Re: [Hipsec] comments on draft-ietf-hip-rfc5201-bis-04
"Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com> Mon, 24 January 2011 15:37 UTC
Return-Path: <jeffrey.m.ahrenholz@boeing.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 30B9B3A68FA for <hipsec@core3.amsl.com>; Mon, 24 Jan 2011 07:37:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.466
X-Spam-Level:
X-Spam-Status: No, score=-6.466 tagged_above=-999 required=5 tests=[AWL=0.133, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ire3BMW-d1bJ for <hipsec@core3.amsl.com>; Mon, 24 Jan 2011 07:37:23 -0800 (PST)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 694C13A68E4 for <hipsec@ietf.org>; Mon, 24 Jan 2011 07:37:23 -0800 (PST)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id p0OFe8Ev007137 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 24 Jan 2011 07:40:10 -0800 (PST)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id p0OFe5iD017985; Mon, 24 Jan 2011 09:40:05 -0600 (CST)
Received: from XCH-NWHT-09.nw.nos.boeing.com (xch-nwht-09.nw.nos.boeing.com [130.247.25.115]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id p0OFe2i8017874 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Mon, 24 Jan 2011 09:40:04 -0600 (CST)
Received: from XCH-NW-12V.nw.nos.boeing.com ([130.247.25.246]) by XCH-NWHT-09.nw.nos.boeing.com ([130.247.25.115]) with mapi; Mon, 24 Jan 2011 07:40:02 -0800
From: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
To: Tobias Heer <heer@cs.rwth-aachen.de>
Date: Mon, 24 Jan 2011 07:40:00 -0800
Thread-Topic: [Hipsec] comments on draft-ietf-hip-rfc5201-bis-04
Thread-Index: Acu7zfBSRwA6isnsTvKIKUAKhlggFgADNrIQ
Message-ID: <FD98F9C3CBABA74E89B5D4B5DE0263B9379A89497B@XCH-NW-12V.nw.nos.boeing.com>
References: <FD98F9C3CBABA74E89B5D4B5DE0263B9379A848940@XCH-NW-12V.nw.nos.boeing.com> <90014AE7-DB37-4227-AD71-ED36285A2D5B@cs.rwth-aachen.de>
In-Reply-To: <90014AE7-DB37-4227-AD71-ED36285A2D5B@cs.rwth-aachen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "hipsec@ietf.org" <hipsec@ietf.org>
Subject: Re: [Hipsec] comments on draft-ietf-hip-rfc5201-bis-04
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2011 15:37:24 -0000
> > Section 3.2 mentions Section 4.2 and 6 of [I-D.mcgrew-fundamental-ecc] > > the HTML tool incorrectly links Section 4.2 (of current doc) > > > > This is odd. The HTML version tries to be smart but fails. There is no link > pointing to that section in the xml document. I have no clue what to do because > there is nothing I could remove. I guess there's nothing we can do here, they need to fix the tool. > > Section 4.1 says "In the first two packets, the hosts agree on a set of > cryptographic identifiers and algorithms..."; wouldn't you say the first 3 > packets, since the 3rd/I2 packet contains the chosen HIP_CIPHER? > I'd say that the agreement has already been reached when the second packet was > processed. The third packet only contains the effect of the agreement. > Does that make sense? Yes, makes sense. > > Section 5.3.1 says "The HIP packet, however, MUST NOT be fragmented." while > > Section 5.1.3 says "A HIP implementation must support IP > fragmentation/reassembly." ...I think 5.3.1 is discussing HIP packets having an > upper-layer payload, but this should be clarified. > > You mean 5.3 and 5.3.1? I guess it's 5.1.3 and 5.3: 5.1.3 says IP fragmentation MUST be implemented 5.3 says the HIP packet MUST NOT be fragmented So fragmentation in 5.3 refers only to piggy-backed data, I think. > The case is a bit schizophrenic anyway. I think the requirement in 5.3 should be > lowered to a SHOULD NOT be fragmented, emphasizing the potentially negative > effects of fragmentation. > What do you think? Yes, SHOULD NOT sounds good. This text seems to say: if the data you are trying to piggy-back on the I1 would cause the HIP packet to fragment, send the data in its own (TCP/UDP/IP) packet following the BEX. -Jeff
- [Hipsec] comments on draft-ietf-hip-rfc5201-bis-04 Ahrenholz, Jeffrey M
- Re: [Hipsec] comments on draft-ietf-hip-rfc5201-b… Tobias Heer
- Re: [Hipsec] comments on draft-ietf-hip-rfc5201-b… Ahrenholz, Jeffrey M
- Re: [Hipsec] comments on draft-ietf-hip-rfc5201-b… Tobias Heer