Re: [Hipsec] Suresh Krishnan's Discuss on draft-ietf-hip-dex-13: (with DISCUSS)

Suresh Krishnan <Suresh@kaloom.com> Wed, 04 March 2020 18:11 UTC

Return-Path: <Suresh@kaloom.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61F463A13EF; Wed, 4 Mar 2020 10:11:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kaloom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kGwQbJ-PBI0f; Wed, 4 Mar 2020 10:11:19 -0800 (PST)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670109.outbound.protection.outlook.com [40.107.67.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B5863A13EA; Wed, 4 Mar 2020 10:11:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DX6Aa5nvr8efpHl0cpB+rDEkh8SHIYOFQMYSP4b7RyM6qY00uUsVU4fxBawr/s?= =?utf-8?q?gidCoEIPyvQ8/i//NS3AOEkFn7zvzMT4Apbv9A3aGayWS35/8dIDyXz3fzwdMzR+m?= =?utf-8?q?dKd357iESZDqrnbskCLa4h1VqKmWAAEJ/hnoXwBKLANohLGsZX2tuo3cTccBlKGEp?= =?utf-8?q?csfX0ooi5RDhkw7s5S72B0BfgGaSFSfDvDoDo3ma1eRd2Ndz1aOrBBSz9cFblPx+l?= =?utf-8?q?MjfkEydtY4rQUGgAyqf150leQRL/0J1rFh2HpG/nF7e8vFgE1E1S4IXiMn9yiXoEl?= =?utf-8?q?6C8dp/ZwYx4Zvuv9eKEFg=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DgmmfLZ5fQ8I7rPTyCyVtlJc5WdJPEo4qJyuR5pexpPM=3D=3B_b=3DjaU547?= =?utf-8?q?vEZ4ITk+N08v7MkV47HYlaFTSKYm4BHhdYngHO8iqpE/ezvOrcv2IievipgxwdjFd?= =?utf-8?q?ydeJH71A4F71FzNTTq5q3UbgUQhk9kOT/cBOJaW2SNx75b3aqtmFG5WFRleQNCob+?= =?utf-8?q?dHnA3GIlS+yj6IKR+3Y8XRYRUoXusDOUgxMMY5l49VXWWrCChWarVQL+jYYqMe8Fq?= =?utf-8?q?yFsj6CLdJdZBxyZkYWMlRKmdjCZHXq8S14MDJNMfSOG1znd5F7Io3f2EAOGSrUeaz?= =?utf-8?q?HiCMo8UNTk+qNA0mTGY8qBfCVdARjzBeRrNFLqW4B0Oaw5uFf+nNsuFuTI7EkYzxz?= =?utf-8?q?l4FCmHWBrMw=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kaloom.com; dmarc=pass action=none header.from=kaloom.com; dkim=pass header.d=kaloom.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaloom.com; s=selector2; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3AContent-Typ?= =?utf-8?q?e=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DgmmfLZ5fQ8I7rPTyCyVtlJc5WdJPEo4qJyuR5pexpPM=3D=3B_b=3DaS+TDs?= =?utf-8?q?gkjHReUN5B9GkOLv1EO1mDkVydOdvhXF1ZDNN4UkTMs511cUx+E5/cvU+36YL24g3?= =?utf-8?q?jbF/j+6Q8I0Jg/iJRjLikFqsN3DEVEsb3R8dQcbhCojDVTauFDRGD86cnLHkeW8Z9?= =?utf-8?q?inBHIBn64mK4YS+9yEYluluIDYs8LdcuoPA=3D?=
Received: from QB1PR01MB3219.CANPRD01.PROD.OUTLOOK.COM (52.132.84.225) by QB1PR01MB2418.CANPRD01.PROD.OUTLOOK.COM (52.132.84.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15; Wed, 4 Mar 2020 18:11:16 +0000
Received: from QB1PR01MB3219.CANPRD01.PROD.OUTLOOK.COM ([fe80::88eb:95a3:1188:b54a]) by QB1PR01MB3219.CANPRD01.PROD.OUTLOOK.COM ([fe80::88eb:95a3:1188:b54a%6]) with mapi id 15.20.2772.019; Wed, 4 Mar 2020 18:11:16 +0000
From: Suresh Krishnan <Suresh@kaloom.com>
To: Robert Moskowitz <rgm@htt-consult.com>
CC: Jeff Ahrenholz <j.ahrenholz@tempered.io>, Robert Moskowitz <rgm@labs.htt-consult.com>, The IESG <iesg@ietf.org>, "draft-ietf-hip-dex@ietf.org" <draft-ietf-hip-dex@ietf.org>, "hipsec@ietf.org" <hipsec@ietf.org>, "hip-chairs@ietf.org" <hip-chairs@ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>
Thread-Topic: [Hipsec] Suresh Krishnan's Discuss on draft-ietf-hip-dex-13: (with DISCUSS)
Thread-Index: AQHV8ieJ/KY/NzbOrUi2xrBWanKnkag4lbiAgAAEbACAACIjgA==
Date: Wed, 4 Mar 2020 18:11:16 +0000
Message-ID: <F0B60D43-EC8F-4231-B3D3-06FF01F56EBA@kaloom.com>
