[Hipsec] NAT Traversal in HIP
Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Mon, 27 August 2007 13:29 UTC
Return-path: <hipsec-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IPeey-00056i-OO; Mon, 27 Aug 2007 09:29:40 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IPeew-00056C-NC for hipsec@ietf.org; Mon, 27 Aug 2007 09:29:38 -0400
Received: from mailgw3.ericsson.se ([193.180.251.60]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IPeew-0003gB-22 for hipsec@ietf.org; Mon, 27 Aug 2007 09:29:38 -0400
Received: from mailgw3.ericsson.se (unknown [127.0.0.1]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id 1042920750; Mon, 27 Aug 2007 15:29:37 +0200 (CEST)
X-AuditID: c1b4fb3c-b0e80bb0000007e1-70-46d2d1c000d4
Received: from esealmw126.eemea.ericsson.se (unknown [153.88.254.123]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id ECAD120742; Mon, 27 Aug 2007 15:29:36 +0200 (CEST)
Received: from esealmw128.eemea.ericsson.se ([153.88.254.172]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 27 Aug 2007 15:29:36 +0200
Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 27 Aug 2007 15:29:36 +0200
Received: from [131.160.36.58] (E000FB0F665DD.lmf.ericsson.se [131.160.36.58]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 54C0F2336; Mon, 27 Aug 2007 16:29:36 +0300 (EEST)
Message-ID: <46D2D1BF.5000709@ericsson.com>
Date: Mon, 27 Aug 2007 16:29:35 +0300
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: HIP <hipsec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 27 Aug 2007 13:29:36.0456 (UTC) FILETIME=[4FD37480:01C7E8AE]
X-Brightmail-Tracker: AAAAAA==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
Cc:
Subject: [Hipsec] NAT Traversal in HIP
X-BeenThere: hipsec@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@lists.ietf.org>
List-Help: <mailto:hipsec-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=subscribe>
Errors-To: hipsec-bounces@lists.ietf.org
Folks, NAT traversal in HIP in one of our chartered items and, so, we need to make some progress. At this point, we have three different proposals: http://www.watersprings.org/pub/id/draft-ietf-hip-nat-traversal-01.txt http://www.ietf.org/internet-drafts/draft-ietf-hip-nat-traversal-02.txt http://www.ietf.org/internet-drafts/draft-tschofenig-hip-ice-00.txt The first one uses a simple algorithm that does not probably work in some network topologies. The second one uses the ICE methodology so that it can work in most network topologies. Instead of using STUN to perform connectivity checks and keep alives, it uses HIP messages. The third one also uses the ICE methodology. Additionally, it uses STUN to perform connectivity checks and keep alives. We have to make a few decisions: 1) Shall we use the ICE methodology or not? Simplifying the ICE methodology would result in a simpler protocol that does not work in certain network topologies. The fact that the NAT traversal mechanism we come up with works in most situations seems to be an important property. Therefore, it seems that using the ICE methodology would be the way to go. In any case, feel free to discuss this point on this list? The following draft is an example on how to apply ICE to a protocol: http://www.ietf.org/internet-drafts/draft-jennings-p2psip-asp-00.txt 2) Shall we use STUN to gather addresses, and perform connectivity checks and keep alives or shall we use HIP messages for that? Using STUN has the advantage that HIP could use all the installed base of STUN servers, which may have been deployed for other purposes (e.g., VoIP). However, we would need to analyze the security implications of using STUN in the HIP architecture, which has been designed with security in mind from the start. Some folks claimed that, architecturally, it made more sense to use HIP than STUN. We need to have further discussions on these issues. Comments are welcome. Thanks, Gonzalo HIP co-chair _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec
- [Hipsec] NAT Traversal in HIP Gonzalo Camarillo
- Re: [Hipsec] NAT Traversal in HIP Philip Matthews
- Re: [Hipsec] NAT Traversal in HIP Lars Eggert
- Re: [Hipsec] NAT Traversal in HIP Pekka Nikander
- Re: [Hipsec] NAT Traversal in HIP Miika Komu
- Re: [Hipsec] NAT Traversal in HIP Miika Komu
- Re: [Hipsec] NAT Traversal in HIP Lars Eggert
- RE: [Hipsec] NAT Traversal in HIP Henderson, Thomas R
- Re: [Hipsec] NAT Traversal in HIP Philip Matthews
- Re: [Hipsec] NAT Traversal in HIP Gonzalo Camarillo
- RE: [Hipsec] NAT Traversal in HIP Miika Komu
- RE: [Hipsec] NAT Traversal in HIP Henderson, Thomas R
- Re: [Hipsec] NAT Traversal in HIP marcelo bagnulo braun
- Re: [Hipsec] NAT Traversal in HIP Miika Komu
- RE: [Hipsec] NAT Traversal in HIP Miika Komu
- RE: [Hipsec] NAT Traversal in HIP Henderson, Thomas R
- RE: [Hipsec] NAT Traversal in HIP Miika Komu
- RE: [Hipsec] NAT Traversal in HIP Henderson, Thomas R