
R,
HIR]sig
I2 [HITI, HIT
R, solution, DH
I,
{HII}]
sig
R2 [HITI, HIT
R, authenticator]
sig
ESP protected TCP/UDP, ESP protected TCP/UDP, nono explicit HIP explicit HIP headerheader
ESP protected TCP/UDP, ESP protected TCP/UDP, nono explicit HIP explicit HIP headerheader
User data messagesUser data messages
solve puzzle
verify, authenticate,
replay protection
• Based on SIGMA family of key exchange protocols
standard authenticated Diffie-
Hellman key exchange for session key
generation
Select precomputed R1. Prevent DoS.
Minimal state kept at responder!
Does not protect from replay attacks.
![Page 18: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/18.jpg)
Other core components
•Per-packet identity context
•Indirectly, through SPI if ESP is used
•Directly, e.g., through an explicit shim header
•A mechanism for resolving identities to addresses
• DNS-based, if FQDNs used by applications
• Or distributed hash tables (DHTs) based
![Page 19: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/19.jpg)
19
How applications work today
(when IPsec ESP is used)
IKE IKEIKE
Server appServer app
socket APIsocket API socket APIsocket API
IPsecSADIPsecSAD
IPsecSPDIPsecSPD
IPsecSPDIPsecSPD
IPsecSADIPsecSAD
connect(IP
S)
TCP SYN to IP
S
DNS query
ESP protected TCP SYNto IPaddr
S
TCP SYN from IP
C
DNS serverDNS serverDNS reply
Client appClient appIP
DNS libraryDNS
library
![Page 20: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/20.jpg)
21
Using HIP with ESP
HIP daemon HIP daemonHIP daemon
Server appServer app
socket APIsocket API socket APIsocket API
IPsecSADIPsecSAD
IPsecSPDIPsecSPD
IPsecSPDIPsecSPD
IPsecSADIPsecSAD
TCP SYN to HIT
S
DNS query
ESP protected TCP SYNto IPaddr
S
convert HITs to IP addresses convert IP addresses to HITs
TCP SYN from HIT
C
DNS serverDNS serverDNS reply
Client appClient appHIT
DNS libraryDNS
library
HIT ----- > {IP addresses}connect(HIT
S)
![Page 21: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/21.jpg)
22
Many faces
•More established views:
•A different IKE for simplified end-to-end ESP
•Super Mobile IP with v4/v6 interoperability and dynamic home agents
•A host multi-homing solution
•Newer views:
•New waist of IP stack; universal connectivity
•Secure carrier for signalling protocols
![Page 22: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/22.jpg)
23
HIP as the new waist of TCP/IP
v4 app
TCPv4
IPv4
Link layer
TCPv6
IPv6
v6 app v4 app
TCPv4
IPv4
Link layer
TCPv6
IPv6
v6 app
Host identity Host identity
![Page 23: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/23.jpg)
24
HIP for universal connectivity
•Goal:
•Lowest layer providing location-independent identifiers and end-to-end connectivity
•Work in progress:
•Support for traversing legacy NATs
•Firewall registration and authentication
•Architected middleboxes or layer 3.5 routing
•Identity-based connectivity with DHTs
![Page 24: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/24.jpg)
25
Signalling carrier
•Originally HIP supported only ESP-based user data transport (previous slides)
•ESP is now being split from the base protocol
•Base protocol is becoming a secure carrier for any kinds of signalling
•Support for separate signalling and data paths
•Implicitly present in the original design
•Now being made more explicit
![Page 25: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/25.jpg)
26
Faces summary: Motivating architectural
factors•A “reachability” solution across NATs
•New “waist” for the protocol stack
•Built-in security
•Implicit channel bindings
•connect(HIT) provides a secured connection to the identified host
•Puzzle-based DoS protection
•Integrated mobility and end-host multi-homing
![Page 26: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/26.jpg)
27
•Introduction: What and why?
