IETF Logo Mail Archive

Re: [Hipsec] HIP Registration Extension (fwd)

Julien Laganier <julien.laganier.IETF@googlemail.com> Mon, 18 August 2008 16:55 UTC

Return-Path: <hipsec-bounces@ietf.org>
X-Original-To: hip-archive@lists.ietf.org
Delivered-To: ietfarch-hip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 78B843A6D49; Mon, 18 Aug 2008 09:55:36 -0700 (PDT)
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AAF583A6D49 for <hipsec@core3.amsl.com>; Mon, 18 Aug 2008 09:55:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.299
X-Spam-Level:
X-Spam-Status: No, score=-1.299 tagged_above=-999 required=5 tests=[AWL=-1.300, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eARVeEi1kf3O for <hipsec@core3.amsl.com>; Mon, 18 Aug 2008 09:55:33 -0700 (PDT)
Received: from deprox.docomolab-euro.com (deprox.docomolab-euro.com [212.119.9.186]) by core3.amsl.com (Postfix) with ESMTP id 1ADF83A6932 for <hipsec@ietf.org>; Mon, 18 Aug 2008 09:55:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by deprox.docomolab-euro.com (Postfix) with ESMTP id 3AE7617042; Mon, 18 Aug 2008 18:55:41 +0200 (CEST)
Received: from deprox.docomolab-euro.com ([127.0.0.1]) by localhost (deprox.docomolab-euro.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHLyYnBoSLCJ; Mon, 18 Aug 2008 18:55:38 +0200 (CEST)
Received: from DEMAIL.docomolab-euro.com (demail.docomolab-euro.com [172.27.20.3]) by deprox.docomolab-euro.com (Postfix) with ESMTP; Mon, 18 Aug 2008 18:55:38 +0200 (CEST)
Received: from [192.168.99.29] ([192.168.99.29]) by DEMAIL.docomolab-euro.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 18 Aug 2008 18:55:34 +0200
Message-ID: <48A9A97D.6010701@googlemail.com>
Date: Mon, 18 Aug 2008 18:55:25 +0200
From: Julien Laganier <julien.laganier.IETF@googlemail.com>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Lauri Silvennoinen <ljsilven@cc.hut.fi>
References: <Pine.OSF.4.64.0808141955110.142735@kosh.hut.fi>
In-Reply-To: <Pine.OSF.4.64.0808141955110.142735@kosh.hut.fi>
X-OriginalArrivalTime: 18 Aug 2008 16:55:36.0367 (UTC) FILETIME=[3C60F3F0:01C90153]
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] HIP Registration Extension (fwd)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: hipsec-bounces@ietf.org
Errors-To: hipsec-bounces@ietf.org

Hi Lauri,

Lauri Silvennoinen wrote:
> Hi all,
> 
> I asked a few questions related to the HIP Registration Extension back 
> on April, but I think I never got an answer to these questions. The 
> draft is now known as RFC 5203, but the issues remain unanswered. So I 
> send my previous mail again, hoping to get an answer this time.

Sorry for not answering before. Better later than never :)

Some comments inlined below:

> In addition to the issues presented below, I would like to propose a new 
> Failure Type to be used in the REG_FAILED parameter. We have currently 
> two Failure Types defined:
> 
>     Failure Type    Reason
>     ------------    --------------------------------------------
>     0               Registration requires additional credentials
>     1               Registration type unavailable
> 
> Now, when the server is able to provide multiple services and some of 
> these services cannot co-exist i.e. a single requester cannot be 
> registered to these services simultaneously, how does the server respond 
> to a registration attempt?
> 
> For example, if a server is able to provide both rendezvous service and 
> full relay for HIP packets service (used in ICE), a single requester 
> cannot be allowed to register to both of these services without 
> canceling the previously granted service first.

Ok for the usecase, but shouldn't this be considered as an error from 
the MN. The MN implementation supposedly knows that RVS and ICE are 
exclusive, and shouldn't try to register for both at the same time on 
the same node.

