Re: [Hipsec] Fwd: Status of WG items
Miika Komu <mkomu@cs.hut.fi> Thu, 18 October 2012 13:16 UTC
Return-Path: <mkomu@cs.hut.fi>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E20AA21F8771 for <hipsec@ietfa.amsl.com>; Thu, 18 Oct 2012 06:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.479
X-Spam-Level:
X-Spam-Status: No, score=-6.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTZ+kFWSzkbR for <hipsec@ietfa.amsl.com>; Thu, 18 Oct 2012 06:16:04 -0700 (PDT)
Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by ietfa.amsl.com (Postfix) with ESMTP id 6C59721F877E for <hipsec@ietf.org>; Thu, 18 Oct 2012 06:16:00 -0700 (PDT)
Received: from [127.0.0.1] (hutcs.cs.hut.fi [130.233.192.10]) by mail.cs.hut.fi (Postfix) with ESMTP id 4270930817B for <hipsec@ietf.org>; Thu, 18 Oct 2012 16:15:56 +0300 (EEST)
Message-ID: <5080010B.7030605@cs.hut.fi>
Date: Thu, 18 Oct 2012 16:15:55 +0300
From: Miika Komu <mkomu@cs.hut.fi>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121011 Thunderbird/16.0.1
MIME-Version: 1.0
To: hipsec@ietf.org
References: <4FE96F9F.3090800@ericsson.com> <758141CC3D829043A8C3164DD3D593EA1BD324E110@XCH-NW-16V.nw.nos.boeing.com> <4FEA1876.900@cs.rwth-aachen.de> <CAE_dhjveQ6WVVE3BVKk2txfBxNhfWvjbz+QVU2P919dNZ1WO4A@mail.gmail.com> <5012C05B.6080203@nomadiclab.com> <CAE_dhjufW+ic-VaBtqs787jK=xxy_XxnegpgGEtmpjZHsmJ4nA@mail.gmail.com> <505C213F.6050701@ericsson.com> <CAE_dhjv8LRwurQ9QmCmh6Spa+1UuECk1farGAKf_o9gYVsy_Lg@mail.gmail.com> <CAE_dhjsUXVwY8vXNLCwUjXPV9SxHTDbhk4dCt+ffQuQN=a6CMw@mail.gmail.com> <50615C93.6090300@ericsson.com>
In-Reply-To: <50615C93.6090300@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Hipsec] Fwd: Status of WG items
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2012 13:16:05 -0000
Hi Julien, your suggestion sounds fine. On 09/25/2012 10:26 AM, Gonzalo Camarillo wrote: > Hi, > > if we have the appropriate hooks in the main specs, we could do as you > suggest. I would be interested in hearing more opinions, though. > > Cheers, > > Gonzalo > > On 24/09/2012 5:48 PM, Julien Laganier wrote: >> Hi Gonzalo, all, >> >> So if we include in the registration a dependency towards the standard >> tracks HIP certificates draft (that doesn't exist yet) we would be >> tying the two together such that the registration can't be published >> before the HIP certificate RFC is. >> >> An alternative would be to move ahead with the current registration >> draft without specific dependency on HIP certificates but leaving the >> door open for these to be used once they are defined in standard >> track; the current draft and RFC already have hooks for authentication >> means beyond HIT authentication: >> >> >> In particular, >> REG_FAILED with a failure type of zero indicates the service(s) >> type(s) that require further credentials for registration. >> >> If the registrar requires further authorization and the requester has >> additional credentials available, the requester SHOULD try to >> register again with the service after the HIP association has been >> established. The precise means of establishing and verifying >> credentials are beyond the scope of this document and are expected to >> be defined in other documents. >> >> Would that be an appropriate way forward? >> >> --julien >> >> On Fri, Sep 21, 2012 at 1:11 AM, Gonzalo Camarillo >> <Gonzalo.Camarillo@ericsson.com> wrote: >>> Hi Julien, >>> >>> my take on this is that we need to produce a standards-track document >>> specifying exactly that. This is what our charter says about it: >>> >>> https://datatracker.ietf.org/wg/hip/charter/ >>> >>>> o Specify in a standards track RFC how to carry certificates in the >>>> base exchange. This