[Hipsec] a state machine proposal for mm-03
Miika Komu <miika@iki.fi> Mon, 03 April 2006 15:54 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQRNV-0005tl-E0; Mon, 03 Apr 2006 11:54:05 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQRNT-0005V3-Cz for hipsec@ietf.org; Mon, 03 Apr 2006 11:54:03 -0400
Received: from twilight.cs.hut.fi ([130.233.40.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FQRNS-00088E-Tk for hipsec@ietf.org; Mon, 03 Apr 2006 11:54:03 -0400
Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id 72FD23045; Mon, 3 Apr 2006 18:54:02 +0300 (EEST)
X-Spam-Checker-Version: SpamAssassin 3.1.1-niksula20040914 (2006-03-10) on twilight.cs.hut.fi
X-Spam-Level:
X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.1.1-niksula20040914
X-Spam-Niksula: No
Received: from kekkonen.cs.hut.fi (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id 9617D3044 for <hipsec@ietf.org>; Mon, 3 Apr 2006 18:54:01 +0300 (EEST)
Received: (from mkomu@localhost) by kekkonen.cs.hut.fi (8.11.7p1+Sun/8.10.2) id k33Fs1805486; Mon, 3 Apr 2006 18:54:01 +0300 (EEST)
Date: Mon, 03 Apr 2006 18:54:01 +0300
From: Miika Komu <miika@iki.fi>
X-X-Sender: mkomu@kekkonen.cs.hut.fi
To: hipsec@ietf.org
Message-ID: <Pine.GSO.4.58.0604031851540.25408@kekkonen.cs.hut.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 14582b0692e7f70ce7111d04db3781c8
Cc:
Subject: [Hipsec] a state machine proposal for mm-03
X-BeenThere: hipsec@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@lists.ietf.org>
List-Help: <mailto:hipsec-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=subscribe>
Errors-To: hipsec-bounces@lists.ietf.org
Simplified State Machine without Peer Initiated Rekeying ======================================================== Note1: since there are no other HIP header types for mobility and multihoming (other than UPDATE), the actual packet processing depends on the parameters in the HIP packet. Note2: the state machine is simpler to design if we leave out the peer initiated rekeying (section 3.2.1.2 in the draft). This way, we can assume that the UPDATE exchange consists of three packets and that each packet can be distinguished from each other by the precence of LOCATOR, ECHO_REQUEST or ECHO_RESPONSE. Note3: reusing the same state variables on both hosts. At the mobile host (the sender of LOCATOR) it is related to the data structures of the source IP. On the corresponding node (receiver of LOCATOR), it is related to the destination IP. Note4: need some fresh eyes to verify that this is actually sensible :) Send UPDATE with LOCATOR: - Triggered at the MN depending on changes in network attachments and according to local policies - Removed addresses are DEPRACATED (and not included in the LOCATOR) - All other addresses are UNVERIFIED (and included in the LOCATOR) - Set preferred LOCATOR depending on local policies - Send UPDATE with LOCATOR for the CN Receive HIP UPDATE: - Verify the HIP packet: HMAC, SIG, the presence, dependencies and validity of the parameters. - If the result is failure, goto DROP. - If success, proceed based on presence of LOCATOR, ECHO_REQUEST or ECHO_RESPONSE (only one of them can be contained in the packet) Received LOCATOR: - For each MN address in the received LOCATOR - State is DEPRACATED or UNKNOWN - Goto UNVERIFIED and send ECHO_REQUEST - State is UNVERIFIED - Resend ECHO_REQUEST and decrease retransmission timeout - Any other state, DROP Received ECHO REQUEST: - For each MN address in the corresponding LOCATOR - State is UNVERIFIED - Goto ACTIVE and send ECHO_RESPONSE - Any other state, DROP Received ECHO_RESPONSE: - Goto DEPRACATED for all old addresses not present in LOCATOR - For each MN address in the corresponding LOCATOR - State is UNVERIFIED - Otherwise goto ACTIVE - Change preferred LOCATOR when necessary - Any other state, DROP Receive ESP: - For the ESP address - State is UNVERIFIED - Verify ESP validity. Goto DROP if failed - Change preferred LOCATOR when necessary - Process ESP if there are credits left, and decrease credits. - Otherwise DROP - State is ACTIVE - Process ESP - Any other state, DROP Send ESP: - Increase credits UPDATE retransmission timeout for LOCATOR (at MN): - State is UNVERIFIED - Resend and decrease retransmission counter - Any other state - DROP and zero retransmission counter UPDATE retransmission timeout for ECHO_REQUEST (at CN): - State is UNVERIFIED - Resend and decrease retransmission counter - Any other state - DROP and zero retransmission counter UPDATE retransmission timeout for ECHO_RESPONSE (occurs at the MN when no ESP was received from the CN from a new address?): - State is ACTIVE - Resend and decrease retransmission counter - Any other state - DROP and zero retransmission counter Handling of CLOSE with ESP_INFO: - TBD -- Miika Komu miika@iki.fi http://www.iki.fi/miika/ _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec
- [Hipsec] a state machine proposal for mm-03 Miika Komu
- Re: [Hipsec] a state machine proposal for mm-03 Pekka Nikander
- Re: [Hipsec] a state machine proposal for mm-03 Miika Komu
- Re: [Hipsec] a state machine proposal for mm-03 Pekka Nikander
- RE: [Hipsec] a state machine proposal for mm-03 Henderson, Thomas R
- Re: [Hipsec] a state machine proposal for mm-03 Miika Komu
- RE: [Hipsec] a state machine proposal for mm-03 Miika Komu