Re: [Hipsec] WGLC: draft-ietf-hip-cert-06

Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Wed, 12 January 2011 14:09 UTC

Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 676C928C120 for <hipsec@core3.amsl.com>; Wed, 12 Jan 2011 06:09:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.615
X-Spam-Level:
X-Spam-Status: No, score=-106.615 tagged_above=-999 required=5 tests=[AWL=-0.016, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 75-HZt5+Waed for <hipsec@core3.amsl.com>; Wed, 12 Jan 2011 06:09:44 -0800 (PST)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by core3.amsl.com (Postfix) with ESMTP id 35DBF28C108 for <hipsec@ietf.org>; Wed, 12 Jan 2011 06:09:43 -0800 (PST)
X-AuditID: c1b4fb3d-b7b89ae0000036a3-88-4d2db6b346e1
Received: from esessmw0247.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id 9E.84.13987.3B6BD2D4; Wed, 12 Jan 2011 15:12:03 +0100 (CET)
Received: from [131.160.126.193] (153.88.115.8) by esessmw0247.eemea.ericsson.se (153.88.115.94) with Microsoft SMTP Server id 8.2.234.1; Wed, 12 Jan 2011 15:12:02 +0100
Message-ID: <4D2DB6B2.109@ericsson.com>
Date: Wed, 12 Jan 2011 16:12:02 +0200
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Samu Varjonen <samu.varjonen@hiit.fi>
References: <4CFBB4EE.1020608@ericsson.com> <7CC566635CFE364D87DC5803D4712A6C4CED25ABC1@XCH-NW-10V.nw.nos.boeing.com> <4D0F35AE.3030908@hiit.fi> <4D2C9F04.9040305@ericsson.com> <4D2D9F70.8080802@hiit.fi>
In-Reply-To: <4D2D9F70.8080802@hiit.fi>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: AAAAAA==
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-cert-06
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2011 14:09:45 -0000

Hi Samu,

thanks. At this point, I will take care of the PROTO write up and of
requesting the publication of the draft.

Cheers,

Gonzalo

On 12/01/2011 2:32 PM, Samu Varjonen wrote:
> On 11/01/11 20:18, Gonzalo Camarillo wrote:
>> Hi Samu,
>>
>> when do you intend to submit a new revision of this draft including the
>> changes that have been agreed?
> 
> Uploaded it a minute ago.
> 
> BR,
> Samu
> 
>>
>> Thanks,
>>
>> Gonzalo
>>
>> On 20/12/2010 12:53 PM, Samu Varjonen wrote:
>>> On 20/12/10 06:01, Henderson, Thomas R wrote:
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: hipsec-bounces@ietf.org
>>>>> [mailto:hipsec-bounces@ietf.org] On Behalf Of Gonzalo Camarillo
>>>>> Sent: Sunday, December 05, 2010 7:51 AM
>>>>> To: HIP
>>>>> Subject: [Hipsec] WGLC: draft-ietf-hip-cert-06
>>>>>
>>>>> Folks,
>>>>>
>>>>> we hereby start the WGLC on the following draft. This WGLC will end on
>>>>> December 20th.
>>>>>
>>>>> https://datatracker.ietf.org/doc/draft-ietf-hip-cert/
>>>>>
>>>>> Please, send your comments to this list.
>>>>>
>>>>> Thanks,
>>>>>
>>>>
>>>> Gonzalo, I reread this draft and feel that it is ready to publish, modulo the resolution of a couple of comments below.
>>>>
>>>> At the top of page 6, I believe that the line
>>>>       Subject: CN=hit-of-issuer
>>>> should read
>>>>       Subject: CN=hit-of-subject
>>>>
>>>
>>> OK, fixed
>>>
>>>> In section 8, the second paragraph recommends to not use grouping or hash and URL encodings when HIP aware middleboxes are anticipated to be on the path.  First of all, it is not really clear how a HIP host may know about these boxes except via side information.  If the HIP host does know about them, then presumably it could also know (via side information) whether they can support grouping and hash formats, and the host could act accordingly.  Second, it is not clear whether the use of these options by a well-behaved host would make these devices more prone to attacks, or whether it is rather the use of these options by other malicious hosts that is the real problem.  It seems to me that it may be better to defer this issue to a future HIP-aware middlebox draft, where it could be specified, for instance, how a middlebox that does not want to support these formats may signal to a host that it requires "full credentials" to proceed.  So, I would like to suggest for your 
co
> 
>> ns
>>> id
>>>>    eration to remove this paragraph.
>>>>
>>>
>>> I agree with the comment and agree on leaving the subject to a future draft on
>>> HIP-aware middleboxes. Anyone against the removal of the paragraph? If not
>>> consider it removed.
>>>
>>>> - Tom
>>>> _______________________________________________
>>>> Hipsec mailing list
>>>> Hipsec@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/hipsec
>>>
>>
>