[hiprg] comments on HIP for RF-ID

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Wed, 14 April 2010 17:00 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9560428C22D for <hiprg@core3.amsl.com>; Wed, 14 Apr 2010 10:00:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.184
X-Spam-Level:
X-Spam-Status: No, score=-4.184 tagged_above=-999 required=5 tests=[AWL=-0.185, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3H7OTCxSD5TG for <hiprg@core3.amsl.com>; Wed, 14 Apr 2010 10:00:53 -0700 (PDT)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 227BA3A69C5 for <hiprg@irtf.org>; Wed, 14 Apr 2010 10:00:49 -0700 (PDT)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id o3EH0XRb012170 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 14 Apr 2010 10:00:34 -0700 (PDT)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id o3EH0XFh018301; Wed, 14 Apr 2010 10:00:33 -0700 (PDT)
Received: from XCH-NWHT-02.nw.nos.boeing.com (xch-nwht-02.nw.nos.boeing.com [130.247.70.248]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id o3EH0XsD018287 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Wed, 14 Apr 2010 10:00:33 -0700 (PDT)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-02.nw.nos.boeing.com ([130.247.70.248]) with mapi; Wed, 14 Apr 2010 10:00:33 -0700
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: "'Pascal Urien'" <pascal.urien@gmail.com>
Date: Wed, 14 Apr 2010 10:00:33 -0700
Thread-Topic: comments on HIP for RF-ID
Thread-Index: Acq6O9fOKx+0JAVLSdSTMKmztk1mbAhsgx+Q
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CE8C2727D@XCH-NW-10V.nw.nos.boeing.com>
References: <Acq6J2P4xWlUrxk8RK+1eGLyYthwow==> <7CC566635CFE364D87DC5803D4712A6C4C1F48A838@XCH-NW-10V.nw.nos.boeing.com> <788eb8c41003021107g525180eaqce4659212236b8ca@mail.gmail.com>
In-Reply-To: <788eb8c41003021107g525180eaqce4659212236b8ca@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "hiprg@irtf.org" <hiprg@irtf.org>
Subject: [hiprg] comments on HIP for RF-ID
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2010 17:00:54 -0000

Pascal,

I reviewed your draft again yesterday:
http://tools.ietf.org/html/draft-urien-hip-tag-03

and had some questions and comments for the next revision.  As Andrei announced in March, we would like the RG to work on this topic.

- in Section 1.1, can you please describe a little bit more about the motivation for your draft.  Why doesn't the existing ONS and EPCIS provide adequate security services?

- in the first bullet under Figure 1, suggest to change "but don't include IP resources" to "but don't require end-to-end IP transport."

- HAT is described as a translator, but it says that HIP messages are encapsulated.  Is it a translator or encapsulator?

- in section 1.2, can you succinctly summarize the technical differences between RFC5201-based HIP, and HIP tags?

- in section 1 (perhaps a new section 1.3), can you differentiate HIP-tags from related work, such as BLIND?

- section 2, it is not clear who initiates the communication.  It describes that actions start when a reader detects the tag, but the I1-T is sent from the tag.

- section 2, it may help to either specify the encapsulation of the HIP messages (in a non-IP transport) or else state that it is out of scope

- what is used for signature of these initial packets?

- in section 2.2, can you explicitly state what values are used for HIT-I and HIT-R?

- in section 2.3, it would help to clarify exactly what is the security technique used to prevent the reader from interposing itself as a man-in-the-middle in this exchange.  what are the shared secrets that allow the security keys to be known only by the portal and tag?

- in section 2.4, R2-T is listed as optional, but this is a required packet in the base exchange.  If ESP is being used, is this R2-T required?  Can you clarify somewhere in the draft an example of a non-ESP use case?

- in section 3.1, it states that checksum is null but later examples show it being non-null-- please clarify.  Do you mean rather that HIP-Tags signs

- section 3.7, can you please clarify with technical details about how the signatures work in your protocol?

- I'd really like to see some material in the Security Considerations section.  What is the security model and threat model?  What is the risk of compromised shared secret and how mitigated?  What is the level of security (protection against brute-force attacks)?  Is there any protection against resource-depletion DoS attacks?

- (minor nit)-- section 8.1, the title for the normative reference is wrong