Re: [hiprg] RG last call on the DHT draft
"Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com> Mon, 26 July 2010 17:38 UTC
Return-Path: <jeffrey.m.ahrenholz@boeing.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C10C53A6C68 for <hiprg@core3.amsl.com>; Mon, 26 Jul 2010 10:38:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.999
X-Spam-Level:
X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_47=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HG25uoEc6gPq for <hiprg@core3.amsl.com>; Mon, 26 Jul 2010 10:38:13 -0700 (PDT)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id ACF973A6A53 for <hiprg@irtf.org>; Mon, 26 Jul 2010 10:37:58 -0700 (PDT)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id o6QHai1j007739 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 26 Jul 2010 12:36:44 -0500 (CDT)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id o6QHaiT3027653; Mon, 26 Jul 2010 12:36:44 -0500 (CDT)
Received: from XCH-NWHT-09.nw.nos.boeing.com (xch-nwht-09.nw.nos.boeing.com [130.247.25.115]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id o6QHahwB027639 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Mon, 26 Jul 2010 12:36:44 -0500 (CDT)
Received: from XCH-NW-12V.nw.nos.boeing.com ([130.247.25.248]) by XCH-NWHT-09.nw.nos.boeing.com ([130.247.25.115]) with mapi; Mon, 26 Jul 2010 10:36:43 -0700
From: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
To: 'Ari Keranen' <ari.keranen@nomadiclab.com>
Date: Mon, 26 Jul 2010 10:36:41 -0700
Thread-Topic: [hiprg] RG last call on the DHT draft
Thread-Index: Acsk7C2YjT82Qtd2STqEymmfnXRtVQH4MLbg
Message-ID: <FD98F9C3CBABA74E89B5D4B5DE0263B93795DA0F37@XCH-NW-12V.nw.nos.boeing.com>
References: <7CC566635CFE364D87DC5803D4712A6C4CE9716436@XCH-NW-10V.nw.nos.boeing.com> <4C4060CD.4040306@nomadiclab.com>
In-Reply-To: <4C4060CD.4040306@nomadiclab.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "hiprg@irtf.org" <hiprg@irtf.org>
Subject: Re: [hiprg] RG last call on the DHT draft
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2010 17:38:48 -0000
Ari, Thanks for your comments! Below I've replied inline about some changes made based on your review. This covers comments from both of your emails. -Jeff > Abbreviations in the title and abstract are not expanded. fixed - expanded DHT and HIT > s/provides/provided/ ? could go either way (Bamboo still exists but OpenDHT does not) but I changed to "provided" > The definitions below are taken from > <http://opendht.org/users-guide.html>. > > Should also some explaining text be taken from there since that user > guide doc may not be available later on? yes, I've added some explanatory text about the different fields > The return code 3 > indicates "failure" and is used for a modified OpenDHT > server that > performs signature and HIT verification. > > I think this needs more details (or a reference to the > section with more details). added reference to Section 4 > The server replies with an integer -- 0 for "success", > 1 if it is > "over capacity", and 2 indicating "try again". > > What does "over capacity" imply? Try again later? I added text from the OpenDHT users guide to explain these. > 3.1. HIP name to HIT lookup > > put(SHA-1("name", HDRR([CERT]), [SHA-1(secret)]) > > I suppose there should be a closing parenthesis after "name". > And same issue with rm? yes, good catch! fixed > By the way, why is SHA-1 of HDRR needed in remove? Some > OpenDHT specific feature? yes it is strange, this is dictated by OpenDHT; the remove is stored persistently by the DHT, some reasoning is available at the end of this FAQ: http://opendht.org/faq.html > If a certificate is included in this HIT record, the name used for > the DHT key should be listed in the certificate. > > Should define which certificate field should be used for the DHT key. added text about using the CN field of the DN of X.509.v3 certificate > The ttl_sec field specifies the number of seconds requested by the > client that the entry should be stored by the DHT server, which is > implementation dependent. > > Could the TTL be also policy dependent? yes, good point! added text "implementation or policy dependent" > 3.2. HIP address lookup > > HDRR(LOCATOR, SEQ, HOST_ID, [CERT], HIP_SIG) = get(HIT_KEY) > put(HIT_KEY, HDRR(LOCATOR, SEQ, HOST_ID, [CERT], HIP_SIG), > [SHA-1(secret)]) > rm(HIT_KEY, SHA-1(HDRR), secret) > > These API descriptions are a bit hard to parse if you are not > familiar > with the syntax. Perhaps having a short paragraph after each > operation > would help (slightly edited second paragraph of this section > would be OK > for the get). I added some introductory text about the syntax. I mention that the DHT operation is described in greater detail following the summarized notation. > Wouldn't the HIT_KEY be better simply defined as "last 100 > bits of the > HIT appended with 60 zero bits"? The current text with RFC4843 > definitions seems a bit confusing for such a simple thing. yes, good point, I simplified this definition per your suggestion > Overall, the definition of the "key" and HIT_KEY are somewhat > confusing. > The next table seems to imply that HIT_KEY simply the 100 > bits but later > in the section (after the tables) it is explained again. I removed all references to "100-bit HIT_KEY" and stuck with the one definition of HIT_KEY > typo: pusblished fixed > This note would be better already in the (end of?) section 2 > where the > "application" and "client_library" are used the first time. fixed this with added text in section 2 > 4. HDRR - the HIP DHT Resource Record > > HIP Header: > Packet Type = 20 DHT Resource Record (this value is TBD) > > This should probably be added to the IANA considerations section. added to the IANA considerations section > RFC 2119 language without the "terminology section". This > could also be > problematic considering the informational status of the draft. I dropped this RFC 2119 language > Missing a reference to the CERT draft. added references to the CERT draft > More instances of RFC 2119 language. I dropped this RFC 2119 language > If a secret value was not used, shouldn't the old HDRR be > still removed? the HDRR cannot be removed without a secret value (OpenDHT protocol limitation) > Abbreviations are not expanded (RVS, and perhaps NAT too) and > missing a > reference to the RVS RFC. Since we're talking about NATs, could also > mention HIP relay and RFC 5770. expanded RVS and added reference to RFC 5204. Even though a NATted host is mentioned, I don't feel we need to discuss RFC 5770 here, since it is supposed to be a simple example
- [hiprg] RG last call on the DHT draft Henderson, Thomas R
- Re: [hiprg] RG last call on the DHT draft Ari Keranen
- Re: [hiprg] RG last call on the DHT draft Ari Keranen
- Re: [hiprg] RG last call on the DHT draft Ahrenholz, Jeffrey M
- Re: [hiprg] RG last call on the DHT draft Ari Keranen