[Hipsec] Registration Extension bis-draft (5203-bis) comments

Ari Keranen <ari.keranen@nomadiclab.com> Fri, 21 January 2011 13:39 UTC

Return-Path: <ari.keranen@nomadiclab.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6B7D33A6916 for <hipsec@core3.amsl.com>; Fri, 21 Jan 2011 05:39:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8owhcQmjIrkV for <hipsec@core3.amsl.com>; Fri, 21 Jan 2011 05:39:35 -0800 (PST)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 80C6D3A6914 for <hipsec@ietf.org>; Fri, 21 Jan 2011 05:39:35 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 1F4064E6D1 for <hipsec@ietf.org>; Fri, 21 Jan 2011 15:42:20 +0200 (EET)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GgJavV7bAkm6 for <hipsec@ietf.org>; Fri, 21 Jan 2011 15:42:19 +0200 (EET)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by gw.nomadiclab.com (Postfix) with ESMTP id 88B2E4E6BC for <hipsec@ietf.org>; Fri, 21 Jan 2011 15:42:19 +0200 (EET)
From: Ari Keranen <ari.keranen@nomadiclab.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 21 Jan 2011 15:42:19 +0200
Message-Id: <0A26152E-F459-4552-B183-7DEF1A05FC75@nomadiclab.com>
To: HIP <hipsec@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1082)
X-Mailer: Apple Mail (2.1082)
Subject: [Hipsec] Registration Extension bis-draft (5203-bis) comments
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jan 2011 13:39:36 -0000

Hi all,

Now when we're bis'ing also the registration RFC, it would make sense to add a few more features there. Some of these have been discussed also earlier on this list (these relate to requirements discovered with the native NAT traversal draft [1]), but I'll have them all here for easier reference.

Currently, the registrar has no way of indicating that it would otherwise accept the registration, but it's currently running low on resources. For this purpose, a failure type "Insufficient resources" could be added to the "registration failure types". 

Registration using authentication with certificates could be part of the registration RFC. Currently, only authentication with HI is defined, but knowing all HIs beforehand is not practical in many cases. 

Text in section 3.2. of [1] could be used as a basis for this (just replace "HIP' data relay" with "registrar"). Also, if this authentication mode is added to the draft, failure type "Invalid certificate" should be added for the failure case.

Should we have these in the registration draft?


Cheers,
Ari

[1] http://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal