IETF Logo Mail Archive

[Hipsec] DEX parameters and parameter usage (was: Updating parameter type values for VIA and BONE drafts)

Tobias Heer <heer@cs.rwth-aachen.de> Wed, 14 July 2010 14:18 UTC

Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6672F3A6950 for <hipsec@core3.amsl.com>; Wed, 14 Jul 2010 07:18:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.501
X-Spam-Level:
X-Spam-Status: No, score=-3.501 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id scnZ5fJYbEb0 for <hipsec@core3.amsl.com>; Wed, 14 Jul 2010 07:18:45 -0700 (PDT)
Received: from mta-2.ms.rz.rwth-aachen.de (mta-2.ms.rz.RWTH-Aachen.DE [134.130.7.73]) by core3.amsl.com (Postfix) with ESMTP id 5207A3A68DB for <hipsec@ietf.org>; Wed, 14 Jul 2010 07:18:45 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-2.rz.rwth-aachen.de ([134.130.5.41]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0L5J00G5CX3I5HH0@mta-2.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Wed, 14 Jul 2010 16:18:54 +0200 (CEST)
X-IronPort-AV: E=Sophos;i="4.55,202,1278280800"; d="scan'208";a="34683487"
Received: from relay-auth-2.ms.rz.rwth-aachen.de (HELO relay-auth-2) ([134.130.7.79]) by ironport-in-2.rz.rwth-aachen.de with ESMTP; Wed, 14 Jul 2010 16:18:54 +0200
Received: from [137.226.12.157] ([unknown] [137.226.12.157]) by relay-auth-2.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0L5J00GFJX3I3K30@relay-auth-2.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Wed, 14 Jul 2010 16:18:54 +0200 (CEST)
From: Tobias Heer <heer@cs.rwth-aachen.de>
In-reply-to: <4C3DBA1B.7060308@htt-consult.com>
Date: Wed, 14 Jul 2010 16:19:05 +0200
Message-id: <82291E08-91E0-4913-937B-2C7B578481DC@cs.rwth-aachen.de>
References: <4C3C7661.4000408@nomadiclab.com> <3C59C310-9904-418D-AE52-F1E9891D89C8@cs.rwth-aachen.de> <4C3DBA1B.7060308@htt-consult.com>
To: HIP WG <hipsec@ietf.org>
X-Mailer: Apple Mail (2.1081)
Subject: [Hipsec] DEX parameters and parameter usage (was: Updating parameter type values for VIA and BONE drafts)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2010 14:18:47 -0000

Hello Robert,

Am 14.07.2010 um 15:22 schrieb Robert Moskowitz:

> On 07/14/2010 03:03 AM, Tobias Heer wrote:
>> Hello Ari,
>> 
>> Am 13.07.2010 um 16:21 schrieb Ari Keranen:
>> 
>>   
>>> Hi all,
>>> 
>>> As discussed in the other thread, instead of adding new parameters to the 0-1023 range, we should rather use higher ranges for "non-essential" type of extensions. Currently the text in RFC5201 about the ranges says:
>>> 
>>>   Parameters numbered between 0-1023 are used in HIP
>>>   handshake and update procedures and are covered by signatures.
>>>   Parameters numbered between 1024-2047 are reserved.  Parameters
>>>   numbered between 2048-4095 are used for parameters related to HIP
>>>   transform types.  Parameters numbered between 4096 and (2^16 - 2^12)
>>>   61439 are reserved.
>>> 
>>> The VIA and BONE extensions are not actually "handshake and update procedures", or "essential stuff", but we originally put the signed parameters OVERLAY_ID [1] and ROUTE_DST [2] there since the other possible ranges, according to the text above, were "reserved".
>>> 
>>> However, better approach would be to use a higher range for this kind of extensions. For example, 4096-16383. Latest version of HICCUPS [3] already uses that range and we were planning to move the OVERLAY_ID and ROUTE_DST parameters there too (values 4592 and 4600, respectively), unless someone objects.
>>>     
>> I agree that the current assignments are way to coarse grained. However, I am not really convinced that putting all extensions into one big bucket is the solution we want. Right now we have a grouping based on functionality and security requirements (signed/unsigned, BEX, other stuff). I like that approach (and would like it even better if it was a bit more fine grained) because it allows implementors to classify parameters easily. Putting every extension into the same range would mean that you can only distinguish between extension and non-extension. I would rather try to come up with a sensible allocation based on functions (although I don't have one at hand right now).
>> 
>> Maybe this could be one agenda item for the 5201-bis document crafting session?
> 
> In HIP DEX I have a HIP_MAC_3 parameter since its MACing rules are different than HIP_MAC or HIP_MAC_2.  So do I use the type +1 of HIP_MAC_2 or some other range?

+1 implies that the HIP_MAC_3 is not critical. Is this the case? Otherwise, +2 would be appropriate. Some spacing might not hurt either.

> 
> I need an ENCRYPTED parameter but it has a much different content than what HIP BEX is encrypting.  Do I use the same parameter or make a different one?

I would suggest to use a different one if it does something different.
> 
> In HIP DEX R1, I2, R2, UPDATE, NOTIFY, and CLOSE have different constructions.  R1, I2, R2 should not be a problem using the same Packet Type, by the HIP_SUITE_ID you know you are doing HPI DEX.  But what about UPDATE, NOTIFY, and CLOSE?  Is the HIP_SUITE_ID enough information to process them appropriately?  (note that the difference is they lack a HIP_SIGNATURE parameter, as DEX cannot do a signing operation).
> 
I believe the packet types should stay the same as long as the function is identical. They may have different parameters but no implementation will ever run into the problem of having to handle a Diet HIP CLOSE, UPDATE or NOTIFY if it does not complete a DEX first. Of course it could receive such packet as result of an error but that would just be a malformed packet then, right? 


> Then there is the HIP RFID ID.  How should the parameters there be numbered and what about the Packet Types?

It is difficult to answer this question without knowing the actual differences between HIP BEX and the RFID thing.

> 
> As I look at the evolving HIP Exchange 'family', I see we are able to target different classes of computing entities.  This is goodness and I am looking forward to pushing this concept in a number of venues.
> 
> HIP BEX     -     For REAL computing platforms, PCs, PDA, Network Infrastructure things
> HIP DEX     -     For constrained sensors and embedded processors
> HIP TEX     -      (what I am calling the RFID exchange, I don't like REX, it is for any tag object)
> 
> I am thinking of reworking a part of 4423-bis to discuss a family of exchanges beyond just the Base EXchange.
> 
I would be cautious not to stretch this too far. It makes sense to be flexible but engineered flexibility often comes at the price of complexity. I think there should be a good amount of overlap between the concepts and technical solutions of BEX, DEX, and TEX to really state that they are all HIP.

Tobias

> 




-- 
Dipl.-Inform. Tobias Heer, Ph.D. Student
Distributed Systems Group 
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer
blog: http://dtobi.wordpress.com/
card: http://card.ly/dtobi

v2.29.0 | Report a Bug | By Email | System Status