IETF Logo Mail Archive

Re: [Hipsec] WGLC: draft-ietf-hip-dex-04

René Hummen <hummen.committees@gmail.com> Sun, 26 March 2017 17:16 UTC

Return-Path: <hummen.committees@gmail.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE714129650 for <hipsec@ietfa.amsl.com>; Sun, 26 Mar 2017 10:16:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBwAqA6KPDhb for <hipsec@ietfa.amsl.com>; Sun, 26 Mar 2017 10:16:55 -0700 (PDT)
Received: from mail-ot0-x22d.google.com (mail-ot0-x22d.google.com [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D482F1270A7 for <hipsec@ietf.org>; Sun, 26 Mar 2017 10:16:54 -0700 (PDT)
Received: by mail-ot0-x22d.google.com with SMTP id a5so17974546oth.1 for <hipsec@ietf.org>; Sun, 26 Mar 2017 10:16:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=oAt92GYxuUDWflvDKZ2AsIxd+zAPWv/2ljE0D1jXGBI=; b=e1Xwhy02+xSqic0sLwrWs2QOZur5fZJaIn8w97ZXknYPlrdMK+AL4/GQ90F9zqEYM/ ngeiiPPXJNXNjY4H1N8Yd64v0Lvhha2/cY75OHAxZy+546nnwqiRZHkTYPaO1KB+I70I 26QddtsEZcoGd5ZeP07WI97OYne+L8pgofFGhRx2JIVE3XLzB0sVbLf1bK8IfmfnHLBb 9GP3SczaGdh26etJV2ggJL+M73zVkgMGtVz/VQpy+f1m3DKRbylDe55D/Q2VEnOsj3Q5 5uKYyyVBuUcXJ+hLXMm7mYONKiA6yWkSIN9dcgGBVTuJQPRbZ2YMkI2E8UcBpF++tbNN XTmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=oAt92GYxuUDWflvDKZ2AsIxd+zAPWv/2ljE0D1jXGBI=; b=NBUrLasn/OT7EyWZ2bwdJpPjabOjf7TQSkATmTAZeQXcK4YVDGFCnsOV6k37yOpyFG 84Lx4aSi1JKHozc3il6hxM3Ef0pnMdgMMDHr43VGskJJd6RPndUSK5nqRYqu6JKcWTbr a4Buk4syNqIcITAo45es2wryNkIvyQvncNGkEZ5DEO8uMcN7ukN1Fi9V8YbLqlUBPMvo Mb5BEnR7zKUnok1GHmZVhENzBVBZOEk18qNH6CzLYxdlbyB5DuSx4ey6VYCYxuNGNvvs LP03JodWVjTEF8IoTue+ABe3DBLBDwauh22ak9eg0Ubz5+L3pguEewNfrwlVz9VXcRNj sAmA==
X-Gm-Message-State: AFeK/H0J37Pgg76tJ1rFAacS14PGj7/JMiuPG35H2VRPkgZ7XyJtLh3iCytUNm+9vCZlESw6bTtgC9sIX8nzRQ==
X-Received: by 10.157.7.13 with SMTP id 13mr4569737ote.60.1490548614299; Sun, 26 Mar 2017 10:16:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.190.7 with HTTP; Sun, 26 Mar 2017 10:16:53 -0700 (PDT)
In-Reply-To: <fda6e51a-7542-1d56-9223-095a930249ef@ericsson.com>
References: <c6efff43-5a0c-942b-f151-751fb6694bee@ericsson.com> <alpine.LRH.2.01.1611191832580.24556@hymn03.u.washington.edu> <CANS20HNuax+5JUcHYJcmK-VuxgsYss5pgmWZc0FB+pMxem7d2w@mail.gmail.com> <fda6e51a-7542-1d56-9223-095a930249ef@ericsson.com>
From: René Hummen <hummen.committees@gmail.com>
Date: Sun, 26 Mar 2017 19:16:53 +0200
Message-ID: <CANS20HNuidtqiMi-crPVMH9dKLAYkx+O0P4uKooHLFyj9NQFiA@mail.gmail.com>
To: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
Cc: Tom Henderson <tomhend@u.washington.edu>, HIP <hipsec@ietf.org>
Content-Type: multipart/alternative; boundary="001a113b0874ad057f054ba5643a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/depOSJ7QB54i4i6f5PaFK70IfkU>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-dex-04
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2017 17:16:58 -0000

Hi Gonzalo,

I did not receive any comments indicating the need to make further changes.
>From my side, we are ready to finalize the draft.

