Re: [hiprg] HIP experiment report comment on opportunistic mode
"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Fri, 09 December 2011 05:35 UTC
Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hiprg@ietfa.amsl.com
Delivered-To: hiprg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC33811E808B for <hiprg@ietfa.amsl.com>; Thu, 8 Dec 2011 21:35:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.149
X-Spam-Level:
X-Spam-Status: No, score=-106.149 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VvRJpRDtQTI6 for <hiprg@ietfa.amsl.com>; Thu, 8 Dec 2011 21:35:47 -0800 (PST)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by ietfa.amsl.com (Postfix) with ESMTP id D475B11E8090 for <hiprg@irtf.org>; Thu, 8 Dec 2011 21:35:47 -0800 (PST)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id pB95Ze5B027388 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 8 Dec 2011 23:35:41 -0600 (CST)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id pB95ZPI5012819; Thu, 8 Dec 2011 21:35:25 -0800 (PST)
Received: from XCH-NWHT-09.nw.nos.boeing.com (xch-nwht-09.nw.nos.boeing.com [130.247.25.115]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id pB95ZNKR012801 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Thu, 8 Dec 2011 21:35:24 -0800 (PST)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-09.nw.nos.boeing.com ([130.247.25.115]) with mapi; Thu, 8 Dec 2011 21:35:23 -0800
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: 'Miika Komu' <mkomu@cs.hut.fi>, "hiprg@irtf.org" <hiprg@irtf.org>
Date: Thu, 08 Dec 2011 21:35:22 -0800
Thread-Topic: [hiprg] HIP experiment report comment on opportunistic mode
Thread-Index: Acy0KP1pz99GLa+RRhmDQGL8frNzfQCCFXrw
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CF2319C37@XCH-NW-10V.nw.nos.boeing.com>
References: <7CC566635CFE364D87DC5803D4712A6C4CF2319C0B@XCH-NW-10V.nw.nos.boeing.com> <4C5F6BED-99D0-4335-AF51-4FE416D0350E@cs.rwth-aachen.de> <4EDE2FF9.6020502@cs.hut.fi>
In-Reply-To: <4EDE2FF9.6020502@cs.hut.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [hiprg] HIP experiment report comment on opportunistic mode
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2011 05:35:49 -0000
> -----Original Message----- > From: hiprg-bounces@irtf.org [mailto:hiprg-bounces@irtf.org] On Behalf > Of Miika Komu > Sent: Tuesday, December 06, 2011 7:09 AM > To: hiprg@irtf.org > Subject: Re: [hiprg] HIP experiment report comment on opportunistic > mode > > Hi, > > On 12/06/2011 10:21 AM, Tobias Heer wrote: > > Hi, > > > > Am 06.12.2011 um 09:01 schrieb Henderson, Thomas R: > > > >> I would like to respond to one of Stephen Farrell's comment on the > >> HIP experiment report: > >> > >> http://datatracker.ietf.org/doc/draft-irtf-hip-experiment/ballot/ > >> > >> The comment is: > >> > >> " - I wondered what were the "controversial experiences" on p10. > >> Seems a shame to tease the reader like that." > >> > >> The relevant section of text is: > >> > >> In the context of the HIPL project, the opportunistic mode has > >> been successfully applied at the HIP layer for service > >> registration [RFC5203]. However, there are controversial > >> experiences on applying opportunistic mode at the application layer > >> for legacy software. HIP4BSD implemented opportunistic mode > >> successfully with small modifications to the FreeBSD socket layer > >> to support opportunistic mode. > >> > >> Could someone elaborate on the controversial experience (and > >> perhaps provide a reference)? Note that elsewhere in the report > >> (section 2.3.2), the disadvantages and "leap of faith" aspects of > >> opportunistic mode are elaborated on, so I'm wondering whether the > >> reference to controversial experiences goes beyond the > >> disadvantages already listed in section 2.3.2 (or whether we could > >> instead strike those words from the draft and refer back to that > >> section). > >> > > As far as I can tell, we in Aachen have not used the opportunistic > > mode extensively. Miika seemed to have used it/struggled with it > > quite a bit. Maybe he has some comments on this. > > we implemented opportunistic HIP mode at two different levels in Linux: > > i. As an intercepting SHIM library between the application and the libc > socket calls implementations using LD_PRELOAD > ii. As an intercepting SHIM layer between transport and network layers > using iptables > > While the implementation was a success, it was not far from ready for > production use and we decided to remove the data plane part from the > implementation. However, the control planet part (opportunistic base > exchange) is still left and can be used e.g. for registering for > rendezvous. > > So I guess the "controversial" means perhaps that the data plane > processing was more difficult to implement on Linux than on BSD, I > suggest rewriting something along these lines or just referencing the > paper for details (you have the reference already in the draft). OK, I will delete the sentence mentioning controversy, and add a sentence at the end of the paragraph that states: "However, the Linux implementation was more challenging as described below." The following two paragraphs already go into the details. > > Btw, I would appreciate if you could reference also the following paper > in the report: > > Kristiina Karvonen, Miika Komu and Andrei Gurtov, Usable Security > Management with Host Identity Protocol, published in The 7th ACS/IEEE > International Conference on Computer Systems and Applications (AICCSA- > 2009) > > It supplements opportunistic and normal HIP experiments with usability > test results. We also report experiences from using a graphical end- > host > firewall. I would kindly ask a reference, e.g., to section 2.3.2: > > "...or by prompting the user using a graphical interface to explicitly > accept the connection [REF]." Thanks, I was not aware of this interesting paper. Will be added to the -15 draft. - Tom
- [hiprg] HIP experiment report comment on opportun… Henderson, Thomas R
- Re: [hiprg] HIP experiment report comment on oppo… Tobias Heer
- Re: [hiprg] HIP experiment report comment on oppo… Miika Komu
- Re: [hiprg] HIP experiment report comment on oppo… Henderson, Thomas R