•Background
•HIP in a Nutshell
•Mobility and multi-homing (multi-addressing)
•HIP infrastructure: Hi3
•Current status
•Summary
Presentation outline
![Page 27: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/27.jpg)
28
Introduction to IP based mobility and multi-
homing•Mobility implemented at “lP layer”
•IP addresses are assigned according to topology
•Allows for routing prefix aggregation
•Mobile hosts change their topological location
•Multi-homed hosts present at many locations
•In an IP based m&m solution
•Transport & apps do not see address changes or multiple addresses
![Page 28: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/28.jpg)
29
Rendezvous
•Initial rendezvous
•How to find a moving end-point?
•Can be based on directories
•Requires fast directory updates→ Bad match for DNS
•Tackling double-jump
•What if both hosts move at same time?
•Requires rendezvous point
![Page 29: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/29.jpg)
30
Mobile IP
•Home Agent (HA)
•Serves a Home Address
•Initial reachability
•Triangular routing
•Route optimization
•Tunnels to bypass HA
•HA as rendezvous point
HA
MN
CN
![Page 30: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/30.jpg)
31
Multi-addressing dimensions
Onehost
Singlesubnet
Parts oftopology
All hosts
end-hostmultihoming
end-hostmobility
Moving networks (NEMO)
moving, multi-homed
networks
Multi-homing
Mobility
SoHo sitemultihoming
enterprisemultihoming
ad hocnetworks
![Page 31: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/31.jpg)
32
•Mobility and multi-homing become duals of each other•Mobile host has many addresses over time
•Multi-homed host has many addresses at the same time
•Leads to a Virtual Interface Model
•A host may have real and virtual interfaces
•Merges the “Home Agent”
HIP Mobility & Multi-homing
![Page 32: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/32.jpg)
33
ESP from MN to CNESP from MN to CNESP from MN to CNESP from MN to CN
Mobility protocolMobile Corresponding
UPDATE: HITs, new locator(s), sig
UPDATE: HITs, RR challenge, sig
ESP on both directionsESP on both directionsESP on both directionsESP on both directions
UPDATE: HITs, RR response, sig
![Page 33: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/33.jpg)
34
•Introduction: What and why?
•Background
•HIP in a Nutshell
•Mobility and multi-homing (multi-addressing)
•HIP infrastructure: Hi3
•Current status
•Summary
Presentation outline
![Page 34: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/34.jpg)
35
•Depends on application
•For multi-addressing, self-generated keys
•Usually keys in the DNS
•Can use PKI if needed
•Opportunistic mode supported
•SSH-like leap-of-faith
•Accept a new key if it matches a fingerprint
Key distribution for HIP
DNS serverDNS server
Client appClient app
DNS query:A, AAAA, KEY
DNS reply:A, AAAA, KEY
![Page 35: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/35.jpg)
36
Basic HIP rendezvous
Rendezvous server
Server
Client
Rendezvousregistration
I1
R1I2R2
![Page 36: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/36.jpg)
37
HIP registration protocol
Client Server
I1
R1 + REG_INFO
I2 + REG_REQUEST
R2 + REG_RESPONSE
Server informs client
about registrar
capability (BE)Client requests
registrationAuthz. Based
on local policies
Also update messages (protected)Cancel with zero timeout
![Page 37: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/37.jpg)
38
•HIs originally planned to be stored in the DNS
•Retrieved simultaneously with IP addresses
•Does not work if you have only a HIT
•Question: How to get data based on HIT only?
•HITs look like 128-bit random numbers
•Possible answer: DHT based overlay like i3
The infrastructure question
![Page 38: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/38.jpg)
39
Distributed Hash Tables
•Distributed directory for flat data
•Several different ways to implement
•Each server maintains a partial map
•Overlay addresses to direct to the right server
•Resilience through parallel, unrelated mappings
•Used to create overlay networks
![Page 39: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/39.jpg)
40
i3 rendezvous abstraction
•Trigger inserted by receiver(s)
•Packets addressed to identifiers
•i3
routes packet to the receiver(s)
Sender Receiver (R)
ID R
trigger
send(ID, data)send(R, data)
![Page 40: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/40.jpg)
41
Hi3: combining HIP and i3
•Developed at Ericsson Research IP Networks
•Uses i3
overlay for HIP control packets
•Provides rendezvous for HIP
•Data packets use plain old IP
•Cryptographically protected with ESP
•Only soft or optional state in the network
![Page 41: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/41.jpg)
42
Hi3 and DHT-based rendezvous
i3 overlay basedcontrol plane
IP-based user plane
![Page 42: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/42.jpg)
43
Control/data separation
ID R
i3 overlay
basedrendezvous
infra
![Page 43: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/43.jpg)
44
Hi3 overlay and IPsec connectivity
•i3
overlay for signalling (control plane)
•Routes only HIP control packets
•e2e ESP for data traffic (user plane)
•Firewalls/middle boxes opened dynamically
•Only end-to-end signalling (HIP)
•Middle boxes “snoop” e2e messages
•Lots of details to be filled in
![Page 44: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/44.jpg)
45
An Internet control plane?