BR
René

2017-03-16 16:25 GMT+01:00 Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com
>:

> Hi Rene,
>
> did you get answers to your questions below and, in general, enough
> input to finalize the draft?
>
> Thanks,
>
> Gonzalo
>
> On 05/02/2017 11:59 PM, René Hummen wrote:
> > Hi Tom,
> >
> > thanks for your review!
> >
> > I have addressed most of your comments in the new revision 05 that I
> > just uploaded before. For your remaining comments, I need additional
> > input from you and the rest of this group:
> >
> > 1) The text from Section 6.3 that you refer to is the same as in RFC5201
> > (HIPv1). I agree with you on the endianess. However, I assume that there
> > was a good reason why the sort() was specified this way in the original
> > HIP version. I would therefore prefer to keep the text as is.
> > Concerning the 96 vs. 128 bit issue, the draft defines HITs the same way
> > as HIPv2, which from my understanding are the full 128bit.
> >
> > 2) Concerning Sec. 6.5 through 6.8, I consciously chose to provide the
> > full specification here in order to significantly increase the
> > readability of these sections. When only stating the differences, I
> > found myself constantly changing between two documents (RFC7401 for the
> > content and the DEX draft to see if the content was relevant, removed,
> > or modified). To support those interested in the changes between RFC7401
> > and the DEX draft, I specifically call out the main differences at the
> > end of each section. Does this satisfy your comment?
> >
> > 3) If your suggestion for Section 10 is purely cosmetic in nature, I
> > would prefer to not put additional effort into the IANA section. So, are
> > these changes cosmetic or mandatory?
> >
> > BR
> > René
> >
> > 2016-11-20 3:32 GMT+01:00 Tom Henderson <tomhend@u.washington.edu
> > <mailto:tomhend@u.washington.edu>>:
> >
> >     Gonzalo, I have reviewed HIP DEX again and believe it is ready to
> >     publish, although I spotted a few minor items below that can be
> >     handled in the next revision.
> >
> >     - Tom
> >
> >     Editorial/minor:
> >
> >     Section 1:  The numbered list is somewhat tersely written and may be
> >     hard to interpret by the newcomer to HIP specifications.  Consider
> >     to elaborate more (using fuller sentences and not sentence
> >     fragments).  e.g.:
> >
> >     "Forfeit of Perfect Forward Secrecy with the dropping of an
> >     ephemeral Diffie-Hellman key agreement." could be
> >     "Forfeit of the HIPv2 Perfect Forward Secrecy property due to the
> >     removal of the HIPv2 ephemeral Diffie-Hellman key agreement."
> >
> >     Section 1.1, spell out 'DoS' first time usage
> >
> >     Section 4.1:  "Note that x and y each constitute half the final
> >     session key material."  (change to 'half of the')
> >
> >     The figure in 4.1 does not have a caption, and also, why is 'mac'
> >     lowercased?
> >
> >     Sec 4.1.3.1 <http://4.1.3.1>:  "Since only little data is protected
> >     by this SA" (perhaps s/little/a small amount/)
> >
> >     Sec. 5.2.4:  "The following new HIT Suite IDs are defined..." (s/IDs
> >     are/ID is/ because there is only one defined)
> >
> >     Sec. 6.3:  "sort(HIT-I | HIT-R) is defined as the network byte order
> >     concatenation of the two HITs... comparison of the two HITs
> >     interpreted as positive (unsigned) 128-bit integers in network byte
> >     order"  what does it mean to define a sort on a network byte order
> >     concatenation?  It seems perhaps clearer to leave endian issues out
> >     (they are implicit everywhere in a protocol) and just define it as a
> >     comparison on HITs interpreted as unsigned 128-bit integers (and by
> >     the way, is the full 128 bits including prefix included or just the
> >     96 bits)?
> >
> >     Sec. 6.5 through 6.8:  Unlike much of this draft, these sections do
> >     not just specifically call out the differences from the
> >     corresponding RFC 7401 sections, but instead restate the modified
> >     processing flow, and it is hard to spot what is different here.  I
> >     wonder whether it would be clearer to just refer to those processing
> >     steps in RFC 7401 that are changed.
> >
> >     Sec. 8:  Can a MITM reply to I1 with ICMP parameter problem, causing
> >     the true response (coming later) to be ignored because the initiator
> >     already gave up?  Maybe clarify here or in sec 5.4 to wait a little
> >     while before accepting the result of an ICMP.
> >
> >     Sec. 10:  Consider to update the IANA section in the style that RFC
> >     8003 (and others) used, stating the history of the registry and what
> >     exactly is requested to be changed.  For example, something like
> >     "RFC 5201 and later RFC 7401 established the following registry
> >     ....  This document defines the following new codepoints for that
> >     registry ..."
> >
> >
> >     _______________________________________________
> >     Hipsec mailing list
> >     Hipsec@ietf.org <mailto:Hipsec@ietf.org>
> >     https://www.ietf.org/mailman/listinfo/hipsec
> >     <https://www.ietf.org/mailman/listinfo/hipsec>
> >
> >
>

v2.23.0 | Report a Bug | By Email