References: <158329724383.7687.5696211532188484676@ietfa.amsl.com> <a0ef66bb-ea77-c5b6-3a63-74d85dba2240@labs.htt-consult.com> <820F683A-84D6-4BC2-B980-04DD45191EFA@tempered.io> <bce12ee8-af3d-3671-4c3d-ce5b565aab79@htt-consult.com>
In-Reply-To: <bce12ee8-af3d-3671-4c3d-ce5b565aab79@htt-consult.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Suresh@kaloom.com;
x-originating-ip: [49.206.124.53]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7b14ba25-21b1-435c-571f-08d7c0676e69
x-ms-traffictypediagnostic: QB1PR01MB2418:
x-microsoft-antispam-prvs: =?utf-8?q?=3CQB1PR01MB2418FA95DCA33B6AFAFE891AB4E?= =?utf-8?q?50=40QB1PR01MB2418=2ECANPRD01=2EPROD=2EOUTLOOK=2ECOM=3E?=
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0332AACBC3
x-forefront-antispam-report: SFV:NSPM; =?utf-8?q?SFS=3A=2810019020=29=283960?= =?utf-8?b?MDMpKDM5ODUwNDAwMDA0KSgzNzYwMDIpKDM0NjAwMikoMTM2MDAzKSgzNjYwMDQp?= =?utf-8?b?KDE4OTAwMykoMTk5MDA0KSg2NjQ3NjAwNykoOTE5NTYwMTcpKDUzNTQ2MDExKSg2?= =?utf-8?q?506007=29=282906002=29=2876116006=29=2866446008=29=2864756008=29?= =?utf-8?q?=288936002=29=286916009=29=2886362001=29=2833656002=29=2836756003?= =?utf-8?b?KSg4Njc2MDAyKSg5NjYwMDUpKDY2OTQ2MDA3KSg2NjU1NjAwOCkoNTA4NjAw?= =?utf-8?b?MDAxKSgyNjAwNSkoNTUyMzYwMDQpKDgxMTY2MDA2KSg2NTEyMDA3KSg0MzI2?= =?utf-8?b?MDA4KSgxODYwMDMpKDgxMTU2MDE0KSg1NDkwNjAwMykoMzE2MDAyKSg2NDg2?= =?utf-8?q?002=29=285660300002=29=282616005=29=2871200400001=29=3B?= DIR:OUT; SFP:1102; SCL:1; SRVR:QB1PR01MB2418; H:QB1PR01MB3219.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: kaloom.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?q?RpBIl4gcX1pyHCYUtslDkV0en1zHKdS?= =?utf-8?q?/7s+99OWkLoeDGenwlRI2+QbMa7KvAl5+RRxVZDN/QjulZuF9sW3VzKxbDyPo2DFm?= =?utf-8?q?w7lxZpYMlHl0ZPh2R/PSMv+69g51+iVGlMkBjNlAYa7t+ssf8DHqkbixCFGFcJMm4?= =?utf-8?q?9YO1YsvJgMqrEGhArip88z6JjF48fMJGB6mJN8sZGd/djNDiq2QDC0F9WdV46Si5j?= =?utf-8?q?ix7MhYZg+xTkLd9FYs311vgqi0h4KK8qAIpSU8n3gZSvwdQilQSo+0TP4r+WmrDLz?= =?utf-8?q?lzt5uKNBCDsb7UtUzEJw0paP7dEXf7NkjSrkDNfPOcBunOaY64RHyxiOXgNaudnfP?= =?utf-8?q?QDXc7uVrrNOhUxhaVZ0fczO0ih3QxO2PvFh9f2V3FzLkJvaC0qh9xPkoyuupD/YlH?= =?utf-8?q?lOzhxtX8mJwRBDOq/xkxaneaVtSIL0/46+9LpxvsLKxdbG54uyuxn4D8nwmaLYM6Z?= =?utf-8?q?99rTK97qiKCF3tDZkLY67YOhCPeHryJhgaaVCP7qZU+F4/oQ=3D=3D?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?TeCAQzST3zsh1IPe/d9MWcjgP+7gPe?= =?utf-8?q?xmCQS5ErBBrXgqSYko3wB3U6sBVvZzxUKRGWUFlibPpPpIstZcawIndJKvCHRag0t?= =?utf-8?q?DA6x+ywbYUuxgfnfxijtbB3b8WeLGR31JmrTP3bJEvvG+irkmnibDtw=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-ID: <25A155C07E431F40AFA85052486C9345@CANPRD01.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: kaloom.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7b14ba25-21b1-435c-571f-08d7c0676e69
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2020 18:11:16.1996 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 47d58e26-f796-48e8-ac40-1c365c204513
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: =?utf-8?q?lm7GHjFGqeVS+EHzy+31Y?= =?utf-8?q?byCjU7Eq5HFwASSPnOam8SdiYlETlG77amhE8UCStaz0szpTQBmVJ8z9eID6ERc4w?= =?utf-8?q?=3D=3D?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB2418
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/_vUF-Eva_NvFkRMtHAIMHfb2_vA>
Subject: Re: [Hipsec] Suresh Krishnan's Discuss on draft-ietf-hip-dex-13: (with DISCUSS)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 18:11:25 -0000

