IETF Logo Mail Archive

Re: [Hipsec] HIP Registration Extension

Lauri Silvennoinen <ljsilven@cc.hut.fi> Wed, 20 August 2008 18:16 UTC

Return-Path: <hipsec-bounces@ietf.org>
X-Original-To: hip-archive@lists.ietf.org
Delivered-To: ietfarch-hip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7EDD928C1A2; Wed, 20 Aug 2008 11:16:30 -0700 (PDT)
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2048628C1A2 for <hipsec@core3.amsl.com>; Wed, 20 Aug 2008 11:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zFv2ssaWw6v9 for <hipsec@core3.amsl.com>; Wed, 20 Aug 2008 11:16:24 -0700 (PDT)
Received: from smtp-1.hut.fi (smtp-1.hut.fi [130.233.228.91]) by core3.amsl.com (Postfix) with ESMTP id 9B4C63A6C50 for <hipsec@ietf.org>; Wed, 20 Aug 2008 11:16:24 -0700 (PDT)
Received: from localhost (katosiko.hut.fi [130.233.228.115]) by smtp-1.hut.fi (8.13.6/8.12.10) with ESMTP id m7KIG4Ru029131; Wed, 20 Aug 2008 21:16:04 +0300
Received: from smtp-1.hut.fi ([130.233.228.91]) by localhost (katosiko.hut.fi [130.233.228.115]) (amavisd-new, port 10024) with LMTP id 23402-232-40; Wed, 20 Aug 2008 21:16:03 +0300 (EEST)
Received: from kosh.hut.fi (kosh.hut.fi [130.233.228.10]) by smtp-1.hut.fi (8.13.6/8.12.10) with ESMTP id m7KI2bSQ023329; Wed, 20 Aug 2008 21:02:37 +0300
Date: Wed, 20 Aug 2008 21:02:37 +0300
From: Lauri Silvennoinen <ljsilven@cc.hut.fi>
To: Julien Laganier <julien.laganier.IETF@googlemail.com>
In-Reply-To: <48AB098D.80704@googlemail.com>
Message-ID: <Pine.OSF.4.64.0808201846200.411366@kosh.hut.fi>
References: <Pine.OSF.4.64.0808141955110.142735@kosh.hut.fi> <48A9A97D.6010701@googlemail.com> <Pine.OSF.4.64.0808191814110.362556@kosh.hut.fi> <48AB098D.80704@googlemail.com>
MIME-Version: 1.0
X-TKK-Virus-Scanned: by amavisd-new-2.1.2-hutcc at katosiko.hut.fi
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] HIP Registration Extension
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: hipsec-bounces@ietf.org
Errors-To: hipsec-bounces@ietf.org

Hi Julien,

On Tue, 19 Aug 2008, Julien Laganier wrote:
> Hi Lauri,
> Some more thougths...
>>
>>  It can and should be considered as an error from the Requester.
>>  However, this does not mean that the Requester cannot send such a
>>  message. I'm mostly concerned about the server implementation in all
>>  of the issues. Thus the question is: how does the server respond to a
>>  registration attempt having services that cannot co-exist. RFC 5203
>>  does not provide instructions for this. Are you suggesting that the
>>  server should just silently drop such a request? If so, this should be
>>  put in clear text into the RFC.
>
> I think since the RFC allows the server to cancel the earlier 
> (incompatible) registration, then it should do that, and grant the new 
> one:
>
>    A registrar (and an attached service) MAY cancel a
>    registration before it expires, at its own discretion.  However, if
>    it does so, it SHOULD send a REG_RESPONSE with a zero lifetime to all
>    registered requesters.

This would be reasonable behavior from the server. However, this is not 
implicit in the RFC and in my opinion needs clarification. The paragraph 
from the RFC above talks about "sending a REG_RESPONSE with a zero 
lifetime to _all_ registered requesters". Because of the word "all" there, 
the paragraph gives the impression that the server decides to remove the 
whole service from the supported services' pool and thus signals to all 
its clients the new set of supported services.

