IETF Logo Mail Archive

Re: [Hipsec] WGLC: draft-ietf-hip-dex-04

René Hummen <hummen.committees@gmail.com> Sun, 05 February 2017 21:59 UTC

Return-Path: <hummen.committees@gmail.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14BBD1299C5 for <hipsec@ietfa.amsl.com>; Sun, 5 Feb 2017 13:59:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dia0v4LA2l1J for <hipsec@ietfa.amsl.com>; Sun, 5 Feb 2017 13:59:52 -0800 (PST)
Received: from mail-ot0-x236.google.com (mail-ot0-x236.google.com [IPv6:2607:f8b0:4003:c0f::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 084E91299BC for <hipsec@ietf.org>; Sun, 5 Feb 2017 13:59:52 -0800 (PST)
Received: by mail-ot0-x236.google.com with SMTP id 65so50358282otq.2 for <hipsec@ietf.org>; Sun, 05 Feb 2017 13:59:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Os6KwbuMywxLuJ81ej+wghdXk9UH5VQ/Qo5LeIoDah0=; b=u6P4NXxBGvy5VnJy+NfmwYtUDsJ/tdTZUHuo13dsWvx9cW1M9wTd9fpaYGCtM7n2eA F2BKmnHrBImfQFTNWJgSxMEoUayhqzc2/mBSg0HtWpJYKqei+9ku2/jHYWws+X5XNIzA NDTkkgWvCdzHTUdVAb8zmBvKMrBRFYsRIEdHobMlJTUV2aDwNxwLFrzDd/rcNMNUr0Dq i6BTlOUPBZujl2Tv3XOX+X4ALOqnTDUh2L805vkfxGwi5xZUbulK6wVIarE9yPux0/0t gacPPwdO4HY6fjX10stz/eh9NuduYWKxRJSckuWr5PgirpOAd+S2dVFzlTzd9MgfCR3K zjBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Os6KwbuMywxLuJ81ej+wghdXk9UH5VQ/Qo5LeIoDah0=; b=shHip+QRiPbj2Jji+aDfI5+XFHY0waybyymVxjiWZIfFcY0Dvu7mnRrfzD6JhPR5tE wVOjmTCfwmhqC6zw5/KtHrH/n1Dyc3YSn62ra9LfAPvuEVrVuJbCZ3G5PcpFubJN8wt/ CZKNm5kFgh45gLs46mJomSb4EI1wdcLibQjm0rrvei3p3SDfs9P86R5X9Lu8GE+oaoh8 5pwRH9h+s8qNSk6GNJ/qGZ20yu56mQ/7bHIOm1i/qKWiTyvS7op6y7OJhKOfDMAHyUjY X3HcD4xjHsJdCpYYtxMsP82optfjh6J/pBRtkdjWUmddMG9itS3M3SS5CVVP1zQhVBNe 4JQg==
X-Gm-Message-State: AIkVDXLQdaRnZBVCUn8OTUuIlOpw6Le6o3VjBoP/lKcminx4EAWK9Pez98p+Mh3mc1lqsoZfJJA2U9/Y44qq2A==
X-Received: by 10.157.15.220 with SMTP id m28mr3292628otd.67.1486331991417; Sun, 05 Feb 2017 13:59:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.41.38 with HTTP; Sun, 5 Feb 2017 13:59:50 -0800 (PST)
In-Reply-To: <alpine.LRH.2.01.1611191832580.24556@hymn03.u.washington.edu>
References: <c6efff43-5a0c-942b-f151-751fb6694bee@ericsson.com> <alpine.LRH.2.01.1611191832580.24556@hymn03.u.washington.edu>
From: René Hummen <hummen.committees@gmail.com>
Date: Sun, 05 Feb 2017 22:59:50 +0100
Message-ID: <CANS20HNuax+5JUcHYJcmK-VuxgsYss5pgmWZc0FB+pMxem7d2w@mail.gmail.com>
To: Tom Henderson <tomhend@u.washington.edu>
Content-Type: multipart/alternative; boundary="001a113d15985deaf90547cfa24d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/aegt4UnGshiAm3SsJXjvZYB7kfE>
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-dex-04
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Feb 2017 21:59:54 -0000

Hi Tom,

thanks for your review!

