[Hipsec] feedback of hiccups-01 draft

Miika Komu <miika.komu@hiit.fi> Thu, 29 January 2009 07:49 UTC

Return-Path: <hipsec-bounces@ietf.org>
X-Original-To: hip-archive@lists.ietf.org
Delivered-To: ietfarch-hip-archive@core3.amsl.com
Received: from [] (localhost []) by core3.amsl.com (Postfix) with ESMTP id 60B283A69CE; Wed, 28 Jan 2009 23:49:44 -0800 (PST)
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 107543A69CE for <hipsec@core3.amsl.com>; Wed, 28 Jan 2009 23:49:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id fnRyciG-yDhC for <hipsec@core3.amsl.com>; Wed, 28 Jan 2009 23:49:43 -0800 (PST)
Received: from creon.otaverkko.fi (creon.otaverkko.fi []) by core3.amsl.com (Postfix) with ESMTP id 24DAD3A68DD for <hipsec@ietf.org>; Wed, 28 Jan 2009 23:49:42 -0800 (PST)
Received: from localhost (localhost []) by creon.otaverkko.fi (Postfix) with ESMTP id 85A6021AF58; Thu, 29 Jan 2009 09:49:23 +0200 (EET)
Received: from creon.otaverkko.fi ([]) by localhost (creon.otaverkko.fi []) (amavisd-new, port 10024) with ESMTP id 11515-09; Thu, 29 Jan 2009 09:49:19 +0200 (EET)
Received: from argo.otaverkko.fi (argo.otaverkko.fi []) by creon.otaverkko.fi (Postfix) with ESMTP id 09BC821AF43; Thu, 29 Jan 2009 09:49:19 +0200 (EET)
Received: from [] (halko.pc.infrahip.net []) by argo.otaverkko.fi (Postfix) with ESMTP id 0298625ED06; Thu, 29 Jan 2009 09:49:19 +0200 (EET)
Message-ID: <49815F7E.5080604@hiit.fi>
Date: Thu, 29 Jan 2009 09:49:18 +0200
From: Miika Komu <miika.komu@hiit.fi>
User-Agent: Thunderbird (X11/20090105)
MIME-Version: 1.0
To: hipsec@ietf.org
X-Virus-Scanned: amavisd-new at otaverkko.fi
Subject: [Hipsec] feedback of hiccups-01 draft
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: miika.komu@hiit.fi
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: hipsec-bounces@ietf.org
Errors-To: hipsec-bounces@ietf.org


I have some feedback of the hiccups draft. The draft is well written and 
easy to read and understand. However, I have few questions (sorry if 
these have been asked already):

* I guess the draft assumes that data packets may be sent over HIP-aware 
overlays. I would suggest that the authors have a look at 
draft-heer-hip-middle-auth and perhaps add a pointer to the draft. 
Particularly, I would propose to make the public key mandatory and 
perhaps the middlebox extension as SHOULD? There is a new version of the 
draft coming up very soon. Feel free to ask Tobias for a preview if you 
are interested.

* The justification for the seq/ack mechanism is a bit unclear. Is it 
only about replay protection?

* I just implemented minimal support for HIP_DATA in HIPL. Now the 
implementation should be able to respond with an R1 to a HIPL_DATA 
packet. Now we need to test it for interoperability :) I would suggest 
that OpenHIP folks also implemented this feature because it should be 
only few lines of code.

* Second paragraph in section 5 explain about the issues with 
fragmentation. Implementation wise, shouldn't this problem be just 
solved by lowering the MTU of the tunnel device by the size of HIP 
header, [HOST_ID], payload HMAC and HIP_SIGNATURE?
Hipsec mailing list