Re: [Hipsec] Suresh Krishnan's Discuss on draft-ietf-hip-dex-13: (with DISCUSS)

Robert Moskowitz <rgm@htt-consult.com> Wed, 04 March 2020 16:09 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39D943A11CE; Wed, 4 Mar 2020 08:09:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GpWjT2ul-ucC; Wed, 4 Mar 2020 08:09:23 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 574C63A1118; Wed, 4 Mar 2020 08:09:23 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 605796220F; Wed, 4 Mar 2020 11:09:21 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 1P5f02K2dtTp; Wed, 4 Mar 2020 11:09:14 -0500 (EST)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id B7DF7621CB; Wed, 4 Mar 2020 11:09:11 -0500 (EST)
To: Jeff Ahrenholz <j.ahrenholz@tempered.io>, Robert Moskowitz <rgm@labs.htt-consult.com>, Suresh Krishnan <suresh@kaloom.com>, The IESG <iesg@ietf.org>
Cc: "draft-ietf-hip-dex@ietf.org" <draft-ietf-hip-dex@ietf.org>, "hipsec@ietf.org" <hipsec@ietf.org>, "hip-chairs@ietf.org" <hip-chairs@ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>
References: <158329724383.7687.5696211532188484676@ietfa.amsl.com> <a0ef66bb-ea77-c5b6-3a63-74d85dba2240@labs.htt-consult.com> <820F683A-84D6-4BC2-B980-04DD45191EFA@tempered.io>
From: Robert Moskowitz <rgm@htt-consult.com>
Message-ID: <bce12ee8-af3d-3671-4c3d-ce5b565aab79@htt-consult.com>
Date: Wed, 04 Mar 2020 11:09:04 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <820F683A-84D6-4BC2-B980-04DD45191EFA@tempered.io>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/ORWhK8qjzTb6CKZgNU1300n48SM>
Subject: Re: [Hipsec] Suresh Krishnan's Discuss on draft-ietf-hip-dex-13: (with DISCUSS)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 16:09:26 -0000


On 3/4/20 10:53 AM, Jeff Ahrenholz wrote:
>> https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-codes-5
>>
>> And nothing there that looks right.
>>
>> So what is done in HIP BEX implementations?  Both v1 and v2?
> For our HIPv1 implementation:
> IPv4 packets - we send ICMPv4-in-UDP with type 12 "parameter problem" code 0 "pointer indicates the error" and point to the first bytes of UDP payload. (https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-12)
>
> IPv6 packets - we send ICMPv6-in-UDP with type 4 "parameter problem" code 0 "erroneous header field encountered" and point to the first bytes of UDP payload.
>
> Normally this would be if the SPI is unknown (e.g. one side forcefully reboots while the other continues to send it ESP-in-UDP data.) The pointer includes the first 8 bytes of the UDP payload so that the SPI is included in the ICMP message.
>
> For IPv6 you could consider the "erroneous header field" to be the invalid SPI number, which is the bytes we point to.
>
> -Jeff
>

Suresh,

How would you recommend handling this?  It seems the text in all docs 
(5201, 7401, and DEX) might be:

In most cases, the ICMP packet has the Parameter Problem type (12 for 
ICMPv4, 4 with code=0 for ICMPv6),

Please advise.