Hi Bob/Jeff,

> On Mar 4, 2020, at 11:09 AM, Robert Moskowitz <rgm@htt-consult.com> wrote:
> 
> 
> 
> On 3/4/20 10:53 AM, Jeff Ahrenholz wrote:
>>> https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-codes-5
>>> 
>>> And nothing there that looks right.
>>> 
>>> So what is done in HIP BEX implementations?  Both v1 and v2?
>> For our HIPv1 implementation:
>> IPv4 packets - we send ICMPv4-in-UDP with type 12 "parameter problem" code 0 "pointer indicates the error" and point to the first bytes of UDP payload. (https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-12)
>> 
>> IPv6 packets - we send ICMPv6-in-UDP with type 4 "parameter problem" code 0 "erroneous header field encountered" and point to the first bytes of UDP payload.
>> 
>> Normally this would be if the SPI is unknown (e.g. one side forcefully reboots while the other continues to send it ESP-in-UDP data.) The pointer includes the first 8 bytes of the UDP payload so that the SPI is included in the ICMP message.
>> 
>> For IPv6 you could consider the "erroneous header field" to be the invalid SPI number, which is the bytes we point to.
>> 
>> -Jeff
>> 
> 
> Suresh,
> 
> How would you recommend handling this?  It seems the text in all docs (5201, 7401, and DEX) might be:
> 
> In most cases, the ICMP packet has the Parameter Problem type (12 for ICMPv4, 4 with code=0 for ICMPv6),

I am happy with the Code being set to 0 for ICMPv6 and the Pointer being set as Jeff proposed above.

Regards
Suresh