IETF Logo Mail Archive

[Hipsec] Feedback for 4423bis

Sasu Tarkoma <sasu.tarkoma@helsinki.fi> Wed, 10 October 2012 19:05 UTC

Return-Path: <sasu.tarkoma@helsinki.fi>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E57A111E809A for <hipsec@ietfa.amsl.com>; Wed, 10 Oct 2012 12:05:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rp6iHePt3Z7W for <hipsec@ietfa.amsl.com>; Wed, 10 Oct 2012 12:05:58 -0700 (PDT)
Received: from mail.cs.helsinki.fi (courier.cs.helsinki.fi [128.214.9.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3736311E8091 for <hipsec@ietf.org>; Wed, 10 Oct 2012 12:05:56 -0700 (PDT)
Received: from [192.168.0.16] (cs181201041.pp.htv.fi [82.181.201.41]) (AUTH: PLAIN starkoma, SSL: TLSv1/SSLv3,128bits,AES128-SHA) by mail.cs.helsinki.fi with esmtp; Wed, 10 Oct 2012 22:05:46 +0300 id 0008C5DC.5075C70A.00005E82
From: Sasu Tarkoma <sasu.tarkoma@helsinki.fi>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <502A164E-8CCA-459B-A404-4E668150A684@helsinki.fi>
Date: Wed, 10 Oct 2012 22:05:47 +0300
To: hipsec@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
Subject: [Hipsec] Feedback for 4423bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Oct 2012 19:05:59 -0000

Hi all,

I read the latest HIP architecture draft (4423bis-05) and it looks
very good. Below you will find some observations that I made
when reading the draft.

Best regards,
- Sasu

------

- Architecture and implementation details are partly
 intertwined here. Perhaps the generic model can
be summarised first and then the implementation
specific details. Theory of HI is mentioned in the 
beginning, but I think it is not clear for all readers what 
is meant by this. 

- It is stated that the model is general and it does not require 
public key crypto; however, this is not really elaborated. Also
it is stated that the model can be applied at any
layer, but this is not explained. The description assumes
that Host Identity decouples internetworking and
transport layers.

- The draft does not discuss architecture and protocol
deployment issues. This is one practical requirement given
the momentum of the current solutions.

- The description of the HIP protocol is quite light in this
draft. The introductory part to section 5 could briefly state the
key components of HIP including BEX, mobility/multihoming support,
and rendezvous that are covered by the following subsections.

- In section 5, it is stated that:
"Similarly, if it is possible to distribute the processing of a single
   Host Identity over several physical computers, HIP provides for
   cluster based services without any changes at the client end-point."

I think the base specification and implementation do not directly
support this, but additional management extensions are needed.

- Computational puzzle does not appear to be mentioned.

- Extensions (new hash functions) are not elaborated. This is
related to a general requirement that a protocol should be evolvable. 

- p. 17 section 10 needs a reference

- p. 21 the downgrade attack should be elaborated.

- Typo: p. 5 Identfier

v2.23.0 | Report a Bug | By Email