Re: [Hipsec] WGLC: draft-ietf-hip-dex-04
René Hummen <hummen.committees@gmail.com> Sun, 26 March 2017 17:16 UTC
Return-Path: <hummen.committees@gmail.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE714129650 for <hipsec@ietfa.amsl.com>; Sun, 26 Mar 2017 10:16:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBwAqA6KPDhb for <hipsec@ietfa.amsl.com>; Sun, 26 Mar 2017 10:16:55 -0700 (PDT)
Received: from mail-ot0-x22d.google.com (mail-ot0-x22d.google.com [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D482F1270A7 for <hipsec@ietf.org>; Sun, 26 Mar 2017 10:16:54 -0700 (PDT)
Received: by mail-ot0-x22d.google.com with SMTP id a5so17974546oth.1 for <hipsec@ietf.org>; Sun, 26 Mar 2017 10:16:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=oAt92GYxuUDWflvDKZ2AsIxd+zAPWv/2ljE0D1jXGBI=; b=e1Xwhy02+xSqic0sLwrWs2QOZur5fZJaIn8w97ZXknYPlrdMK+AL4/GQ90F9zqEYM/ ngeiiPPXJNXNjY4H1N8Yd64v0Lvhha2/cY75OHAxZy+546nnwqiRZHkTYPaO1KB+I70I 26QddtsEZcoGd5ZeP07WI97OYne+L8pgofFGhRx2JIVE3XLzB0sVbLf1bK8IfmfnHLBb 9GP3SczaGdh26etJV2ggJL+M73zVkgMGtVz/VQpy+f1m3DKRbylDe55D/Q2VEnOsj3Q5 5uKYyyVBuUcXJ+hLXMm7mYONKiA6yWkSIN9dcgGBVTuJQPRbZ2YMkI2E8UcBpF++tbNN XTmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=oAt92GYxuUDWflvDKZ2AsIxd+zAPWv/2ljE0D1jXGBI=; b=NBUrLasn/OT7EyWZ2bwdJpPjabOjf7TQSkATmTAZeQXcK4YVDGFCnsOV6k37yOpyFG 84Lx4aSi1JKHozc3il6hxM3Ef0pnMdgMMDHr43VGskJJd6RPndUSK5nqRYqu6JKcWTbr a4Buk4syNqIcITAo45es2wryNkIvyQvncNGkEZ5DEO8uMcN7ukN1Fi9V8YbLqlUBPMvo Mb5BEnR7zKUnok1GHmZVhENzBVBZOEk18qNH6CzLYxdlbyB5DuSx4ey6VYCYxuNGNvvs LP03JodWVjTEF8IoTue+ABe3DBLBDwauh22ak9eg0Ubz5+L3pguEewNfrwlVz9VXcRNj sAmA==
X-Gm-Message-State: AFeK/H0J37Pgg76tJ1rFAacS14PGj7/JMiuPG35H2VRPkgZ7XyJtLh3iCytUNm+9vCZlESw6bTtgC9sIX8nzRQ==
X-Received: by 10.157.7.13 with SMTP id 13mr4569737ote.60.1490548614299; Sun, 26 Mar 2017 10:16:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.190.7 with HTTP; Sun, 26 Mar 2017 10:16:53 -0700 (PDT)
In-Reply-To: <fda6e51a-7542-1d56-9223-095a930249ef@ericsson.com>
References: <c6efff43-5a0c-942b-f151-751fb6694bee@ericsson.com> <alpine.LRH.2.01.1611191832580.24556@hymn03.u.washington.edu> <CANS20HNuax+5JUcHYJcmK-VuxgsYss5pgmWZc0FB+pMxem7d2w@mail.gmail.com> <fda6e51a-7542-1d56-9223-095a930249ef@ericsson.com>
From: René Hummen <hummen.committees@gmail.com>
Date: Sun, 26 Mar 2017 19:16:53 +0200
Message-ID: <CANS20HNuidtqiMi-crPVMH9dKLAYkx+O0P4uKooHLFyj9NQFiA@mail.gmail.com>
To: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
Cc: Tom Henderson <tomhend@u.washington.edu>, HIP <hipsec@ietf.org>
Content-Type: multipart/alternative; boundary="001a113b0874ad057f054ba5643a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/depOSJ7QB54i4i6f5PaFK70IfkU>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-dex-04
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2017 17:16:58 -0000
Hi Gonzalo, I did not receive any comments indicating the need to make further changes. >From my side, we are ready to finalize the draft. BR René 2017-03-16 16:25 GMT+01:00 Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com >: > Hi Rene, > > did you get answers to your questions below and, in general, enough > input to finalize the draft? > > Thanks, > > Gonzalo > > On 05/02/2017 11:59 PM, René Hummen wrote: > > Hi Tom, > > > > thanks for your review! > > > > I have addressed most of your comments in the new revision 05 that I > > just uploaded before. For your remaining comments, I need additional > > input from you and the rest of this group: > > > > 1) The text from Section 6.3 that you refer to is the same as in RFC5201 > > (HIPv1). I agree with you on the endianess. However, I assume that there > > was a good reason why the sort() was specified this way in the original > > HIP version. I would therefore prefer to keep the text as is. > > Concerning the 96 vs. 128 bit issue, the draft defines HITs the same way > > as HIPv2, which from my understanding are the full 128bit. > > > > 2) Concerning Sec. 6.5 through 6.8, I consciously chose to provide the > > full specification here in order to significantly increase the > > readability of these sections. When only stating the differences, I > > found myself constantly changing between two documents (RFC7401 for the > > content and the DEX draft to see if the content was relevant, removed, > > or modified). To support those interested in the changes between RFC7401 > > and the DEX draft, I specifically