I have addressed most of your comments in the new revision 05 that I just
uploaded before. For your remaining comments, I need additional input from
you and the rest of this group:

1) The text from Section 6.3 that you refer to is the same as in RFC5201
(HIPv1). I agree with you on the endianess. However, I assume that there
was a good reason why the sort() was specified this way in the original HIP
version. I would therefore prefer to keep the text as is.
Concerning the 96 vs. 128 bit issue, the draft defines HITs the same way as
HIPv2, which from my understanding are the full 128bit.

2) Concerning Sec. 6.5 through 6.8, I consciously chose to provide the full
specification here in order to significantly increase the readability of
these sections. When only stating the differences, I found myself
constantly changing between two documents (RFC7401 for the content and the
DEX draft to see if the content was relevant, removed, or modified). To
support those interested in the changes between RFC7401 and the DEX draft,
I specifically call out the main differences at the end of each section.
Does this satisfy your comment?

3) If your suggestion for Section 10 is purely cosmetic in nature, I would
prefer to not put additional effort into the IANA section. So, are these
changes cosmetic or mandatory?

BR
René

2016-11-20 3:32 GMT+01:00 Tom Henderson <tomhend@u.washington.edu>:

> Gonzalo, I have reviewed HIP DEX again and believe it is ready to publish,
> although I spotted a few minor items below that can be handled in the next
> revision.
>
> - Tom
>
> Editorial/minor:
>
> Section 1:  The numbered list is somewhat tersely written and may be hard
> to interpret by the newcomer to HIP specifications.  Consider to elaborate
> more (using fuller sentences and not sentence fragments).  e.g.:
>
> "Forfeit of Perfect Forward Secrecy with the dropping of an ephemeral
> Diffie-Hellman key agreement." could be
> "Forfeit of the HIPv2 Perfect Forward Secrecy property due to the removal
> of the HIPv2 ephemeral Diffie-Hellman key agreement."
>
> Section 1.1, spell out 'DoS' first time usage
>
> Section 4.1:  "Note that x and y each constitute half the final session
> key material."  (change to 'half of the')
>
> The figure in 4.1 does not have a caption, and also, why is 'mac'
> lowercased?
>
> Sec 4.1.3.1:  "Since only little data is protected by this SA" (perhaps
> s/little/a small amount/)
>
> Sec. 5.2.4:  "The following new HIT Suite IDs are defined..." (s/IDs
> are/ID is/ because there is only one defined)
>
> Sec. 6.3:  "sort(HIT-I | HIT-R) is defined as the network byte order
> concatenation of the two HITs... comparison of the two HITs interpreted as
> positive (unsigned) 128-bit integers in network byte order"  what does it
> mean to define a sort on a network byte order concatenation?  It seems
> perhaps clearer to leave endian issues out (they are implicit everywhere in
> a protocol) and just define it as a comparison on HITs interpreted as
> unsigned 128-bit integers (and by the way, is the full 128 bits including
> prefix included or just the 96 bits)?
>
> Sec. 6.5 through 6.8:  Unlike much of this draft, these sections do not
> just specifically call out the differences from the corresponding RFC 7401
> sections, but instead restate the modified processing flow, and it is hard
> to spot what is different here.  I wonder whether it would be clearer to
> just refer to those processing steps in RFC 7401 that are changed.
>
> Sec. 8:  Can a MITM reply to I1 with ICMP parameter problem, causing the
> true response (coming later) to be ignored because the initiator already
> gave up?  Maybe clarify here or in sec 5.4 to wait a little while before
> accepting the result of an ICMP.
>
> Sec. 10:  Consider to update the IANA section in the style that RFC 8003
> (and others) used, stating the history of the registry and what exactly is
> requested to be changed.  For example, something like "RFC 5201 and later
> RFC 7401 established the following registry ....  This document defines the
> following new codepoints for that registry ..."
>
>
> _______________________________________________
> Hipsec mailing list
> Hipsec@ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec
>

v2.23.0 | Report a Bug | By Email