Re: [Hipsec] your DISCUSS comments on draft-ietf-hip-rfc5201-bis

Tom Henderson <tomh@tomh.org> Tue, 22 July 2014 22:01 UTC

Return-Path: <tomh@tomh.org>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55D8B1A0658 for <hipsec@ietfa.amsl.com>; Tue, 22 Jul 2014 15:01:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.667
X-Spam-Level:
X-Spam-Status: No, score=-1.667 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbcWvPbuOwer for <hipsec@ietfa.amsl.com>; Tue, 22 Jul 2014 15:01:27 -0700 (PDT)
Received: from gproxy2-pub.mail.unifiedlayer.com (gproxy2-pub.mail.unifiedlayer.com [69.89.18.3]) by ietfa.amsl.com (Postfix) with SMTP id 9F29E1B2CCC for <hipsec@ietf.org>; Tue, 22 Jul 2014 15:01:27 -0700 (PDT)
Received: (qmail 9476 invoked by uid 0); 22 Jul 2014 22:01:26 -0000
Received: from unknown (HELO CMOut01) (10.0.90.82) by gproxy2.mail.unifiedlayer.com with SMTP; 22 Jul 2014 22:01:26 -0000
Received: from box528.bluehost.com ([74.220.219.128]) by CMOut01 with id Va1L1o00F2molgS01a1PdG; Tue, 22 Jul 2014 16:01:26 -0600
X-Authority-Analysis: v=2.1 cv=C4B6l2/+ c=1 sm=1 tr=0 a=K/474su/0lCI2gKrDs9DLw==:117 a=K/474su/0lCI2gKrDs9DLw==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ZSdzdHkL1-cA:10 a=DGUqPGHPs4YA:10 a=q7J0aIbBmN8A:10 a=8nJEP1OIZ-IA:10 a=HYWc1YUsAAAA:8 a=IA_2sfgTpx8A:10 a=rREcAdlOb-AA:10 a=fXNqK_bx-D4pRZfQGIQA:9 a=wPNLvfGTeEIA:10
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tomh.org; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=ZWyU8VukjE3qxfsMSa2m0AE52Ah/yBp36HGiMjdLZv4=; b=wzRHA7SjSDZjgLMW9Kt59IYkaWY8EZpZVoq8/oLk4kmpFpKI2TMCXXzA7hK5xUsCOqVd8CitXYcIYkESgtCF6SkVK+FHdPjVyw+3kBD/P1/kycP5FvrPu8VyjxJJ+jfP;
Received: from [71.231.123.189] (port=42742 helo=[192.168.168.42]) by box528.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <tomh@tomh.org>) id 1X9i7b-00050n-S4; Tue, 22 Jul 2014 16:01:19 -0600
Message-ID: <53CEDF2D.4000301@tomh.org>
Date: Tue, 22 Jul 2014 15:01:17 -0700
From: Tom Henderson <tomh@tomh.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Brian Haberman <brian@innovationslab.net>
References: <53CEB296.9050202@tomh.org> <53CED2D3.4040603@innovationslab.net>
In-Reply-To: <53CED2D3.4040603@innovationslab.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {3122:box528.bluehost.com:tomhorg:tomh.org} {sentby:smtp auth 71.231.123.189 authed with tomh@tomh.org}
Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/UCaiw2QzcjiYXBSuYwnDR8B_ZAg
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] your DISCUSS comments on draft-ietf-hip-rfc5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jul 2014 22:01:29 -0000

On 07/22/2014 02:08 PM, Brian Haberman wrote:
> Hi Tom,
>
> On 7/22/14 2:51 PM, Tom Henderson wrote:
>> Brian,
>>
>> You left the following DISCUSS comments on draft-ietf-hip-rfc5201-bis
>> which I would like to address below:
>>
>>> I have no objection to the publication of this document, but I do
>>> have two small points to discuss in section 5.2.3.
>>>
>>> 1. The R1_COUNTER parameter was labeled as optional in RFC 5201, but
>>> made mandatory in this revision.  However, the text says it SHOULD be
>>> included in R1.  If it is not included in R1 (violates the SHOULD),
>>> where will it be included given it is mandatory?
>>
>> Support for it is mandatory (if the Responder sends it, the Initiator
>> must echo it back), but the inclusion by the responder is optional.
>>
>> To try to clarify this, I edited it (for version -15) to read:
>>
>>             Support for the R1_COUNTER parameter is mandatory although
>>             its inclusion in the R1 packet is optional.  It SHOULD be
>>             included in the R1 ...
>>
>
> The above is fine.  If this parameter is sent by the Responder, what
> packets could it be sent in (i.e., violate the SHOULD) and still be useful?
>
> The above question is just something for you to think about.  I will not
> hold a discuss on it.

R1_COUNTER can be sent in the R1 and I2 packets (Sections 5.3.2 and 
5.3.3) but is not found in any of the other packets.

>
>>>
>>> 2. The Type value of R1_COUNTER was 128 in 5201 and is now 129.  Is
>>> that correct?
>>
>> Yes, by making its support mandatory, it is now deemed a "critical"
>> parameter and the LSB of the type value must be 1.  This necessitated
>> the change from 128 to 129.
>>
>
> Is there a need to discuss any backwards compatibility issues with this
> change?
>

I don't know whether any need exists.  If a legacy implementation 
provides 128, it also likely provides HIP version 1, in which case an 
ICMP packet with Parameter Problem should be generated (section 5.4.2). 
  If HIP version 2 is indicated but this parameter is encoded with 128, 
it will probably be covered by an implementation with the INVALID_SYNTAX 
notification (Section 5.2.19).

- Tom