Re: [Hipsec] Suresh Krishnan's Discuss on draft-ietf-hip-dex-13: (with DISCUSS)

Suresh Krishnan <Suresh@kaloom.com> Wed, 04 March 2020 18:11 UTC

Return-Path: <Suresh@kaloom.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61F463A13EF; Wed, 4 Mar 2020 10:11:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kaloom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kGwQbJ-PBI0f; Wed, 4 Mar 2020 10:11:19 -0800 (PST)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670109.outbound.protection.outlook.com [40.107.67.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B5863A13EA; Wed, 4 Mar 2020 10:11:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X6Aa5nvr8efpHl0cpB+rDEkh8SHIYOFQMYSP4b7RyM6qY00uUsVU4fxBawr/sgidCoEIPyvQ8/i//NS3AOEkFn7zvzMT4Apbv9A3aGayWS35/8dIDyXz3fzwdMzR+mdKd357iESZDqrnbskCLa4h1VqKmWAAEJ/hnoXwBKLANohLGsZX2tuo3cTccBlKGEpcsfX0ooi5RDhkw7s5S72B0BfgGaSFSfDvDoDo3ma1eRd2Ndz1aOrBBSz9cFblPx+lMjfkEydtY4rQUGgAyqf150leQRL/0J1rFh2HpG/nF7e8vFgE1E1S4IXiMn9yiXoEl6C8dp/ZwYx4Zvuv9eKEFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=gmmfLZ5fQ8I7rPTyCyVtlJc5WdJPEo4qJyuR5pexpPM=; b=jaU547vEZ4ITk+N08v7MkV47HYlaFTSKYm4BHhdYngHO8iqpE/ezvOrcv2IievipgxwdjFdydeJH71A4F71FzNTTq5q3UbgUQhk9kOT/cBOJaW2SNx75b3aqtmFG5WFRleQNCob+dHnA3GIlS+yj6IKR+3Y8XRYRUoXusDOUgxMMY5l49VXWWrCChWarVQL+jYYqMe8FqyFsj6CLdJdZBxyZkYWMlRKmdjCZHXq8S14MDJNMfSOG1znd5F7Io3f2EAOGSrUeazHiCMo8UNTk+qNA0mTGY8qBfCVdARjzBeRrNFLqW4B0Oaw5uFf+nNsuFuTI7EkYzxzl4FCmHWBrMw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kaloom.com; dmarc=pass action=none header.from=kaloom.com; dkim=pass header.d=kaloom.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaloom.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=gmmfLZ5fQ8I7rPTyCyVtlJc5WdJPEo4qJyuR5pexpPM=; b=aS+TDsgkjHReUN5B9GkOLv1EO1mDkVydOdvhXF1ZDNN4UkTMs511cUx+E5/cvU+36YL24g3jbF/j+6Q8I0Jg/iJRjLikFqsN3DEVEsb3R8dQcbhCojDVTauFDRGD86cnLHkeW8Z9inBHIBn64mK4YS+9yEYluluIDYs8LdcuoPA=
Received: from QB1PR01MB3219.CANPRD01.PROD.OUTLOOK.COM (52.132.84.225) by QB1PR01MB2418.CANPRD01.PROD.OUTLOOK.COM (52.132.84.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15; Wed, 4 Mar 2020 18:11:16 +0000
Received: from QB1PR01MB3219.CANPRD01.PROD.OUTLOOK.COM ([fe80::88eb:95a3:1188:b54a]) by QB1PR01MB3219.CANPRD01.PROD.OUTLOOK.COM ([fe80::88eb:95a3:1188:b54a%6]) with mapi id 15.20.2772.019; Wed, 4 Mar 2020 18:11:16 +0000
From: Suresh Krishnan <Suresh@kaloom.com>
To: Robert Moskowitz <rgm@htt-consult.com>
CC: Jeff Ahrenholz <j.ahrenholz@tempered.io>, Robert Moskowitz <rgm@labs.htt-consult.com>, The IESG <iesg@ietf.org>, "draft-ietf-hip-dex@ietf.org" <draft-ietf-hip-dex@ietf.org>, "hipsec@ietf.org" <hipsec@ietf.org>, "hip-chairs@ietf.org" <hip-chairs@ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>
Thread-Topic: [Hipsec] Suresh Krishnan's Discuss on draft-ietf-hip-dex-13: (with DISCUSS)
Thread-Index: AQHV8ieJ/KY/NzbOrUi2xrBWanKnkag4lbiAgAAEbACAACIjgA==
Date: Wed, 04 Mar 2020 18:11:16 +0000
Message-ID: <F0B60D43-EC8F-4231-B3D3-06FF01F56EBA@kaloom.com>
References: <158329724383.7687.5696211532188484676@ietfa.amsl.com> <a0ef66bb-ea77-c5b6-3a63-74d85dba2240@labs.htt-consult.com> <820F683A-84D6-4BC2-B980-04DD45191EFA@tempered.io> <bce12ee8-af3d-3671-4c3d-ce5b565aab79@htt-consult.com>
In-Reply-To: <bce12ee8-af3d-3671-4c3d-ce5b565aab79@htt-consult.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Suresh@kaloom.com;
x-originating-ip: [49.206.124.53]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7b14ba25-21b1-435c-571f-08d7c0676e69
x-ms-traffictypediagnostic: QB1PR01MB2418:
x-microsoft-antispam-prvs: <QB1PR01MB2418FA95DCA33B6AFAFE891AB4E50@QB1PR01MB2418.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0332AACBC3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39850400004)(376002)(346002)(136003)(366004)(189003)(199004)(66476007)(91956017)(53546011)(6506007)(2906002)(76116006)(66446008)(64756008)(8936002)(6916009)(86362001)(33656002)(36756003)(8676002)(966005)(66946007)(66556008)(508600001)(26005)(55236004)(81166006)(6512007)(4326008)(186003)(81156014)(54906003)(316002)(6486002)(5660300002)(2616005)(71200400001); DIR:OUT; SFP:1102; SCL:1; SRVR:QB1PR01MB2418; H:QB1PR01MB3219.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: kaloom.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RpBIl4gcX1pyHCYUtslDkV0en1zHKdS/7s+99OWkLoeDGenwlRI2+QbMa7KvAl5+RRxVZDN/QjulZuF9sW3VzKxbDyPo2DFmw7lxZpYMlHl0ZPh2R/PSMv+69g51+iVGlMkBjNlAYa7t+ssf8DHqkbixCFGFcJMm49YO1YsvJgMqrEGhArip88z6JjF48fMJGB6mJN8sZGd/djNDiq2QDC0F9WdV46Si5jix7MhYZg+xTkLd9FYs311vgqi0h4KK8qAIpSU8n3gZSvwdQilQSo+0TP4r+WmrDLzlzt5uKNBCDsb7UtUzEJw0paP7dEXf7NkjSrkDNfPOcBunOaY64RHyxiOXgNaudnfPQDXc7uVrrNOhUxhaVZ0fczO0ih3QxO2PvFh9f2V3FzLkJvaC0qh9xPkoyuupD/YlHlOzhxtX8mJwRBDOq/xkxaneaVtSIL0/46+9LpxvsLKxdbG54uyuxn4D8nwmaLYM6Z99rTK97qiKCF3tDZkLY67YOhCPeHryJhgaaVCP7qZU+F4/oQ==
x-ms-exchange-antispam-messagedata: TeCAQzST3zsh1IPe/d9MWcjgP+7gPexmCQS5ErBBrXgqSYko3wB3U6sBVvZzxUKRGWUFlibPpPpIstZcawIndJKvCHRag0tDA6x+ywbYUuxgfnfxijtbB3b8WeLGR31JmrTP3bJEvvG+irkmnibDtw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-ID: <25A155C07E431F40AFA85052486C9345@CANPRD01.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: kaloom.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7b14ba25-21b1-435c-571f-08d7c0676e69
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2020 18:11:16.1996 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 47d58e26-f796-48e8-ac40-1c365c204513
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lm7GHjFGqeVS+EHzy+31YbyCjU7Eq5HFwASSPnOam8SdiYlETlG77amhE8UCStaz0szpTQBmVJ8z9eID6ERc4w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB2418
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/_vUF-Eva_NvFkRMtHAIMHfb2_vA>
Subject: Re: [Hipsec] Suresh Krishnan's Discuss on draft-ietf-hip-dex-13: (with DISCUSS)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 18:11:25 -0000

