[hiprg] comments on draft-irtf-hip-experiment-10
"Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com> Thu, 03 March 2011 16:37 UTC
Return-Path: <jeffrey.m.ahrenholz@boeing.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9F0833A68B9 for <hiprg@core3.amsl.com>; Thu, 3 Mar 2011 08:37:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.2
X-Spam-Level:
X-Spam-Status: No, score=-6.2 tagged_above=-999 required=5 tests=[AWL=-0.399, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2fwypTke+oCl for <hiprg@core3.amsl.com>; Thu, 3 Mar 2011 08:36:58 -0800 (PST)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id 6BB353A67F1 for <hiprg@irtf.org>; Thu, 3 Mar 2011 08:36:58 -0800 (PST)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id p23Gc5I9013005 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <hiprg@irtf.org>; Thu, 3 Mar 2011 10:38:06 -0600 (CST)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id p23Gc5OB027970 for <hiprg@irtf.org>; Thu, 3 Mar 2011 10:38:05 -0600 (CST)
Received: from XCH-NWHT-01.nw.nos.boeing.com (xch-nwht-01.nw.nos.boeing.com [130.247.70.222]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id p23Gc4qb027931 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for <hiprg@irtf.org>; Thu, 3 Mar 2011 10:38:05 -0600 (CST)
Received: from XCH-NW-12V.nw.nos.boeing.com ([130.247.25.246]) by XCH-NWHT-01.nw.nos.boeing.com ([130.247.70.222]) with mapi; Thu, 3 Mar 2011 08:38:04 -0800
From: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
To: "hiprg@irtf.org" <hiprg@irtf.org>
Date: Thu, 03 Mar 2011 08:38:15 -0800
Thread-Topic: comments on draft-irtf-hip-experiment-10
Thread-Index: AcvZwWTBuubYa4lFTqOxV5AfccjZJw==
Message-ID: <FD98F9C3CBABA74E89B5D4B5DE0263B9379AA9ED4A@XCH-NW-12V.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [hiprg] comments on draft-irtf-hip-experiment-10
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2011 16:37:00 -0000
I reviewed the experiment report, below are some suggestions.
-Jeff
Section 2
replace "Windows XP and Vista" with "Windows XP/Vista/7"
Section 2.1.1
s/could potentially allow all implementations/all Linux implementations/
Section 2.3.1
For option 5) "DNS proxy supporting RFC5205", this should be changed to more generally cover RFC5205. The DNS proxy technique is distinct from storing HIP RR in a modified DNS server.
Section 2.3.2
s/leap of feath/leap of faith/
s/there is not/there is no/ ?
Section 2.3.2
May want to add a statement about OpenHIP and opportunistic mode:
The OpenHIP project experimented with opporunistic mode through the use of an
opportunistic (-o) option. For the responder, this option determines whether or not HIP accepts I1s received with a zeroed receiver's HIT. On the initiator's side, this option allows one to configure a name and LSI in the known Host Identities file. When the HIT field is missing, an I1 is sent with a zeroed receiver's HIT. The LSI is needed by an IPv4 application to trigger the association. Note that normally the LSI used is based on the bottom 24 bits of the HIT, but in the case of opportunistic mode, the HIT is unknown; thus the LSI may differ from the HIT.
Section 2.3.7
regarding the Boeing pilot project:
s/certificates are planned to be generated/certificates were generated/
also add reference to cert spec:
Use of certificates in HIP requires extensions to
the HIP specifications [ID.ietf-hip-cert].
(and freshen the reference to -09 revision)
Section 3.4
Seems there is an extra [RFC5204] reference in the first sentence.
Section 4.1
s/Another unexperimented way to transparently use HIP is/
Another method for transparently using HIP, which has no implementation experience, is/
may want a reference here to draft-irtf-hiprg-proxies-01 here
Section 5.1
s/insert it to/insert it into/
Section 5.2
2nd paragraph regarding low-power devices cites a mobiarch paper but nowhere references DEX (Diet-Exchange) draft-moskowitz-hip-rg-dex-04
Section 5.3
may revise text with:
Furthermore, legacy firewalls often disallow IPsec traffic and drop
HIP control packets, if UDP encapsulation is not used.
s/reputation purposes/non-repudiation purposes/
Section 5.4
s/implemented HIP firewall/implemented a HIP-aware firewall/
may want reference to draft-heer-hip-middle-auth-02
Section 6
Nowhere mentions the use of anonymous HITs with regards to privacy issues.
- [hiprg] comments on draft-irtf-hip-experiment-10 Ahrenholz, Jeffrey M