The necessity to split the endpoint identity and locator has been understood since sometime both from routing and security
perspective. Today endpoints are identified by IP address that is location dependent and attributed by ISPs, whereas the identity
neither depends on location nor on ISP. So splitting the routing and identification space is expected to make network operation
such as mobility, multihoming and traffic engineering transparent for the end user. While in the operator side the use of
a single space for routing and identification brings scaling issues. The operators will benefit from the split by decreased
routing table size.
Within IETF/IRTF solutions are being developed to separate the IP layer into Endpoint Identifier (EID) space and routing locator
(RLOC) space in the form of Locator/ID Separation Protocol (LISP). In LISP the Identifier (ID) has the format of a IPv4 or
IPv6 address. This architecture provides ID to locator resolution so that the packets can be routed through the Internet.
This paper proposes a solution that considers an Endpoint Identifier (EID) as the combination of a domain name and a cryptographic
Identifier (cryptoID). Such EIDs are hosted in a mixed DNS/Distributed Hash Table (DHT) architecture. Resolution involves
a DNS and a DHT resolution. We show how the use of DNSSEC enhances the routing algorithm of the DHT resolution, and present
advantages a such an architecture in term of deployment and future use of the Internet.