Re: [Hipsec] OPS-DIR review of draft-ietf-hip-over-hip-05
<david.black@emc.com> Tue, 01 March 2011 14:44 UTC
Return-Path: <david.black@emc.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C0AE3A67E9; Tue, 1 Mar 2011 06:44:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.303
X-Spam-Level:
X-Spam-Status: No, score=-105.303 tagged_above=-999 required=5 tests=[AWL=-1.196, BAYES_00=-2.599, FRT_ESTABLISH2=2.492, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0v-UL6DEdySv; Tue, 1 Mar 2011 06:44:07 -0800 (PST)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id 657213A67A4; Tue, 1 Mar 2011 06:44:07 -0800 (PST)
Received: from hop04-l1d11-si03.isus.emc.com (HOP04-L1D11-SI03.isus.emc.com [10.254.111.23]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p21Ej7LI002453 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 1 Mar 2011 09:45:07 -0500
Received: from mailhub.lss.emc.com (mailhubhoprd02.lss.emc.com [10.254.221.253]) by hop04-l1d11-si03.isus.emc.com (RSA Interceptor); Tue, 1 Mar 2011 09:44:59 -0500
Received: from mxhub01.corp.emc.com (mxhub01.corp.emc.com [10.254.141.103]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p21EiOus005331; Tue, 1 Mar 2011 09:44:24 -0500
Received: from mx14a.corp.emc.com ([169.254.1.143]) by mxhub01.corp.emc.com ([10.254.141.103]) with mapi; Tue, 1 Mar 2011 09:44:23 -0500
From: david.black@emc.com
To: ari.keranen@ericsson.com
Date: Tue, 01 Mar 2011 09:44:23 -0500
Thread-Topic: [Hipsec] OPS-DIR review of draft-ietf-hip-over-hip-05
Thread-Index: AcvXSSQWVLSkZuCtQpq/WI8KzEo1qwA1Udsw
Message-ID: <7C4DFCE962635144B8FAE8CA11D0BF1E03E5B1C57C@MX14A.corp.emc.com>
References: <7C4DFCE962635144B8FAE8CA11D0BF1E03E5B1C06C@MX14A.corp.emc.com> <70848F08-3FA5-4BD0-8CCA-6987C6444C17@ericsson.com>
In-Reply-To: <70848F08-3FA5-4BD0-8CCA-6987C6444C17@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
X-Mailman-Approved-At: Wed, 02 Mar 2011 01:24:35 -0800
Cc: hipsec@ietf.org, ops-dir@ietf.org, rdroms.ietf@gmail.com, david.black@emc.com, gonzalo.camarillo@ericsson.com
Subject: Re: [Hipsec] OPS-DIR review of draft-ietf-hip-over-hip-05
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2011 14:44:13 -0000
Hi Ari, > If we explicitly prevent a policy that would not allow un-encrypted connection re-establishing > UPDATEs, I think we have this fixed, and we would not need to use error messages for informing about > this. I would change the text in section 5 into (added the last sentence and changed the second-to- > last one): > > [...] If encryption was > previously used, hosts SHOULD send outside of the encrypted > connection only HIP messages that are used to re-establish the > encrypted connection. Especially, messages for which the policy is > to send them only encrypted (e.g., DATA messages using an encrypted > transport mode) MUST be sent only using the encrypted connection. > Note that a policy MUST NOT prevent sending un-encrypted UPDATE > messages used for re-establishing the encrypted connection, since > that would prevent recovering from failed encrypted connections. That proposed change looks good to me, as the immediately following sentence in Section 5 points back to Section 3.2 for the re-negotiation, from which the reader will proceed to Section 3.3 on handling the error that occurs if the re-negotiation fails to propose an encrypted HIP transport. Please wait to hear from Ralph (AD) before submitting a revised draft, as an RFC Editor Note may suffice to make this change. Thanks, --David > -----Original Message----- > From: Ari Keränen [mailto:ari.keranen@ericsson.com] > Sent: Monday, February 28, 2011 8:11 AM > To: Black, David > Cc: ops-dir@ietf.org; hipsec@ietf.org; rdroms.ietf@gmail.com; gonzalo.camarillo@ericsson.com > Subject: Re: [Hipsec] OPS-DIE review of draft-ietf-hip-over-hip-05 > > Hi David, > > Thanks for the review! > > On Feb 25, 2011, at 9:07 PM, <david.black@emc.com> <david.black@emc.com> wrote: > [...] > > Summary: This draft is basically ready for publication, but has nits that should be fixed before > publication. > [...] > > I have one recommendation for change - this draft is somewhat inconsistent about support for a HIP > node policy that requires use of an encrypted transport for HIP signaling. Section 3.3 provides an > essential building block, the error signaling mechanism to indicate that an encrypted transport is > required and none was proposed. On the other hand, Section 5 is unclear with respect to this class of > policy in that it strongly recommends (SHOULD) fallback to a non-encrypted HIP connection but requires > (MUST) that "messages that are intended to be sent only encrypted" not be sent unencrypted. If the > "messages that are intended to be sent only encrypted" are all HIP messages after the base exchange, > these two requirements appear to be in conflict. > > That's a valid point. A policy that would prevent sending the re-establishing UPDATEs un-encrypted > after a failed encrypted connection would be unreasonable since then one could never re-establish such > a connection or even close it properly. This is already explicit for the receiving end (MUST accept > without encryption), but making it explicit also for the sender makes sense. > > The first SHOULD refers to the fact that one may also do something else than re-establish the > connection (e.g., close it). > > > I suggest adding a short explanation to Section 5 of what would be reasonable vs. unreasonable > policy for "messages that are intended to be sent only encrypted", and how to use the Section 3.3 > error report when a failed encrypted connection is recovered by attempting to fall back to an > unencrypted connection when HIP node policy requires encryption of all signaling after the base > exchange. > > > If we explicitly prevent a policy that would not allow un-encrypted connection re-establisihing > UPDATEs, I think we have this fixed, and we would not need to use error messages for informing about > this. I would change the text in section 5 into (added the last sentence and changed the second-to- > last one): > > [...] If encryption was > previously used, hosts SHOULD send outside of the encrypted > connection only HIP messages that are used to re-establish the > encrypted connection. Especially, messages for which the policy is > to send them only encrypted (e.g., DATA messages using an encrypted > transport mode) MUST be sent only using the encrypted connection. > Note that a policy MUST NOT prevent sending un-encrypted UPDATE > messages used for re-establishing the encrypted connection, since > that would prevent recovering from failed encrypted connections. > > > Cheers, > Ari
- [Hipsec] OPS-DIE review of draft-ietf-hip-over-hi… david.black
- Re: [Hipsec] OPS-DIR review of draft-ietf-hip-ove… david.black
- Re: [Hipsec] OPS-DIE review of draft-ietf-hip-ove… Ari Keränen
- Re: [Hipsec] OPS-DIR review of draft-ietf-hip-ove… david.black
- Re: [Hipsec] OPS-DIR review of draft-ietf-hip-ove… Ari Keränen