Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis
Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Wed, 19 June 2013 08:46 UTC
Return-Path: <prvs=688260fb96=gonzalo.camarillo@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD22A21F8E2A for <hipsec@ietfa.amsl.com>; Wed, 19 Jun 2013 01:46:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.024
X-Spam-Level:
X-Spam-Status: No, score=-106.024 tagged_above=-999 required=5 tests=[AWL=0.225, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jovXqsQYJAuJ for <hipsec@ietfa.amsl.com>; Wed, 19 Jun 2013 01:45:59 -0700 (PDT)
Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 2145721F8ADC for <hipsec@ietf.org>; Wed, 19 Jun 2013 01:45:58 -0700 (PDT)
X-AuditID: c1b4fb30-b7f9e6d000002643-c8-51c16fc55344
Received: from esessmw0256.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id 15.F2.09795.5CF61C15; Wed, 19 Jun 2013 10:45:58 +0200 (CEST)
Received: from [131.160.126.60] (153.88.115.8) by esessmw0256.eemea.ericsson.se (153.88.115.97) with Microsoft SMTP Server id 8.3.279.1; Wed, 19 Jun 2013 10:45:57 +0200
Message-ID: <51C16FC5.8030900@ericsson.com>
Date: Wed, 19 Jun 2013 11:45:57 +0300
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: HIP <hipsec@ietf.org>
References: <512C6912.1070206@ericsson.com> <758141CC3D829043A8C3164DD3D593EA2E513280A6@XCH-NW-16V.nw.nos.boeing.com> <1F03C185-5919-48BE-9492-90A7049A8F46@nomadiclab.com>
In-Reply-To: <1F03C185-5919-48BE-9492-90A7049A8F46@nomadiclab.com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrFLMWRmVeSWpSXmKPExsUyM+Jvre6x/IOBBnvvsVtMXTSZ2eLOxPPs Fq8PT2KzmPbhPIsDi8fvg2+YPZbcecXmsWTJTyaPzkXRASxR3DZJiSVlwZnpefp2CdwZPx/v YClYIFBx8OB/5gbG/TxdjJwcEgImEgePv2KGsMUkLtxbz9bFyMUhJHCKUeLYgj1QzhpGiaOT D7OAVPEKaEuc6tsEZrMIqEpM7Z8JZrMJWEhsuXUfzBYViJKYs+4BG0S9oMTJmU/A4iICkhI9 d5eC2cwCNRJdf78wgdjCAmYSmz/sA7tCSGA1o8ST4zYgNqeAk0T72hesENdJSmx50c4O0asn MeVqCyOELS+x/e0cqF5tieXPWlgmMArNQrJ6FpKWWUhaFjAyr2Jkz03MzEkvN9/ECAzqg1t+ G+xg3HRf7BCjNAeLkjjvp1O7AoUE0hNLUrNTUwtSi+KLSnNSiw8xMnFwggguqQZG5rlrYrN2 vOP/0vBrRvc2a8+1TLH/vjolyO5SmbpBbOeBZaxBTB8eX7e6m1qj3vW+Z13iszX6W3JUZTd9 nesWtHPKPpZtlzlZJm1RXtgr+Pjp+YkHp8x/sXte4zW+wljNmztXrMl51regOG76vclXHrKb u2k1BW99/Ssp1fy3c9zcd44eHYkdOUosxRmJhlrMRcWJAFCrJwc9AgAA
Cc: rgm@icsalabs.com
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2013 08:46:05 -0000
Folks, note that we are waiting for this issue to be resolved in order to request the publication of RFC4843bis, 5201bis, and 5202bis. Thanks, Gonzalo On 14/06/2013 9:57 AM, Petri Jokela wrote: > > On 11.3.2013, at 23.57, Henderson, Thomas R wrote: > >> This is a WGLC review of RFC5202-bis. >> >> This draft seems to be close to being ready. There are two areas (more detail below) that IMO could be clarified or else left out of scope: >> >> 1) handling of simultaneous IPsec and HIP ESP > > > Hi, > > I somehow missed this point when I was fixing the document. I'm not sure what we should do with this, any comments or suggestions? Currently the document says: > > 3.4. IPsec and HIP ESP Implementation Considerations > > When HIP is run on a node where a standards compliant IPsec is used, > some issues have to be considered. > > The HIP implementation must be able to co-exist with other IPsec > keying protocols. When the HIP implementation selects the SPI value, > it may lead to a collision if not implemented properly. To avoid the > possibility for a collision, the HIP implementation MUST ensure that > the SPI values used for HIP SAs are not used for IPsec or other SAs, > and vice versa. > > In the sending host, the HIP SA processing takes place always before > the IPsec processing. Vice versa, at the receiving host, the IPsec > processing is done first for incoming packets and the decrypted > packet is further given to the HIP processing. > > Incoming packets using an SA that is not negotiated by HIP MUST NOT > be processed as described in Section 3.2, paragraph 2. The SPI will > identify the correct SA for packet decryption and MUST be used to > identify that the packet has an upper-layer checksum that is > calculated as specified in [I-D.ietf-hip-rfc5201-bis]. > > > /petri > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > >
- [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Gonzalo Camarillo
- Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Henderson, Thomas R
- Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Petri Jokela
- Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Miika Komu
- Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Ari Keränen
- Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Henderson, Thomas R
- Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Petri Jokela
- Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Gonzalo Camarillo
- Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Henderson, Thomas R
- Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Henderson, Thomas R