•HIP separates control and data traffic
•Hi3
routes control traffic through overlay
•Control and data packets take potentially very different paths
•Allows telecom-like control …
•… but does not require it
![Page 45: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/45.jpg)
46
Benefits for everyone
•Operators
•Control, security, resilience, revenue
•Enterprises
•Security, resilience, mobility
•Individual users
•Security, mobility, ease of use
![Page 46: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/46.jpg)
47
Benefits to operators
•More controlled network
•Data requires HIP handshake first
•Protection against DoS and DDoS
•Resilience
•Integrated multi-homing
•No single points of failure
![Page 47: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/47.jpg)
48
Benefits to enterprises
•More secure firewalls
•Integrated mobility and multi-access
•Across IPv4 and IPv6
•No single points of failure
![Page 48: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/48.jpg)
49
Benefits to users
•DoS and DDoS protection
•Supports home servers (NAT traversal)
•Configuration free baseline security(ssh-like leap-of-faith encryption
![Page 49: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/49.jpg)
50
•Introduction: What and why?
•Background
•HIP in a Nutshell
•Mobility and multi-homing (multi-addressing)
•HIP infrastructure: Hi3
•Current status
•Summary
Presentation outline
![Page 50: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/50.jpg)
51
Current status
•WG and RG formed at the IETF / IRTF
•First meetings in Seoul, March 2004
•Four known interoperating implementations
•A number of internet drafts
•Base specifications start to be mature
•About a dozen papers published or submitted
![Page 51: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/51.jpg)
52
Implementation status
•Four interoperating implementations
•Ericsson Research Nomadiclab, FreeBSD
•Helsinki Institute for Information Tech., Linux
•Boeing Phantom Works, Linux and Windows
•Sun Labs Grenoble, Solaris
•Other implementations
•Indranet (obsolete), DoCoMo US Labs, rumours about other
![Page 52: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/52.jpg)
53
Evolution of drafts: Early era
![Page 53: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/53.jpg)
54
Evolution of drafts: Restart
![Page 54: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/54.jpg)
55
Evolution of drafts: 2005
ArchitectureBase exchange
Mobility &multi-homingDNS
Rendezvous
Registration
![Page 55: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/55.jpg)
56
Current status• RFCs
• Host Identity Protocol (HIP) Architecture RFC 4423
• RFC queue
• Host Identity Protocol (HIP) Domain Name System (DNS) Extensions
• IESG Processing
• Host Identity Protocol
• End-Host Mobility and Multihoming with the Host Identity Protocol
• Host Identity Protocol (HIP) Rendezvous Extension
• Host Identity Protocol (HIP) Registration Extension
• Using ESP transport format with HIP
• Using the Host Identity Protocol with Legacy Applications
• Internet-Drafts
• HIP Extensions for the Traversal of Network Address Translators
• Native Application Programming Interfaces for SHIM APIs
![Page 56: Host Identity Protocol](https://reader035.fdocuments.us/reader035/viewer/2022062518/56814015550346895dab5d34/html5/thumbnails/56.jpg)
57
•New cryptographic name space
•IP hosts identified with public keys
•Integrates security, mobility, multi-homing
•Evolving into a more generic signalling carrier
•Four interoperating implementations (total 7?)
•Base specifications start to be mature
•http://www.hip4inter.net
•http://www.tml.hut.fi/~pnr/publications/
Summary