IETF Logo Mail Archive

Re: [Hipsec] WGLC: draft-ietf-hip-hiccups-01

Jan Melen <jan.melen@nomadiclab.com> Wed, 19 May 2010 12:29 UTC

Return-Path: <jan.melen@nomadiclab.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D2A63A67AC for <hipsec@core3.amsl.com>; Wed, 19 May 2010 05:29:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Level:
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9mu+OgnrfLZf for <hipsec@core3.amsl.com>; Wed, 19 May 2010 05:29:01 -0700 (PDT)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 3F61A3A6BB0 for <hipsec@ietf.org>; Wed, 19 May 2010 05:28:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id D3C4F4E6DC; Wed, 19 May 2010 15:28:18 +0300 (EEST)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mg6R53m5Lj7a; Wed, 19 May 2010 15:28:17 +0300 (EEST)
Received: from smtp.nomadiclab.com (d146.nomadiclab.com [IPv6:2001:14b8:400:100::146]) by gw.nomadiclab.com (Postfix) with ESMTP id 8AFB34E6C8; Wed, 19 May 2010 15:28:17 +0300 (EEST)
Received: from smtp.nomadiclab.com (localhost [127.0.0.1]) by smtp.nomadiclab.com (Postfix) with ESMTP id 7FB52107148; Wed, 19 May 2010 15:28:17 +0300 (EEST)
Received: from [IPv6:::1] (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by smtp.nomadiclab.com (Postfix) with ESMTP id D85EC10713F; Wed, 19 May 2010 15:28:02 +0300 (EEST)
From: Jan Melen <jan.melen@nomadiclab.com>
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: multipart/alternative; boundary="Apple-Mail-9--387888899"
Date: Wed, 19 May 2010 15:27:34 +0300
In-Reply-To: <62305098-2EBE-4128-9F8D-A4415B8ABB94@nomadiclab.com>
To: Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, HIP <hipsec@ietf.org>
References: <4B5F07F6.7080800@ericsson.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7BF@XCH-NW-10V.nw.nos.boeing.com> <79B9C9FA-E49A-4103-B1DA-741FC0389635@nomadiclab.com> <62305098-2EBE-4128-9F8D-A4415B8ABB94@nomadiclab.com>
Message-Id: <24BA4DA5-90C9-4196-8CB4-CB05D8C5B2A3@nomadiclab.com>
X-Mailer: Apple Mail (2.1078)
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-hiccups-01
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2010 12:29:03 -0000

Hi,

This document has now been lying around quite sometime. I posted the -02 version just before last IETF and no one has commented on it anything or neither has it progressed any further from the WGLC. Are there any remaining issues or are people happy with latest version?
http://www.ietf.org/id/draft-ietf-hip-hiccups-02.txt

   Regards,
     Jan


On Mar 4, 2010, at 3:25 PM, Jan Melen wrote:

> Hi,
> 
> It seems that the term HMAC in the document was misunderstood by people so I replaced it with term Message Integrity Code (MIC) and it is explained in the terminology section as follows:
>    Message Integrity Code (MIC)  is a hash sum calculated over the
>       message which is being integrity protected.  MIC does not use
>       secret keys and thus need be protected otherwise against
>       tampering.  Essentially MIC is same as MAC with the distinction
>       that MIC does not use secret key.  MIC is also often referred as
>       Integrity Check Value (ICV), fingerprint, or unkeyed MAC.
> I Hope this makes it a bit more clear now that there is no key needed when calculating the hash over the payload. The edited version is in the same location as previous (not yet submitted): http://users.piuha.net/jmelen/HICCUPS/draft-ietf-hip-hiccups-02.txt
>    Regards,
>      Jan
> 
> On Mar 3, 2010, at 9:08 PM, Jan Melen wrote:
> 
>> Hi,
>> 
>> Here is link to updated version:
>> http://users.piuha.net/jmelen/HICCUPS/draft-ietf-hip-hiccups-02.txt
>> 
>> On Feb 22, 2010, at 8:46 PM, Henderson, Thomas R wrote:
>> 
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: hipsec-bounces@ietf.org
>>>> [mailto:hipsec-bounces@ietf.org] On Behalf Of Gonzalo Camarillo
>>>> Sent: Tuesday, January 26, 2010 7:19 AM
>>>> To: HIP
>>>> Subject: [Hipsec] WGLC: HIP-based overlays
>>>> 
>>>> Folks,
>>>> 
>>>> we would like to WGLC the set of specifications that describe how to
>>>> build HIP-based overlays. The documents under WGLC are the following:
>>>> 
>>>> http://tools.ietf.org/html/draft-ietf-hip-bone-04
>>>> http://tools.ietf.org/html/draft-ietf-hip-reload-instance-00
>>>> http://tools.ietf.org/html/draft-ietf-hip-hiccups-01
>>>> http://tools.ietf.org/html/draft-ietf-hip-via-00
>>>> 
>>>> This WGLC will end on February 23rd. Please, send your
>>>> comments to this
>>>> list.
>>>> 
>>> 
>>> comments on draft-ietf-hip-hiccups-01:
>>> 
>>> Overall, I think that this document mainly makes sense in the context of HIP BONE and should be folded into that specification.  However, if kept stand-alone, it would help to clarify in the introduction that this specifies a data service with the following semantics:  unordered, duplicate free (subject to receiver ACK cache size and lifetime), reliable (up to a retransmission count), authenticated, and encrypted message-based delivery service.  I would also recommend stating that APIs to higher-level protocols that might use this service are outside the scope of this specification.
>>> 
>> 
>> 
>> Added the semantics and that APIs are outside the scope.
>> 
>> 
>>>> 2. Terminology
>>>> 
>>>> 
>>>>   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
>>>>   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
>>>>   document are to be interpreted as described in RFC 2119 [RFC2119].
>>> 
>>> This section is empty; probably at the very least it should point to the normative references that define the terminology in use later in the document.
>>> 
>> 
>> Yes, added reference to RFC 5201 for terminology.
>> 
>> 
>>>> 3. Background on HIP
>>>> 
>>>> 
>>>>   The HIP protocol specification [RFC5201] defines a number of messages
>>>>   and parameters.  The parameters are encoded as TLVs, as shown in
>>>>   Section 3.1.2.  Furthermore, the HIP header carries a Next Header
>>>>   field, allowing other arbitrary packets to be carried within HIP
>>>>   packets.
>>> 
>>> Perhaps this section could go away or be refactored if this draft is merged to hip-bone.
>>> 
>>>> 4.1. Definition of the PAYLOAD_MAC Parameter
>>>> 
>>>>     Length            length in octets, excluding Type, Length, and
>>>>                       Padding
>>> 
>>> are there any minimum or maximum size limitations for this parameter?  Should the maximum length be tied to the maximum size that the HMAC can handle?
>> 
>> 
>> Do you mean that we should be more specific than what we are saying about the HMAC itself:
>>   Payload HMAC      HMAC computed over the data to which the Next
>>                      Header and Payload Data points to. The size of
>>                      the HMAC is the natural size of the computation
>>                      output depending on the used function.
>> 
>>> 
>>>> 5.1. Handling of SEQ_DATA and ACK_DATA
>>>> 
>>>> 
>>>>   A HIP DATA packet contains zero or one SEQ_DATA parameter.  The
>>>>   presence of a SEQ_DATA parameter indicates that the receiver MUST ACK
>>>>   the HIP DATA packet.  A HIP DATA packet that does not contain a
>>>>   SEQ_DATA parameter is simply an ACK of a previous HIP DATA packet and
>>>>   MUST NOT be ACKed.
>>> 
>>> is it legal to have a HIP DATA with zero SEQ_DATA and zero ACK_DATA?  If not, suggest to say that if SEQ_DATA is missing, ACK_DATA must be present.
>>> 
>>> Can SEQ_DATA be present with no PAYLOAD_MAC parameter?
>> 
>> 
>> Fixed either SEQ_DATA or ACK_DATA must be present and in case of SEQ_DATA also PAYLOAD_MAC is required.
>> 
>> 
>>> 
>>>>   packet.  A host MAY choose to hold the HIP DATA packet carrying ACK
>>>>   for a short period of time to allow for the possibility of
>>>>   piggybacking the ACK parameter, in a manner similar to TCP delayed
>>>>   acknowledgments.
>>> 
>>> Should the ACK_DATA format allow for multiple sequence numbers, if so, to avoid carrying a Type and Length field for each one?
>> 
>> 
>> Yes and now it is defined.
>> 
>> 
>>> 
>>>>   1.  The host creates a HIP DATA packet that contains a SEQ_DATA
>>>>       parameter.  The host is free to choose any value for the SEQ_DATA
>>>>       parameter in the first HIP DATA packet it sends to a destination.
>>> 
>>> This section would be clearer if you replaced "SEQ_DATA parameter" and "SEQ_DATA value" with "SEQ_DATA sequence number".
>> 
>> Fixed.
>> 
>> 
>>    Thanks for reviewing the draft
>>        Jan
>> 
>> 
>> _______________________________________________
>> Hipsec mailing list
>> Hipsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/hipsec
>

v2.23.0 | Report a Bug | By Email