Re: [hiprg] HIP experiment report comment on opportunistic mode

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Fri, 09 December 2011 05:35 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hiprg@ietfa.amsl.com
Delivered-To: hiprg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC33811E808B for <hiprg@ietfa.amsl.com>; Thu, 8 Dec 2011 21:35:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.149
X-Spam-Level:
X-Spam-Status: No, score=-106.149 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VvRJpRDtQTI6 for <hiprg@ietfa.amsl.com>; Thu, 8 Dec 2011 21:35:47 -0800 (PST)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by ietfa.amsl.com (Postfix) with ESMTP id D475B11E8090 for <hiprg@irtf.org>; Thu, 8 Dec 2011 21:35:47 -0800 (PST)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id pB95Ze5B027388 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 8 Dec 2011 23:35:41 -0600 (CST)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id pB95ZPI5012819; Thu, 8 Dec 2011 21:35:25 -0800 (PST)
Received: from XCH-NWHT-09.nw.nos.boeing.com (xch-nwht-09.nw.nos.boeing.com [130.247.25.115]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id pB95ZNKR012801 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Thu, 8 Dec 2011 21:35:24 -0800 (PST)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-09.nw.nos.boeing.com ([130.247.25.115]) with mapi; Thu, 8 Dec 2011 21:35:23 -0800
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: "'Miika Komu'" <mkomu@cs.hut.fi>, "hiprg@irtf.org" <hiprg@irtf.org>
Date: Thu, 8 Dec 2011 21:35:22 -0800
Thread-Topic: [hiprg] HIP experiment report comment on opportunistic mode
Thread-Index: Acy0KP1pz99GLa+RRhmDQGL8frNzfQCCFXrw
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CF2319C37@XCH-NW-10V.nw.nos.boeing.com>
References: <7CC566635CFE364D87DC5803D4712A6C4CF2319C0B@XCH-NW-10V.nw.nos.boeing.com> <4C5F6BED-99D0-4335-AF51-4FE416D0350E@cs.rwth-aachen.de> <4EDE2FF9.6020502@cs.hut.fi>
In-Reply-To: <4EDE2FF9.6020502@cs.hut.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [hiprg] HIP experiment report comment on opportunistic mode
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2011 05:35:49 -0000

> -----Original Message-----
> From: hiprg-bounces@irtf.org [mailto:hiprg-bounces@irtf.org] On Behalf
> Of Miika Komu
> Sent: Tuesday, December 06, 2011 7:09 AM
> To: hiprg@irtf.org
> Subject: Re: [hiprg] HIP experiment report comment on opportunistic
> mode
> 
> Hi,
> 
> On 12/06/2011 10:21 AM, Tobias Heer wrote:
> > Hi,
> >
> > Am 06.12.2011 um 09:01 schrieb Henderson, Thomas R:
> >
> >> I would like to respond to one of Stephen Farrell's comment on the
> >> HIP experiment report:
> >>
> >> http://datatracker.ietf.org/doc/draft-irtf-hip-experiment/ballot/
> >>
> >> The comment is:
> >>
> >> " - I wondered what were the "controversial experiences" on p10.
> >> Seems a shame to tease the reader like that."
> >>
> >> The relevant section of text is:
> >>
> >> In the context of the HIPL project, the opportunistic mode has
> >> been successfully applied at the HIP layer for service
> >> registration [RFC5203].  However, there are controversial
> >> experiences on applying opportunistic mode at the application layer
> >> for legacy software. HIP4BSD implemented opportunistic mode
> >> successfully with small modifications to the FreeBSD socket layer
> >> to support opportunistic mode.
> >>
> >> Could someone elaborate on the controversial experience (and
> >> perhaps provide a reference)?  Note that elsewhere in the report
> >> (section 2.3.2), the disadvantages and "leap of faith" aspects of
> >> opportunistic mode are elaborated on, so I'm wondering whether the
> >> reference to controversial experiences goes beyond the
> >> disadvantages already listed in section 2.3.2 (or whether we could
> >> instead strike those words from the draft and refer back to that
> >> section).
> >>
> > As far as I can tell, we in Aachen have not used the opportunistic
> > mode extensively. Miika seemed to have used it/struggled with it
> > quite a bit. Maybe he has some comments on this.
> 
> we implemented opportunistic HIP mode at two different levels in Linux:
> 
> i. As an intercepting SHIM library between the application and the libc
> socket calls implementations using LD_PRELOAD
> ii. As an intercepting SHIM layer between transport and network layers
> using iptables
> 
> While the implementation was a success, it was not far from ready for
> production use and we decided to remove the data plane part from the
> implementation. However, the control planet part (opportunistic base
> exchange) is still left and can be used e.g. for registering for
> rendezvous.
> 
> So I guess the "controversial" means perhaps that the data plane
> processing was more difficult to implement on Linux than on BSD, I
> suggest rewriting something along these lines or just referencing the
> paper for details (you have the reference already in the draft).

OK, I will delete the sentence mentioning controversy, and add a sentence at the end of the paragraph that states:  "However, the Linux implementation was more challenging as described below."  The following two paragraphs already go into the details.

> 
> Btw, I would appreciate if you could reference also the following paper
> in the report:
> 
> Kristiina Karvonen, Miika Komu and Andrei Gurtov, Usable Security
> Management with Host Identity Protocol, published in The 7th ACS/IEEE
> International Conference on Computer Systems and Applications (AICCSA-
> 2009)
> 
> It supplements opportunistic and normal HIP experiments with usability
> test results. We also report experiences from using a graphical end-
> host
> firewall. I would kindly ask a reference, e.g., to section 2.3.2:
> 
> "...or by prompting the user using a graphical interface to explicitly
> accept the connection [REF]."

Thanks, I was not aware of this interesting paper.  Will be added to the -15 draft.

- Tom