Re: [hiprg] draft-irtf-hip-experiment-10 review
Ari Keranen <ari.keranen@nomadiclab.com> Wed, 02 March 2011 12:41 UTC
Return-Path: <ari.keranen@nomadiclab.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A445E3A67F3 for <hiprg@core3.amsl.com>; Wed, 2 Mar 2011 04:41:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ai68HucM93Cj for <hiprg@core3.amsl.com>; Wed, 2 Mar 2011 04:41:32 -0800 (PST)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 67EF73A67EC for <hiprg@irtf.org>; Wed, 2 Mar 2011 04:41:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id CBD9E4E6D7; Wed, 2 Mar 2011 14:42:32 +0200 (EET)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id awMJgxd5wWbt; Wed, 2 Mar 2011 14:42:32 +0200 (EET)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by gw.nomadiclab.com (Postfix) with ESMTP id 094E84E6BC; Wed, 2 Mar 2011 14:42:32 +0200 (EET)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Ari Keranen <ari.keranen@nomadiclab.com>
In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4CED25AF20@XCH-NW-10V.nw.nos.boeing.com>
Date: Wed, 02 Mar 2011 14:42:31 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <4AED97FB-E08F-4476-9BF2-0F6AE6BB63E5@nomadiclab.com>
References: <A7C7A8B4-FE51-4471-9674-0A5AC54CCC6B@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4CED25AF20@XCH-NW-10V.nw.nos.boeing.com>
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
X-Mailer: Apple Mail (2.1082)
Cc: "hiprg@irtf.org" <hiprg@irtf.org>
Subject: Re: [hiprg] draft-irtf-hip-experiment-10 review
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2011 12:41:33 -0000
Hi Tom, On Mar 1, 2011, at 7:32 AM, Henderson, Thomas R wrote: >> -----Original Message----- >> From: Ari Keranen [mailto:ari.keranen@nomadiclab.com] >> Sent: Monday, February 28, 2011 8:56 AM >> To: hiprg@irtf.org >> Cc: Henderson, Thomas R >> Subject: draft-irtf-hip-experiment-10 review >> >> Hi, >> >> I finally managed to have look at the experiment report doc. Here's >> some comments and nits: >> >> >> 1.1. What is HIP? >> >> Could mention that Standards Track work has been started (in the end of >> the section). >> >> >> 1.2. Scope >> >> During the timeframe of this report (2004-09), >> >> s/09/2011/ >> >> >> 2.3.8. Interactions with host firewalls >> >> When using HIP over UDP, the host needs to open >> just port 10500 in practice. >> >> This seems to imply that inbound unsolicited packets to 10500 would be >> needed, which is not the case as long as ICE is used (except for the >> HIP relay server). I'd rather say something like "the firewall needs to >> allow outbound UDP packets and responses to them". >> >> > > Ari, thanks for the review. The reason that the document still says 2009 is that it mainly stopped receiving substantial inputs since that time, so to avoid confusion, I propose to rephrase: "During the period of time in which the bulk of this report was drafted (2004-2009), ..." OK, that makes sense. > I'll make the other two changes suggested above in the next revision (-11), and I have a few more changes to add that Miika suggested. > > I am waiting to receive inputs on the question I posed recently about privacy and identity theft vulnerability of the DH exchange, before revising that section and publishing the -11 version. Yesterday I posed a question on the crypto-forum research group list (http://www.ietf.org/mail-archive/web/cfrg/current/msg02919.html) and I've received some feedback there. Pekka also pointed me to the 2004 paper on BLIND, which I'll review again. Based on the discussion there, it seems that at least the "vulnerable to identity theft" part should be rephrased. Perhaps something like "can't hide the identity" would be more appropriate. Cheers, Ari
- [hiprg] draft-irtf-hip-experiment-10 review Ari Keranen
- Re: [hiprg] draft-irtf-hip-experiment-10 review Henderson, Thomas R
- Re: [hiprg] draft-irtf-hip-experiment-10 review Ari Keranen