Skip to Main Content
Host Identity Protocol (HIP) gives cryptographically variable identities to hosts. These identities are based on public key cryptography and consist of public and private keys. Public keys can be stored, together with corresponding IP addresses, in DNS servers. When entities are negotiating on a HIP connection, messages are signed with private keys and verified with public keys. Even if this system is quite secure, there are some vulnerabilities concerning the authenticity of public keys. We examine various possibilities to derive trust in public parameters. These are DNSSEC, public key certificates (PKI), identity based cryptography (IBE) and certificate-less public key cryptography (CL-PKC). Both IBE and CL-PKC seem to offer better properties than DNSSEC and PKI, but experimental evaluation is needed, before we can make final conclusions.
Date of Conference: June 29 2010-July 1 2010