[Hipsec-rg] comments on draft-heer-hip-middle-auth-01
Jan.Melen at nomadiclab.com (Jan Mikael Melen) Tue, 30 September 2008 20:45 UTC
From: "Jan.Melen at nomadiclab.com"
Date: Tue, 30 Sep 2008 23:45:40 +0300
Subject: [Hipsec-rg] comments on draft-heer-hip-middle-auth-01
In-Reply-To: <2898C925-ADDB-4838-8213-6A93670712D6@cs.rwth-aachen.de>
References: <77F357662F8BFA4CA7074B0410171B6D07B0B7D7@XCH-NW-5V1.nw.nos.boeing.com> <2898C925-ADDB-4838-8213-6A93670712D6@cs.rwth-aachen.de>
Message-ID: <48E28FF4.4090806@nomadiclab.com>
Hi Tobias,
I think that no one can give you a definitive answer whether HIP aware
middleboxes will ever exist or not. The thing is that it is really
dependent on the fact whether HIP ever gets deployed in large scale or
not? I personally am still betting on the fact that HIP will eventually
be deployed due to fact that it still has a lot of good features nicely
packaged into a single protocol so from that perspective I do support
the work you are doing. It even seems that a lot of people in the IETF
are looking into HIP and HIP kind of solutions. In the last IETF I heard
HIP mentioned several times but still in the same comments there was a
lot of hesitation on the deployment issue. But as you probably have also
noted from the previous meetings, the HIP-RG and WG discussion are
really dead and we really must find a user for HIP (meaning new people
in to RG and WG meetings) otherwise I think that the collaboration you
are expecting is not going to be as fruitful as you would like it to be.
Btw. Latest twist on the ID/Loc issue began from Dublin where in the RRG
meeting during the Joe Halperns Id/Loc split presentation a question was
raised why not push down the FQDN in to the stack. This is not really a
new idea but first time I've heard some serious discussion on the topic
if you want to know more go and see the mailing archive of RRG.
Just my few cents,
Jan
Tobias Heer wrote:
> Hello Thomas,
>
> Thanks for raising the discussion again. I am of course willing to
> continue to work on the draft in any way. However, I would prefer to
> continue in close collaboration with the RG or the WG as their input
> means a lot to me.
>
> I guess the question whether to pursue the draft is essentially the
> question if HIP should be used for path-coupled signaling to
> middleboxes (i.e., expect that at some point in time there will be
> middleboxes that inspect HIP payload and use the HI namespace).
> Therefore, I would be interested if the RG thinks that using the HI
> namespace by on-path HIP-aware nodes is useful/desired/necessary or
> not. If so, is the approach that the draft takes a good one or should
> we reconsider?
>
> Input from the list is very appreciated.
>
> Thanks in advance,
>
> Tobias
>
>
>
>
>
>
> Am 03.09.2008 um 17:56 schrieb Henderson, Thomas R:
>
>> I'd like to solicit some comments on
>> http://tools.ietf.org/id/draft-heer-hip-middle-auth-01.txt
>>
>> Tobias has presented this draft a couple of times now, and at the end of
>> the last RG meeting was asking whether the HIPRG wanted to continue to
>> work on this topic.
>>
>> There was some discussion of this draft in January in which Julien asked
>> for clarification of what security service we want to provide, and what
>> are the requirements being addressed, since it was pointed out that
>> authentication of the base exchange was not carrying over to the ESP
>> data flows. Section 4 of the updated draft responds to this request.
>>
>> As a matter of procedure, there are a few directions the RG can take
>> with respect to this or any draft within scope of our charter:
>> 1) agree to take on the draft as a RG item and try to publish it as a RG
>> draft, according to the process being defined in
>> http://tools.ietf.org/id/draft-irtf-rfcs-01.txt
>> 2) recommend to the HIP WG that they take the draft
>> 3) decline to take the draft and recommend to the authors to publish it
>> as an independent submission
>>
>> If we agree to 1), we will need to come to some RG consensus on the
>> draft and willingness to work on it through the publication process.
>>
>> Comments?
>>
>> Tom
>> _______________________________________________
>> Hipsec-rg mailing list
>> Hipsec-rg at listserv.cybertrust.com
>> https://listserv.cybertrust.com/mailman/listinfo/hipsec-rg
>
>
>
>
> -- Dipl.-Inform. Tobias Heer, Ph.D. Student
> Distributed Systems Group
> RWTH Aachen University, Germany
> http://ds.cs.rwth-aachen.de/members/heer
>
>
>
>
>
> _______________________________________________
> Hipsec-rg mailing list
> Hipsec-rg at listserv.cybertrust.com
> https://listserv.cybertrust.com/mailman/listinfo/hipsec-rg
>
>
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… Henderson, Thomas R
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… Jan Mikael Melen
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… Miika Komu
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… Tobias Heer
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… Varjonen Samu
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… Joakim Koskela
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… "René Hummen"
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… Henderson, Thomas R
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… Henderson, Thomas R
- [Hipsec-rg] comments on draft-heer-hip-middle-aut… Henderson, Thomas R