Re: [Hipsec] comments on draft-ietf-hip-rfc5201-bis-04
Tobias Heer <heer@cs.rwth-aachen.de> Mon, 24 January 2011 15:44 UTC
Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 736F93A6AEA for <hipsec@core3.amsl.com>; Mon, 24 Jan 2011 07:44:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h+iQOhlCJf-i for <hipsec@core3.amsl.com>; Mon, 24 Jan 2011 07:44:53 -0800 (PST)
Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by core3.amsl.com (Postfix) with ESMTP id 70F913A6AEF for <hipsec@ietf.org>; Mon, 24 Jan 2011 07:44:53 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-2.rz.rwth-aachen.de ([134.130.5.41]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0LFJ00D0EAJN84H0@mta-1.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Mon, 24 Jan 2011 16:47:47 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.60,370,1291590000"; d="scan'208";a="47526973"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-2.rz.rwth-aachen.de with ESMTP; Mon, 24 Jan 2011 16:47:48 +0100
Received: from umic-i4-137-226-45-197.nn.rwth-aachen.de ([unknown] [137.226.45.197]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0LFJ00C04AJN2W60@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Mon, 24 Jan 2011 16:47:47 +0100 (CET)
From: Tobias Heer <heer@cs.rwth-aachen.de>
In-reply-to: <FD98F9C3CBABA74E89B5D4B5DE0263B9379A89497B@XCH-NW-12V.nw.nos.boeing.com>
Date: Mon, 24 Jan 2011 16:47:47 +0100
Message-id: <B2C99DCF-947C-464C-B6EF-CF998EB94A38@cs.rwth-aachen.de>
References: <FD98F9C3CBABA74E89B5D4B5DE0263B9379A848940@XCH-NW-12V.nw.nos.boeing.com> <90014AE7-DB37-4227-AD71-ED36285A2D5B@cs.rwth-aachen.de> <FD98F9C3CBABA74E89B5D4B5DE0263B9379A89497B@XCH-NW-12V.nw.nos.boeing.com>
To: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
X-Mailer: Apple Mail (2.1082)
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] comments on draft-ietf-hip-rfc5201-bis-04
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2011 15:44:54 -0000
Hello Jeff, Am 24.01.2011 um 16:40 schrieb Ahrenholz, Jeffrey M: >>> Section 3.2 mentions Section 4.2 and 6 of [I-D.mcgrew-fundamental-ecc] >>> the HTML tool incorrectly links Section 4.2 (of current doc) >>> >> >> This is odd. The HTML version tries to be smart but fails. There is no link >> pointing to that section in the xml document. I have no clue what to do because >> there is nothing I could remove. > > I guess there's nothing we can do here, they need to fix the tool. > >>> Section 4.1 says "In the first two packets, the hosts agree on a set of >> cryptographic identifiers and algorithms..."; wouldn't you say the first 3 >> packets, since the 3rd/I2 packet contains the chosen HIP_CIPHER? >> I'd say that the agreement has already been reached when the second packet was >> processed. The third packet only contains the effect of the agreement. >> Does that make sense? > > Yes, makes sense. Ok, so I'll leave it as it was. > >>> Section 5.3.1 says "The HIP packet, however, MUST NOT be fragmented." while >>> Section 5.1.3 says "A HIP implementation must support IP >> fragmentation/reassembly." ...I think 5.3.1 is discussing HIP packets having an >> upper-layer payload, but this should be clarified. >> >> You mean 5.3 and 5.3.1? > > I guess it's 5.1.3 and 5.3: > 5.1.3 says IP fragmentation MUST be implemented > 5.3 says the HIP packet MUST NOT be fragmented > > So fragmentation in 5.3 refers only to piggy-backed data, I think. > >> The case is a bit schizophrenic anyway. I think the requirement in 5.3 should be >> lowered to a SHOULD NOT be fragmented, emphasizing the potentially negative >> effects of fragmentation. >> What do you think? > > Yes, SHOULD NOT sounds good. This text seems to say: if the data you are trying to piggy-back on the I1 would cause the HIP packet to fragment, send the data in its own (TCP/UDP/IP) packet following the BEX. Yes, that was my interpretation, too. The text is from the original RFC5201. I'll change it to a SHOULD NOT and maybe state this more explicitly. Tobias > > -Jeff
- [Hipsec] comments on draft-ietf-hip-rfc5201-bis-04 Ahrenholz, Jeffrey M
- Re: [Hipsec] comments on draft-ietf-hip-rfc5201-b… Tobias Heer
- Re: [Hipsec] comments on draft-ietf-hip-rfc5201-b… Ahrenholz, Jeffrey M
- Re: [Hipsec] comments on draft-ietf-hip-rfc5201-b… Tobias Heer