IETF Logo Mail Archive

Re: [Hipsec] comments on draft-ietf-hip-rfc4423-bis-01

"Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com> Mon, 21 February 2011 17:11 UTC

Return-Path: <jeffrey.m.ahrenholz@boeing.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DE6C13A6CC5 for <hipsec@core3.amsl.com>; Mon, 21 Feb 2011 09:11:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eT2QKzTLVqfl for <hipsec@core3.amsl.com>; Mon, 21 Feb 2011 09:11:18 -0800 (PST)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 8656C3A6FE3 for <hipsec@ietf.org>; Mon, 21 Feb 2011 09:11:18 -0800 (PST)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id p1LHBekb015364 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 21 Feb 2011 09:11:47 -0800 (PST)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id p1LHBdoD025351; Mon, 21 Feb 2011 11:11:39 -0600 (CST)
Received: from XCH-NWHT-08.nw.nos.boeing.com (xch-nwht-08.nw.nos.boeing.com [130.247.25.112]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id p1LHBd8H025333 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Mon, 21 Feb 2011 11:11:39 -0600 (CST)
Received: from XCH-NW-12V.nw.nos.boeing.com ([130.247.25.246]) by XCH-NWHT-08.nw.nos.boeing.com ([130.247.25.112]) with mapi; Mon, 21 Feb 2011 09:11:39 -0800
From: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
To: Miika Komu <mkomu@cs.hut.fi>, "hipsec@ietf.org" <hipsec@ietf.org>
Date: Mon, 21 Feb 2011 09:11:43 -0800
Thread-Topic: [Hipsec] comments on draft-ietf-hip-rfc4423-bis-01
Thread-Index: AcvR6CGrA3LCTZfASjeUFgwH0BnnDwAAUwsQ
Message-ID: <FD98F9C3CBABA74E89B5D4B5DE0263B9379AA077DE@XCH-NW-12V.nw.nos.boeing.com>
References: <FD98F9C3CBABA74E89B5D4B5DE0263B9379A8486D1@XCH-NW-12V.nw.nos.bo eing.com> <4D626A88.6060806@htt-consult.com><FD98F9C3CBABA74E89B5D4B5DE0263B9379AA07740@XCH-NW-12V.nw.nos.boeing.com> <4D6298C6.50705@cs.hut.fi>
In-Reply-To: <4D6298C6.50705@cs.hut.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Hipsec] comments on draft-ietf-hip-rfc4423-bis-01
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2011 17:11:20 -0000

> >>> Section 6.2 last paragraph discusses skipping the address check;
> >>> CBA can also be used to reduce handover latency here?
> >>
> >> CBA?
> >
> > credit-based authentication
> >
> > Maybe this lost its steam? Was it ever implemented?
> > http://tools.ietf.org/html/draft-vogt-hip-credit-based-authorization-
> 00
> >
> > I wouldn't reference CBA if there is no WG interest...
> 
> it's part of RFC5206.

Aha, that's where CBA went. So, the last paragraph in 6.2 could be revised with something like:

"A credit-based authorization approach [RFC5206] can be used between hosts for sending data prior to completing the address tests. Otherwise, if HIP is used between two hosts that fully trust each other, the hosts may optionally decide to skip the address tests. ..."

-Jeff

v2.23.0 | Report a Bug | By Email