Re: [Hipsec] Mirja Kühlewind's No Objection on draft-ietf-hip-rfc5206-bis-13: (with COMMENT)

Robert Moskowitz <> Tue, 13 September 2016 09:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C913C12B25C for <>; Tue, 13 Sep 2016 02:14:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.709
X-Spam-Status: No, score=-5.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.508, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id z3Wyjm0fuLGK for <>; Tue, 13 Sep 2016 02:14:20 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6E05A12B25B for <>; Tue, 13 Sep 2016 02:14:20 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9BCDE62175; Tue, 13 Sep 2016 05:14:19 -0400 (EDT)
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with LMTP id qFmzZEo17fP6; Tue, 13 Sep 2016 05:14:14 -0400 (EDT)
Received: from (unknown []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 3458662126; Tue, 13 Sep 2016 05:14:13 -0400 (EDT)
To: Mirja Kuehlewind <>
References: <>
From: Robert Moskowitz <>
Message-ID: <>
Date: Tue, 13 Sep 2016 10:14:09 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [Hipsec] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_draft?= =?utf-8?q?-ietf-hip-rfc5206-bis-13=3A_=28with_COMMENT=29?=
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Sep 2016 09:14:22 -0000

I have one question on sec 5.4 before I enter a comment...

On 09/12/2016 03:28 PM, Mirja Kuehlewind wrote:
> 5) section 5.4: How long will an address be in UNVERIFIED state in case
> the verification is not successful (no reply). Is there a timer? How
> often will the peer retry the verification test? How long does the peer
> wait until resending the verification packet?

It took me a couple readings of 5.4 to THINK I understand fig 7.

I THINK this occurs after Mobile Host has sent its HIP UPDATE with the 
new locator information.

I believe the implication of this figure is that the stationary node 
(peer host) sends its address validation HIP UPDATE and instead of 
receiving the HIP UPDATE with ACK, it receives actual data which it may 
interpret as the ACK.

So I have two points.

First does this only apply when there are new SPI?  What about a move 
with no SPI changes?

Second, the actual figure should include the original HIP UPDATE from 
Mobile Host to make it clear the nature of the mobility.

Sorry for the late review of this draft.

I can submit an official comment if others think my questions raise 
clarity issues.