was removed from the base HIP spec so that the >>>> mechanism is specified in a stand-alone spec. >>> >>> Cheers, >>> >>> Gonzalo >>> >>> On 21/09/2012 2:49 AM, Julien Laganier wrote: >>>> On Fri, Jul 27, 2012 at 9:22 AM, Ari Keranen <ari.keranen@nomadiclab.com> wrote: >>>>> Hi Julien, >>>>> >>>>> >>>>> On 7/6/12 3:37 AM, Julien Laganier wrote: >>>>>> >>>>>> - 5203bis (registration) can IMHO be republished as is as I haven't >>>>>> seen any issue with the original version. If people agree I could >>>>>> republish it and we could WGLC it... >>>>> >>>>> >>>>> I posted some comments about 5203bis earlier this year but back then there >>>>> was no discussion regarding them. So, here goes again. >>>>> >>>>> Some of these have been discussed also earlier on this list (these relate to >>>>> requirements discovered with the native NAT traversal draft [1]), but I'll >>>>> have them all here for easier reference. >>>>> >>>>> Currently, the registrar has no way of indicating that it would otherwise >>>>> accept the registration, but it's currently running low on resources. For >>>>> this purpose, a failure type "Insufficient resources" could be added to the >>>>> "registration failure types". >>>>> >>>>> Registration using authentication with certificates could be part of the >>>>> registration RFC. Currently, only authentication with HI is defined, but >>>>> knowing all HIs beforehand is not practical in many cases. >>>>> >>>>> Text in section 3.2. of [1] could be used as a basis for this (just replace >>>>> "HIP' data relay" with "registrar"). Also, if this authentication mode is >>>>> added to the draft, failure type "Invalid certificate" should be added for >>>>> the failure case. >>>>> >>>>> Should we have these in the registration draft? >>>>> >>>>> [1] http://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal >>>> >>>> I was going to shamelessly copy/paste section 3.2 of [1] in the >>>> registration draft but I noticed that [1] actually has a normative >>>> dependency on RFC 6253 "Host Identity Protocol Certificates" which is >>>> Experimental. Thus adding the support for certificates to a standard >>>> track HIP registration would cause a so-called downref which could be >>>> problematic... >>>> >>>> Gonzalo - what is your take on this? >>>> >>>> --julien >>>> >>> >> >> > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec >
- [Hipsec] Status of WG items Gonzalo Camarillo
- Re: [Hipsec] Status of WG items Henderson, Thomas R
- Re: [Hipsec] Status of WG items Tobias Heer
- Re: [Hipsec] Status of WG items Gonzalo Camarillo
- Re: [Hipsec] Status of WG items Julien Laganier
- Re: [Hipsec] Status of WG items Henderson, Thomas R
- Re: [Hipsec] Status of WG items Ari Keranen
- Re: [Hipsec] Status of WG items Robert Moskowitz
- Re: [Hipsec] Status of WG items Ari Keranen
- Re: [Hipsec] Status of WG items Gonzalo Camarillo
- Re: [Hipsec] Status of WG items Julien Laganier
- Re: [Hipsec] Status of WG items Ari Keranen
- Re: [Hipsec] Status of WG items Julien Laganier
- Re: [Hipsec] Status of WG items Gonzalo Camarillo
- Re: [Hipsec] Status of WG items Julien Laganier
- Re: [Hipsec] Status of WG items Henderson, Thomas R
- Re: [Hipsec] Status of WG items Miika Komu
- [Hipsec] Fwd: Status of WG items Julien Laganier
- Re: [Hipsec] Fwd: Status of WG items Gonzalo Camarillo
- Re: [Hipsec] Fwd: Status of WG items Miika Komu
- Re: [Hipsec] Status of WG items Ari Keranen
- Re: [Hipsec] Fwd: Status of WG items Ari Keranen
- Re: [Hipsec] Fwd: Status of WG items Henderson, Thomas R
- Re: [Hipsec] Fwd: Status of WG items Miika Komu
- Re: [Hipsec] Fwd: Status of WG items Samu Varjonen
- Re: [Hipsec] Fwd: Status of WG items Ari Keranen