This is not what we want here. A server can support both RVS and full 
relay services at the same time but a single client cannot be registered 
to both these services simultaneously. Therefore, the server should send a 
REG_RESPONSE with a zero lifetime only to the client who sent the 
REG_REQUEST.

Also, because "the registrar MUST NOT include more than one REG_RESPONSE 
parameter in its R2 or UPDATE packets" the client will receive at least 
two packets in response to a sent REG_REQUEST in this case. The figure on 
[Page 3] is in conflict with this behavior.

> Defining new failure types wouldn't be good. I was thinking more about 
> piggybacking to the REG_FAILED for "cancellation required" with a 
> REG_TYPES_TO_CANCEL parameter containing the registrations types that 
> shall be cancelled before the requested registration is granted. But 
> that seems to complex. Since this is somehow an error case from the 
> requester I think we should do as I suggested earlier, i.e. the 
> registrar signal that incompatible registations were cancelled, and 
> accpet the new one.

This works but as I said earlier, at least two packets will be sent in 
response. With Failure Type "Cancellation required" this would not happen. 
Alternatively multiple REG_RESPONSEs could be allowed in one packet.

> I am not sure it is required to indicate different lifetimes for 
> different services though. If you really want to handle various 
> lifetime, you can get the same result by announcing the min lifetime of 
> services you're offering for all services.

This is confusing for the server administrator. If the server supports two 
services S1 and S2 with lifetime boundaries configured as:

S1 min 30s   max 120s
S2 min 3600s max 86400s

the server would then signal [S1, S2 (30 86400)] in REG_INFO, and so the 
administrator's configurations are not respected.

Next, the client wants to register to service S2 for 3600 seconds and 
sends a REG_REQUEST [S2 (3600)]. The server then checks the lifetime 
boundaries for the service S2 again and sends a REG_RESPONSE [S2 (120)].

Yep, this works, but it is illogical to signal different lifetime 
boundaries than what are later granted. This issue could be easily fixed 
by allowing multiple REG_INFOs / REG_RESPONSEs / REG_REQUESTs in one 
packet or by altering the parameters' formats.

>>  The REG_REQUEST case i.e. the client has requested redundant services.
>>  The server should not allow any broken behavior from the client.
>>  Therefore the whole packet having redundant services should be just
>>  silently dropped.
>
> I disagree. If we follow the "be conservative in what you send, liberal 
> in what you accept", a peer receiving duplicate registration types 
> should just ignore the duplicated occurrences.

Fair enough, but this should be said in the RFC.

>> >  Again that would be broken behavior from the registrar side, we have 
>> >  a SHOULD there. If it doesn't do so, then it either doesn't reply or 
>> >  send REG_FAILED, in any case the MN would not be be mistaken in 
>> >  believing the cancellation was successful.
>>
>>  Perhaps this could be clarified by saying "The Requester cannot assume
>>  that the cancellation was successful until it receives a REG_RESPONSE
>>  with a zero lifetime."
>
> I think this is implicit in the specification, don't you think so?

Hmmm...

    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
    "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
    document are to be interpreted as described in RFC 2119 [RFC2119].

RFC 2119:

3. SHOULD   This word, or the adjective "RECOMMENDED", mean that there
    may exist valid reasons in particular circumstances to ignore a
    particular item, but the full implications must be understood and
    carefully weighed before choosing a different course.

So are "the full implications understood and carefully weighed" when the 
server does not send a REG_RESPONSE? "Carefully weighing" for me means 
that the issue is thought over and written in the RFC. I'm not saying this 
is an important point, but if the RFC is to be revised, the following 
clarification wouldn't hurt:

"The Requester SHOULD NOT assume that the cancellation was successful 
until it receives a REG_RESPONSE with a matching Reg Type and a zero 
lifetime."

>>  Yes, at least for the "Reg Types" with different "Min Lifetime" / "Max
>>  Lifetime" / "Lifetime" values.
>
> As I said, not sure that's really needed for any usecase. And in case 
> you really have a hard requirement to support that, you could configure 
> different Registrars announcing different lifetimes w/ different HITs on 
> the same node. That can be left to implementation.

Good point, but this would increase the administrative work.

-Lauri
_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec

v2.23.0 | Report a Bug | By Email