> For this type of situation, I suggest a new Failure Type:
> 
>     Failure Type    Reason
>     ------------    --------------------------------------------
>     2               Cancellation required

In that case, wouldn't be needed to signal to the MN which types of 
registration have to be canceled for the requested one to be granted?

> The other possibility would be to just silently overwrite the previous 
> registration.

Silent overwriting wouldn't be good. The registrar should grant the new 
registration and cancel the old one (see below excerpt from Sec. 5 of 
RFC 5203), or vice versa:

    A registrar (and an attached service) MAY cancel a
    registration before it expires, at its own discretion.  However, if
    it does so, it SHOULD send a REG_RESPONSE with a zero lifetime to all
    registered requesters.

[...]

> 1) How does a registrar announce that it is capable of providing multiple
>    services with different lifetimes?

When we wrote that spec we didn't foresee such a usecase. The lifetime 
was on per-server basis, i.e. the time the server is willing to provide 
registrations, the time it expects to stay up, etc.

>     In Section 3.1 it is said that "a registrar SHOULD include a REG_INFO
>     parameter in the R1 packets it sends during all base exchanges." The
>     REG_INFO parameter, however, is of the following form:
> 
>         0                   1                   2                   3
>      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |             Type              |             Length            |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     | Min Lifetime  | Max Lifetime  |  Reg Type #1  |  Reg Type #2  |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |      ...      |     ...       |  Reg Type #n  |               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+    Padding    +
>     |                                                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 
>     I.e. it has single "Min Lifetime" and "Max Lifetime" values. The issue
>     would be solved if the registrar could include multiple REG_INFO
>     parameters in the R1 packets, but nothing is said about multiple
>     REG_INFOs in the draft.

Thus an additional specification would be required it seems.

> 2) How to handle REG_REQUEST, REG_RESPONSE and REG_FAILED parameters that
>    have redundant services? These parameters are of the following form:
> 
>      0                   1                   2                   3
>      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |             Type              |             Length            |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |   Lifetime    |  Reg Type #1  |  Reg Type #2  |  Reg Type #3  |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |      ...      |     ...       |  Reg Type #n  |               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+    Padding    +
>     |                                                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
> 
>     Now, what happens if, say, both "Reg Type #1" and "Reg Type #2" are of
>     type RVS? Not that it would make any sense to build such parameters, 
> but
>     the hosts should be ready to handle such parameters.

I consider this as broken behavior from the registrar side, but anyway 
it seems the MN could simply ignore duplicates Reg types with no harm.

> 3) What happens if registration cancellation does not succeed? In Section
>    5 it is said:
> 
>     "A zero lifetime is reserved for canceling purposes.  Requesting a zero
>     lifetime for a registration type equals to canceling the registration
>     of that type.  A requester MAY cancel a registration before it expires
>     by sending a REG_REQ to the registrar with a zero lifetime.  A
>     registrar SHOULD respond and grant a registration with a zero lifetime.
>     A registrar (and an attached service) MAY cancel a registration before
>     it expires, at its own discretion.  However, if it does so, it SHOULD
>     send a REG_RESPONSE with a zero lifetime to all registered requesters."
> 
>     Thus if the requester wants to cancel a service it sends a REG_REQUEST
>     parameter with zero lifetime to which the registrar should answer with
>     a REG_RESPONSE with zero lifetime respectively. But what happens if the
>     registrar is unable to cancel the registration due to transient
>     conditions or some other reason? Does the registrar just remain silent
>     or send a REG_FAILED?

Again that would be broken behavior from the registrar side, we have a 
SHOULD there. If it doesn't do so, then it either doesn't reply or send 
REG_FAILED, in any case the MN would not be be mistaken in believing the 
cancellation was successful. Do you think more text is needed?

--julien
_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec

v2.23.0 | Report a Bug | By Email