Re: [Hipsec] comments on draft-ietf-hip-rfc4423-bis-01
Robert Moskowitz <rgm@htt-consult.com> Mon, 21 February 2011 13:37 UTC
Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F57B3A6FFB for <hipsec@core3.amsl.com>; Mon, 21 Feb 2011 05:37:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7tQdnwqmacBr for <hipsec@core3.amsl.com>; Mon, 21 Feb 2011 05:37:12 -0800 (PST)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id A45FB3A6FA3 for <hipsec@ietf.org>; Mon, 21 Feb 2011 05:37:12 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 1265462AD3; Mon, 21 Feb 2011 13:37:33 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xcuvEoPPeDct; Mon, 21 Feb 2011 08:37:13 -0500 (EST)
Received: from nc2400.htt-consult.com (nc2400.htt-consult.com [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 3BFD762A79; Mon, 21 Feb 2011 08:37:13 -0500 (EST)
Message-ID: <4D626A88.6060806@htt-consult.com>
Date: Mon, 21 Feb 2011 08:37:12 -0500
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Thunderbird/3.1.7
MIME-Version: 1.0
To: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
References: <FD98F9C3CBABA74E89B5D4B5DE0263B9379A8486D1@XCH-NW-12V.nw.nos.boeing.com>
In-Reply-To: <FD98F9C3CBABA74E89B5D4B5DE0263B9379A8486D1@XCH-NW-12V.nw.nos.boeing.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "hipsec@ietf.org" <hipsec@ietf.org>
Subject: Re: [Hipsec] comments on draft-ietf-hip-rfc4423-bis-01
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2011 13:37:13 -0000
On 01/21/2011 10:53 AM, Ahrenholz, Jeffrey M wrote: > Here are some comments after reviewing the HIP Architecture -bis draft... > > Should RFC 5201 be referenced? Added > - the base exchange is discussed > - the table of terms in Section 2.2 could refer to > RFC 5201 under definition of base exchange Not sure what you would want here. Can you offer up some text? > - ESP (5202), Rendezvous (5204), and DNS (5205) are listed as normative > references, but 5201 is not referenced > > Section 5.1 talks about moving Host Identities from one physical computer to > another without breaking transport associations. Really? You would need a secure channel (hint, hint) to move the Security Association, including all private key needed that are not technically part of the SA. But, yes, there are people looking into this for cloud computing. > Section 6.1 mentions "HIP readdress packets"; earlier versions of the > spec actually had readdress packets, but now it would be more precise to say > "HIP UPDATE packets" Done > Section 6.2 says "To close this attack, HIP includes..." > Could this better be phrased as "To close this attack vector" or > "To prevent this type of attack"? Done > Section 6.2 last paragraph discusses skipping the address check; > CBA can also be used to reduce handover latency here? CBA? > Section 8.1 "HIP and TCP checksums" should be titled > "HIP and Upper-layer checksums"? Yes. > This was briefly discussed on this list before [1]. > Section 9 Multicast says: > "There was little if any concrete thoughts about how HIP might affect > IP-layer or application-layer multicast." > This sentence made sense in conjunction with the RFC 4423 abstract: > "The memo describes the thinking of the authors as of Fall 2003." > ...but without such text that sentence on multicast doesn't really > stand on its own. What would you suggest? > Section 11.1 question 5 missing question mark at the end Fixed. Thanks!
- [Hipsec] comments on draft-ietf-hip-rfc4423-bis-01 Ahrenholz, Jeffrey M
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Robert Moskowitz
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Miika Komu
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Ahrenholz, Jeffrey M
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Ahrenholz, Jeffrey M
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Miika Komu
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Robert Moskowitz
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Ahrenholz, Jeffrey M
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Robert Moskowitz
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Robert Moskowitz
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Robert Moskowitz
- Re: [Hipsec] comments on draft-ietf-hip-rfc4423-b… Robert Moskowitz