call out the main differences at the > > end of each section. Does this satisfy your comment? > > > > 3) If your suggestion for Section 10 is purely cosmetic in nature, I > > would prefer to not put additional effort into the IANA section. So, are > > these changes cosmetic or mandatory? > > > > BR > > René > > > > 2016-11-20 3:32 GMT+01:00 Tom Henderson <tomhend@u.washington.edu > > <mailto:tomhend@u.washington.edu>>: > > > > Gonzalo, I have reviewed HIP DEX again and believe it is ready to > > publish, although I spotted a few minor items below that can be > > handled in the next revision. > > > > - Tom > > > > Editorial/minor: > > > > Section 1: The numbered list is somewhat tersely written and may be > > hard to interpret by the newcomer to HIP specifications. Consider > > to elaborate more (using fuller sentences and not sentence > > fragments). e.g.: > > > > "Forfeit of Perfect Forward Secrecy with the dropping of an > > ephemeral Diffie-Hellman key agreement." could be > > "Forfeit of the HIPv2 Perfect Forward Secrecy property due to the > > removal of the HIPv2 ephemeral Diffie-Hellman key agreement." > > > > Section 1.1, spell out 'DoS' first time usage > > > > Section 4.1: "Note that x and y each constitute half the final > > session key material." (change to 'half of the') > > > > The figure in 4.1 does not have a caption, and also, why is 'mac' > > lowercased? > > > > Sec 4.1.3.1 <http://4.1.3.1>: "Since only little data is protected > > by this SA" (perhaps s/little/a small amount/) > > > > Sec. 5.2.4: "The following new HIT Suite IDs are defined..." (s/IDs > > are/ID is/ because there is only one defined) > > > > Sec. 6.3: "sort(HIT-I | HIT-R) is defined as the network byte order > > concatenation of the two HITs... comparison of the two HITs > > interpreted as positive (unsigned) 128-bit integers in network byte > > order" what does it mean to define a sort on a network byte order > > concatenation? It seems perhaps clearer to leave endian issues out > > (they are implicit everywhere in a protocol) and just define it as a > > comparison on HITs interpreted as unsigned 128-bit integers (and by > > the way, is the full 128 bits including prefix included or just the > > 96 bits)? > > > > Sec. 6.5 through 6.8: Unlike much of this draft, these sections do > > not just specifically call out the differences from the > > corresponding RFC 7401 sections, but instead restate the modified > > processing flow, and it is hard to spot what is different here. I > > wonder whether it would be clearer to just refer to those processing > > steps in RFC 7401 that are changed. > > > > Sec. 8: Can a MITM reply to I1 with ICMP parameter problem, causing > > the true response (coming later) to be ignored because the initiator > > already gave up? Maybe clarify here or in sec 5.4 to wait a little > > while before accepting the result of an ICMP. > > > > Sec. 10: Consider to update the IANA section in the style that RFC > > 8003 (and others) used, stating the history of the registry and what > > exactly is requested to be changed. For example, something like > > "RFC 5201 and later RFC 7401 established the following registry > > .... This document defines the following new codepoints for that > > registry ..." > > > > > > _______________________________________________ > > Hipsec mailing list > > Hipsec@ietf.org <mailto:Hipsec@ietf.org> > > https://www.ietf.org/mailman/listinfo/hipsec > > <https://www.ietf.org/mailman/listinfo/hipsec> > > > > >
- [Hipsec] WGLC: draft-ietf-hip-dex-04 Gonzalo Camarillo
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 Gonzalo Camarillo
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 Tom Henderson
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 Gonzalo Camarillo
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 Robert Moskowitz
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 Robert Moskowitz
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 Gonzalo Camarillo
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 Gonzalo Camarillo
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 René Hummen
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 Gonzalo Camarillo
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 René Hummen
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 Gonzalo Camarillo
- Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 René Hummen