[Hipsec] HIP Mobile Router draft
Orlie Brewer <orlie.t.brewer@boeing.com> Tue, 28 October 2008 00:58 UTC
Return-Path: <hipsec-bounces@ietf.org>
X-Original-To: hip-archive@lists.ietf.org
Delivered-To: ietfarch-hip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC3253A6859; Mon, 27 Oct 2008 17:58:33 -0700 (PDT)
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 135033A6809 for <hipsec@core3.amsl.com>; Mon, 27 Oct 2008 17:58:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.74
X-Spam-Level:
X-Spam-Status: No, score=-4.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zRKzr4yjukbx for <hipsec@core3.amsl.com>; Mon, 27 Oct 2008 17:58:32 -0700 (PDT)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id 256EB3A6A8B for <hipsec@ietf.org>; Mon, 27 Oct 2008 17:58:32 -0700 (PDT)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id m9S0wGXT003067 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <hipsec@ietf.org>; Mon, 27 Oct 2008 19:58:26 -0500 (CDT)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id m9S0wF9o026240 for <hipsec@ietf.org>; Mon, 27 Oct 2008 17:58:15 -0700 (PDT)
Received: from hogwarts.rt.cs.boeing.com (hogwarts.rt.cs.boeing.com [130.42.32.238]) by blv-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id m9S0wFKe026237 for <hipsec@ietf.org>; Mon, 27 Oct 2008 17:58:15 -0700 (PDT)
Received: from crescent.rt.cs.boeing.com (crescent [130.42.32.236]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by hogwarts.rt.cs.boeing.com (Postfix) with ESMTP id AE18E15B46 for <hipsec@ietf.org>; Mon, 27 Oct 2008 17:58:15 -0700 (PDT)
From: Orlie Brewer <orlie.t.brewer@boeing.com>
To: "hipsec@ietf.org" <hipsec@ietf.org>
Date: Mon, 27 Oct 2008 18:04:23 -0700
Message-Id: <1225155863.13213.3.camel@crescent.rt.cs.boeing.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.0
Subject: [Hipsec] HIP Mobile Router draft
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: orlie.t.brewer@boeing.com
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hipsec-bounces@ietf.org
Errors-To: hipsec-bounces@ietf.org
Hello, We have been implementing portions of the HIP mobile router draft to OpenHIP: <<http://tools.ietf.org/rfcdiff?difftype=3D--hwdiff&url2=3Dhttp://tools.ietf.org/id/draft-melen-hip-mr-01.txt>> Below are a few questions and comments about our effort. In section 5.1 of the draft, the "mobile router adds its self-signed locator set information to the I1 message" and "its signed LOCATOR TLV and ESP_INFO TLV to the I2 message." This only seems useful if the peer node has the host identity public key of the mobile router to verify the signature, but there is no mention of the mobile router passing that information to the peer node or establishing a HIP connection with the peer node. Also, these would have to be added after the portion of the message signed by the mobile node. We have defined a ESP_INFO_UNSIGNED parameter to place the SPINAT info after the portion of the message signed by the mobile node in the I2 message. Also, in that section, "the mobile router adds an encrypted 'echo request' parameter to the I1 message." We are assuming that it is an ECHO_REQUEST_UNSIGNED parameter that would be placed after the portion of the message signed by the mobile node. Another question with signatures is with the UPDATE packet. The HIP RFC5201, section 5.3.5, say that an HMAC parameter and a HIP_SIGNATURE parameter are mandatory. Again, is this suppose to be the mobile router's signature? The draft does not mention signatures in relation to the UPDATE packet. A general comment is that the draft seems to consider two cases, a mobile node with existing SAs moving behind a mobile router and a mobile node already behind a mobile router establishing an SA through a mobile router. However, it is a little confusing which case is being discussed at times as the draft seems to jump between the two cases. It would be clearer if it were explicitly stated when the different cases were begin discussed. Orlie Brewer The Boeing Company VOICE: (425) 373 - 2881, P.O. Box 3707, MS 7L-48 FAX: (425) 373 - 2960 Seattle, WA 98124-2207 EMAIL: orlie.t.brewer@boeing.com _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] HIP Mobile Router draft Orlie Brewer
- Re: [Hipsec] HIP Mobile Router draft Jan Mikael Melen