IETF Logo Mail Archive

Re: [Hipsec] WGLC: draft-ietf-hip-over-hip-01

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Wed, 29 September 2010 17:35 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2BED03A6D43 for <hipsec@core3.amsl.com>; Wed, 29 Sep 2010 10:35:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.216
X-Spam-Level:
X-Spam-Status: No, score=-106.216 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DXDoGtSmTd7j for <hipsec@core3.amsl.com>; Wed, 29 Sep 2010 10:35:37 -0700 (PDT)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id B02D53A6DF3 for <hipsec@ietf.org>; Wed, 29 Sep 2010 10:35:37 -0700 (PDT)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id o8THa6N8002848 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 29 Sep 2010 10:36:06 -0700 (PDT)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id o8THa5xX009453; Wed, 29 Sep 2010 10:36:05 -0700 (PDT)
Received: from XCH-NWHT-02.nw.nos.boeing.com (xch-nwht-02.nw.nos.boeing.com [130.247.70.248]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id o8THa5ni009448 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Wed, 29 Sep 2010 10:36:05 -0700 (PDT)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.83]) by XCH-NWHT-02.nw.nos.boeing.com ([130.247.70.248]) with mapi; Wed, 29 Sep 2010 10:36:05 -0700
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: 'Gonzalo Camarillo' <Gonzalo.Camarillo@ericsson.com>, Ari Keränen <ari.keranen@ericsson.com>
Date: Wed, 29 Sep 2010 10:36:05 -0700
Thread-Topic: [Hipsec] WGLC: draft-ietf-hip-over-hip-01
Thread-Index: ActVbTolL0oVSL9GQn+jj5BoPjQgPQKfmDug
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CEC45191B@XCH-NW-10V.nw.nos.boeing.com>
References: <4C91C129.2090608@ericsson.com>
In-Reply-To: <4C91C129.2090608@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-over-hip-01
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Sep 2010 17:35:39 -0000

Gonzalo and Ari, here are a few comments on this draft.

3.1  Mode Negotiation

In the second paragraph, perhaps clarify that if either an empty HIP_TRANSPORT_MODE parameter or the absence of a HIP_TRANSPORT_MODE parameter in the I2 packet will invoke the policy decision by the responder (presently, it does not talk about what to do if no parameter is returned in the I2).

3.2  Mode Negotiation after HIP Base Exchange

During the base exchange in 3.1, the initiator is not required to respond (it is a SHOULD) but here, it is a MUST.  I think it probably should be relaxed to a SHOULD, or if not, can you please clarify why it is a MUST here but not in 3.1?

Likewise, at the end of this section, it probably should be stated that the host that receives the acknowledged UPDATE that does not contain any parameter will make a local policy decision whether to continue or close the association.  If it were to decide to close the association, perhaps it would be good practice to have it issue a Notify before it closes down.

3.3   HIP Messages on Encrypted Connections

   "HIP messages that result in changing or generating new keying
   material, i.e., the base exchange and re-keying UPDATE messages, MUST
   NOT be sent over an encrypted connection that is created using the
   keying material that is being changed."

I think that the above could be more clearly stated as:

   "HIP messages that result in changing or generating new keying
   material, i.e., the base exchange and re-keying UPDATE messages, MUST
   NOT be sent over an encrypted connection using the newly created
   keying material.  It should be obvious that messages that generate
   new keying material cannot be sent over sessions that require the
   keying material to already be in place, but this statement pertains
   to the case in which one side of the association has obtained the
   new keying material but the other has not, such as an R2 or UPDATE
   ACK packet."

(if you agree that the above is what is intended).

3.3.2  ESP-TCP mode

s/lower HIT/smaller HIT/

3.4  Recovering from Failed Encrypted Connections

   "Hence, while listening for incoming HIP messages on the
   encrypted connection, hosts MUST still accept incoming HIP messages
   using the same transport method (e.g., UDP or plain IP) that was used
   for the base exchange.  When responding to a HIP message sent outside
   of encrypted connection, the response MUST be sent using the same
   transport method as the original message used."

It seems to me that the specification allows a host to negotiate the use of encrypted mode, but then can disregard the "MUST send over ESP" (seciton 3.2) and send outside of the security association, and the peer must use non-encrypted messaging according to the above text.  Is this what is intended, or should there be some statement such as "if the host receives a HIP message outside of an encrypted connection when the encrypted mode has previously been negotiated, it MAY or SHOULD conclude that the ESP association is failed and must be restarted."?

4.  Notify Packet Types

The indentation of the last paragraph should be moved leftward.

s/If a host sends UPDATE/If a host sends an UPDATE/
s/it sends back/the receiving host sends back/

5.  Security

s/Thus, host requiring/Thus, a host requiring/

6.  IANA

Should the document specify to IANA that whatever type value is selected must have lower bit equal to zero, so that the parameter is interpreted as being non-critical?


Regards,
Tom

v2.29.0 | Report a Bug | By Email | System Status