Re: [Hipsec] WGLC: draft-ietf-hip-cert-06

Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Tue, 11 January 2011 18:16 UTC

Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 600513A6A4C for <hipsec@core3.amsl.com>; Tue, 11 Jan 2011 10:16:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.606
X-Spam-Level:
X-Spam-Status: No, score=-106.606 tagged_above=-999 required=5 tests=[AWL=-0.007, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1zbusl90wrR9 for <hipsec@core3.amsl.com>; Tue, 11 Jan 2011 10:16:29 -0800 (PST)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by core3.amsl.com (Postfix) with ESMTP id 4C1283A6A3F for <hipsec@ietf.org>; Tue, 11 Jan 2011 10:16:29 -0800 (PST)
X-AuditID: c1b4fb3d-b7b89ae0000036a3-e2-4d2c9f0567d0
Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id 79.16.13987.50F9C2D4; Tue, 11 Jan 2011 19:18:45 +0100 (CET)
Received: from [131.160.126.193] (153.88.115.8) by esessmw0184.eemea.ericsson.se (153.88.115.82) with Microsoft SMTP Server id 8.2.234.1; Tue, 11 Jan 2011 19:18:45 +0100
Message-ID: <4D2C9F04.9040305@ericsson.com>
Date: Tue, 11 Jan 2011 20:18:44 +0200
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Samu Varjonen <samu.varjonen@hiit.fi>
References: <4CFBB4EE.1020608@ericsson.com> <7CC566635CFE364D87DC5803D4712A6C4CED25ABC1@XCH-NW-10V.nw.nos.boeing.com> <4D0F35AE.3030908@hiit.fi>
In-Reply-To: <4D0F35AE.3030908@hiit.fi>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: AAAAAA==
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-cert-06
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jan 2011 18:16:30 -0000

Hi Samu,

when do you intend to submit a new revision of this draft including the
changes that have been agreed?

Thanks,

Gonzalo

On 20/12/2010 12:53 PM, Samu Varjonen wrote:
> On 20/12/10 06:01, Henderson, Thomas R wrote:
>>
>>
>>> -----Original Message-----
>>> From: hipsec-bounces@ietf.org
>>> [mailto:hipsec-bounces@ietf.org] On Behalf Of Gonzalo Camarillo
>>> Sent: Sunday, December 05, 2010 7:51 AM
>>> To: HIP
>>> Subject: [Hipsec] WGLC: draft-ietf-hip-cert-06
>>>
>>> Folks,
>>>
>>> we hereby start the WGLC on the following draft. This WGLC will end on
>>> December 20th.
>>>
>>> https://datatracker.ietf.org/doc/draft-ietf-hip-cert/
>>>
>>> Please, send your comments to this list.
>>>
>>> Thanks,
>>>
>>
>> Gonzalo, I reread this draft and feel that it is ready to publish, modulo the resolution of a couple of comments below.
>>
>> At the top of page 6, I believe that the line
>>      Subject: CN=hit-of-issuer
>> should read
>>      Subject: CN=hit-of-subject
>>
> 
> OK, fixed
> 
>> In section 8, the second paragraph recommends to not use grouping or hash and URL encodings when HIP aware middleboxes are anticipated to be on the path.  First of all, it is not really clear how a HIP host may know about these boxes except via side information.  If the HIP host does know about them, then presumably it could also know (via side information) whether they can support grouping and hash formats, and the host could act accordingly.  Second, it is not clear whether the use of these options by a well-behaved host would make these devices more prone to attacks, or whether it is rather the use of these options by other malicious hosts that is the real problem.  It seems to me that it may be better to defer this issue to a future HIP-aware middlebox draft, where it could be specified, for instance, how a middlebox that does not want to support these formats may signal to a host that it requires "full credentials" to proceed.  So, I would like to suggest for your co
ns
> id
>>   eration to remove this paragraph.
>>
> 
> I agree with the comment and agree on leaving the subject to a future draft on 
> HIP-aware middleboxes. Anyone against the removal of the paragraph? If not 
> consider it removed.
> 
>> - Tom
>> _______________________________________________
>> Hipsec mailing list
>> Hipsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/hipsec
>