Hi Bob/Jeff,

> On Mar 4, 2020, at 11:09 AM, Robert Moskowitz <rgm@htt-consult.com> wrote:
> 
> 
> 
> On 3/4/20 10:53 AM, Jeff Ahrenholz wrote:
>>> https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-codes-5
>>> 
>>> And nothing there that looks right.
>>> 
>>> So what is done in HIP BEX implementations?  Both v1 and v2?
>> For our HIPv1 implementation:
>> IPv4 packets - we send ICMPv4-in-UDP with type 12 "parameter problem" code 0 "pointer indicates the error" and point to the first bytes of UDP payload. (https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-12)
>> 
>> IPv6 packets - we send ICMPv6-in-UDP with type 4 "parameter problem" code 0 "erroneous header field encountered" and point to the first bytes of UDP payload.
>> 
>> Normally this would be if the SPI is unknown (e.g. one side forcefully reboots while the other continues to send it ESP-in-UDP data.) The pointer includes the first 8 bytes of the UDP payload so that the SPI is included in the ICMP message.
>> 
>> For IPv6 you could consider the "erroneous header field" to be the invalid SPI number, which is the bytes we point to.
>> 
>> -Jeff
>> 
> 
> Suresh,
> 
> How would you recommend handling this?  It seems the text in all docs (5201, 7401, and DEX) might be:
> 
> In most cases, the ICMP packet has the Parameter Problem type (12 for ICMPv4, 4 with code=0 for ICMPv6),

I am happy with the Code being set to 0 for ICMPv6 and the Pointer being set as Jeff proposed above.

Regards
Suresh