Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-12.txt

Miika Komu <miika.komu@ericsson.com> Thu, 30 June 2016 16:07 UTC

Return-Path: <miika.komu@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D6F512D1E4 for <hipsec@ietfa.amsl.com>; Thu, 30 Jun 2016 09:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KhXpjLA4uwZZ for <hipsec@ietfa.amsl.com>; Thu, 30 Jun 2016 09:07:03 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B074E12DAC7 for <hipsec@ietf.org>; Thu, 30 Jun 2016 09:07:00 -0700 (PDT)
X-AuditID: c1b4fb3a-f79386d00000467b-6c-577543a2c7e2
Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.183.69]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id AE.99.18043.2A345775; Thu, 30 Jun 2016 18:06:58 +0200 (CEST)
Received: from [131.160.51.22] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.71) with Microsoft SMTP Server id 14.3.294.0; Thu, 30 Jun 2016 18:06:57 +0200
To: Jeff Ahrenholz <j.ahrenholz@temperednetworks.com>, "hipsec@ietf.org" <hipsec@ietf.org>
References: <20160623141232.31224.21763.idtracker@ietfa.amsl.com> <576BF266.4040703@ericsson.com> <5C1F7EB9-3B99-47E1-A929-B79E97F56F57@temperednetworks.com>
From: Miika Komu <miika.komu@ericsson.com>
Organization: Ericsson AB
Message-ID: <577543A1.9060507@ericsson.com>
Date: Thu, 30 Jun 2016 19:06:57 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <5C1F7EB9-3B99-47E1-A929-B79E97F56F57@temperednetworks.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms000208020208090104010004"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHLMWRmVeSWpSXmKPExsUyM2K7q+4i59Jwg39zpS2mLprMbNE65Saz A5PHkiU/mTy27ulkCWCK4rJJSc3JLEst0rdL4Mpo/PqAvWC1Y8XtmwvZGxin2nQxcnJICJhI nGu5wA5hi0lcuLeerYuRi0NI4AijRO+6MywQzmpGiQNXpzGCVAkL+Ejc/P0IzBYRiJG4OG8N VNFCRomXR6exgSTYBLQkVt25zgxi8wtISmxo2A1kc3DwCmhLHL3rARJmEVCVOHnnBROILSoQ ITFr+w8wm1dAUOLkzCcsIDangIfEku8XGUHmMwt0M0os/jCHCWSOkICKxMVjwRMYBWYhaZmF rAwkwSxgJjFv80NmCFtbYtnC11C2tcSMXwfZIGxFiSndD9khbFOJ10c/MkLYxhLL1v1lW8DI sYpRtDi1uDg33chIL7UoM7m4OD9PLy+1ZBMjMCYObvlttYPx4HPHQ4wCHIxKPLwLeErChVgT y4orcw8xqgDNebRh9QVGKZa8/LxUJRHexw6l4UK8KYmVValF+fFFpTmpxYcYpTlYlMR5/V8q hgsJpCeWpGanphakFsFkmTg4pRoY/SVm/OVelpSSdP9ixuEnRcdPWh/+EWynkXpPZvvizcsW F5q/Xs3B+NmuZr1V6NdVB6SZE3dl+E8JMjm6VaN/cXH4xGNfVosKvvb4q3m9ec1ShXuaE5kz Z6bd1+V79+DXdtslWSbLrjG0fktuDZYs0fN+prlHNGpX4s7/r901XC+Gb685aSdop8RSnJFo qMVcVJwIACNh726RAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/5W1SEs48wS41Zb1eWbP2-Z-tXos>
Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-12.txt
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 16:07:06 -0000

Hi Jeff,

On 06/24/2016 06:23 PM, Jeff Ahrenholz wrote:
> Hi Miika,
> First of all, nice work with all of your changes!
> This is a big draft but seems much clearer without the RFC 5770 delta.
>
> Here’s some further comments on your questions...
>
>>    * What should do with compatibility with RFC 6078 (HICCUPS)
>
> I think you can omit this, since RFC 6078 is for RFC 5201 (HIPv1). (Wait until if/when 6078 is updated for HIPv2.)

ok.

>>     * Connectivity tests should be skipped unless ESP_TRANSFORM is
>> negotiated?
>
> Seems like a good idea. No ESP_TRANSFORM -> no need to establish two-way comms between peers.
> For example, when performing a registration procedure with a relay server.

The direct path could be, of course, used for exchange HIP messages 
directly (including hiccups v2). Does this make sense?

If not, what should happen when both ESP_TRANSFORM and ICE-HIP-UDP are 
both negotiated? Or should we just be proactive and state that upon 
receiving R1, the Initiator MUST NOT include ICE-HIP-UDP if it is not 
going to employ any ESP_TRANSFORM.

>>    * Steps 5-6 could be skipped in the handoff sequence? See fig. 6.
>
> If steps 5-6 are skipped, then we would have no SEQ in step 3?

Yes.

> And the subsequent connectivity checks would suffice for these steps?

Connectivity tests implement the return routability checks. Currently, 
the NAT mobility triggering mechanism mimics the tree-way procedure in here:

https://tools.ietf.org/html/draft-ietf-hip-rfc5206-bis-12#section-3.2.1

I thought that would nice for implementers but strictly speaking steps 
5-6 could skipped since the connectivity checks actually implement the 
return routability checks.

I can change this if you agree?

> Below are a few editorial nits...
>
> -Jeff
>
> page 2
> s/checks keepalives, and data relaying./check keepalives and data relaying./g
>
> page 7
> s/IPsec [RFC3948] Finally/IPsec [RFC3948]. Finally/
>
> page 15
> s/NATs drop messages messages/NATs drop messages/
>
> page 18
> s/the the recipient/the recipient/
>
> page 22
> s/interact handover/interact with handover/
>
> page 27
> s/MUST not/MUST NOT/

Thanks, I have fixed the nits and they will be included in the next version.