Re: [Hipsec] HIP Registration Extension
Julien Laganier <julien.laganier.IETF@googlemail.com> Tue, 19 August 2008 17:49 UTC
Return-Path: <hipsec-bounces@ietf.org>
X-Original-To: hip-archive@lists.ietf.org
Delivered-To: ietfarch-hip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4606D28C15A; Tue, 19 Aug 2008 10:49:04 -0700 (PDT)
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CBDE028C1EA for <hipsec@core3.amsl.com>; Tue, 19 Aug 2008 10:49:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.506
X-Spam-Level:
X-Spam-Status: No, score=-2.506 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dv2HnUZN3-+L for <hipsec@core3.amsl.com>; Tue, 19 Aug 2008 10:49:00 -0700 (PDT)
Received: from deprox.docomolab-euro.com (deprox.docomolab-euro.com [212.119.9.186]) by core3.amsl.com (Postfix) with ESMTP id 6E6613A6D40 for <hipsec@ietf.org>; Tue, 19 Aug 2008 10:48:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by deprox.docomolab-euro.com (Postfix) with ESMTP id C9F8317024; Tue, 19 Aug 2008 19:48:04 +0200 (CEST)
Received: from deprox.docomolab-euro.com ([127.0.0.1]) by localhost (deprox.docomolab-euro.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sSRJuumMKDNG; Tue, 19 Aug 2008 19:47:57 +0200 (CEST)
Received: from DEMAIL.docomolab-euro.com (demail.docomolab-euro.com [172.27.20.3]) by deprox.docomolab-euro.com (Postfix) with ESMTP; Tue, 19 Aug 2008 19:47:56 +0200 (CEST)
Received: from [192.168.99.36] ([192.168.99.36]) by DEMAIL.docomolab-euro.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 19 Aug 2008 19:47:54 +0200
Message-ID: <48AB074E.1000604@googlemail.com>
Date: Tue, 19 Aug 2008 19:47:58 +0200
From: Julien Laganier <julien.laganier.IETF@googlemail.com>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Lauri Silvennoinen <ljsilven@cc.hut.fi>
References: <Pine.OSF.4.64.0808141955110.142735@kosh.hut.fi> <48A9A97D.6010701@googlemail.com> <Pine.OSF.4.64.0808191814110.362556@kosh.hut.fi>
In-Reply-To: <Pine.OSF.4.64.0808191814110.362556@kosh.hut.fi>
X-OriginalArrivalTime: 19 Aug 2008 17:47:54.0598 (UTC) FILETIME=[B552C060:01C90223]
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] HIP Registration Extension
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: hipsec-bounces@ietf.org
Errors-To: hipsec-bounces@ietf.org
Hi Lauri, Some more thougths... Lauri Silvennoinen wrote: > On Mon, 18 Aug 2008, Julien Laganier wrote: >> >> Ok for the usecase, but shouldn't this be considered as an error from >> the MN. The MN implementation supposedly knows that RVS and ICE are >> exclusive, and shouldn't try to register for both at the same time on >> the same node. > > It can and should be considered as an error from the Requester. However, > this does not mean that the Requester cannot send such a message. I'm > mostly concerned about the server implementation in all of the issues. > Thus the question is: how does the server respond to a registration > attempt having services that cannot co-exist. RFC 5203 does not provide > instructions for this. Are you suggesting that the server should just > silently drop such a request? If so, this should be put in clear text > into the RFC. I think since the RFC allows the server to cancel the earlier registration (sending >>> ... >> >> In that case, wouldn't be needed to signal to the MN which types of >> registration have to be canceled for the requested one to be granted? >> > > This would be even better, but then we would need individual Failure Types > for each registration that needs to be cancelled. So instead of > > Failure Type Reason > ------------ -------------------------------------------- > 2 Cancellation required > > we would have for example: > > Failure Type Reason > ------------ -------------------------------------------- > 101 RVS Cancellation required > 102 HIP RELAY Cancellation required > 103 ... > ... > > This could get too complicated when the number of HIP services (and HIP > service related specifications) increases. So I would stick to the > single "Cancellation required" value instead and let it be local policy > at the Requester to know which services cannot co-exist. Either way, > isn't it better to signal "Cancellation required" than "Registration > requires additional credentials" or "Registration type unavailable" (or > to remain silent) in this case? > >>> ... but nothing is said about multiple REG_INFOs in the draft. >> >> Thus an additional specification would be required it seems. > > Yes. > >>> 2) How to handle REG_REQUEST, REG_RESPONSE and REG_FAILED parameters >>> that >>> have redundant services? These parameters are of the following form: >>> ... >> >> I consider this as broken behavior from the registrar side, but anyway >> it seems the MN could simply ignore duplicates Reg types with no harm. > > Broken behavior yes, but again, the RFC does not state in clear text how > to handle such a case. If a REG_REQUEST has redundant services, then > it's broken behavior at the Requester side. If a REG_RESPONSE or a > REG_FAILED has redundant services, then it's broken behavior at the > Registrar side. I suggest the following: > > The REG_REQUEST case i.e. the client has requested redundant services. > The server should not allow any broken behavior from the client. > Therefore the whole packet having redundant services should be just > silently dropped. Note that the process of handling the REG_REQUEST > parameter at the server involves the creation of some kind of > registration state and that this creation can be time and resource > consuming. > > The REG_RESPONSE and REG_FAILED cases i.e. the server has granted/denied > redundant services. This should be a local policy issue at the client. > If the server shows broken behavior, the client can always choose to use > another server. > >>> 3) What happens if registration cancellation does not succeed? In >>> Section >>> 5 it is said: >>> ... >> >> Again that would be broken behavior from the registrar side, we have a >> SHOULD there. If it doesn't do so, then it either doesn't reply or >> send REG_FAILED, in any case the MN would not be be mistaken in >> believing the cancellation was successful. > > Perhaps this could be clarified by saying "The Requester cannot assume > that the cancellation was successful until it receives a REG_RESPONSE > with a zero lifetime." > >> Do you think more text is needed? > > Yes, at least for the "Reg Types" with different "Min Lifetime" / "Max > Lifetime" / "Lifetime" values. > > -Lauri _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] HIP Registration Extension (fwd) Lauri Silvennoinen
- Re: [Hipsec] HIP Registration Extension (fwd) Julien Laganier
- Re: [Hipsec] HIP Registration Extension Lauri Silvennoinen
- Re: [Hipsec] HIP Registration Extension Julien Laganier
- Re: [Hipsec] HIP Registration Extension Julien Laganier
- Re: [Hipsec] HIP Registration Extension Lauri Silvennoinen
- Re: [Hipsec] HIP Registration Extension Julien Laganier