IETF Logo Mail Archive

Re: [Hipsec] WGLC: draft-ietf-hip-dex-04

Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Thu, 27 April 2017 11:14 UTC

Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BC0C1293D8 for <hipsec@ietfa.amsl.com>; Thu, 27 Apr 2017 04:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.219
X-Spam-Level:
X-Spam-Status: No, score=-4.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOGfwHgYblZe for <hipsec@ietfa.amsl.com>; Thu, 27 Apr 2017 04:14:56 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7F02128C81 for <hipsec@ietf.org>; Thu, 27 Apr 2017 04:14:55 -0700 (PDT)
X-AuditID: c1b4fb25-466159a000006049-fb-5901d2ad0705
Received: from ESESSHC020.ericsson.se (Unknown_Domain [153.88.183.78]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 25.14.24649.DA2D1095; Thu, 27 Apr 2017 13:14:53 +0200 (CEST)
Received: from [147.214.160.20] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.80) with Microsoft SMTP Server id 14.3.339.0; Thu, 27 Apr 2017 13:14:51 +0200
To: René Hummen <hummen.committees@gmail.com>
References: <c6efff43-5a0c-942b-f151-751fb6694bee@ericsson.com> <alpine.LRH.2.01.1611191832580.24556@hymn03.u.washington.edu> <CANS20HNuax+5JUcHYJcmK-VuxgsYss5pgmWZc0FB+pMxem7d2w@mail.gmail.com> <fda6e51a-7542-1d56-9223-095a930249ef@ericsson.com> <CANS20HNuidtqiMi-crPVMH9dKLAYkx+O0P4uKooHLFyj9NQFiA@mail.gmail.com>
CC: Tom Henderson <tomhend@u.washington.edu>, HIP <hipsec@ietf.org>
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
Message-ID: <2a03c2d9-5a92-f630-d445-54313a231123@ericsson.com>
Date: Thu, 27 Apr 2017 13:14:50 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CANS20HNuidtqiMi-crPVMH9dKLAYkx+O0P4uKooHLFyj9NQFiA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrDLMWRmVeSWpSXmKPExsUyM2K7n+7aS4yRBo2rNCymLprMbPHu6HcW i5nnD7I5MHvsnHWX3WPJkp9MHi3XYwKYo7hsUlJzMstSi/TtErgyvk1rZypYbFKxc8lf5gbG PSpdjJwcEgImEh9XvGfsYuTiEBI4wihxccECFghnDaPE5yvnWUCqhAUMJdqntLOB2CICdhJL jjxkhSg6zCRxYOE3oCIODmYBZ4nf5xNBatgELCS23LoP1ssrYC9xZ9UbdhCbRUBV4l7PHmYQ W1QgRqJlyQdGiBpBiZMzn4DVcwoEShw6080IMVJTYv0ufZAws4C8RPPW2WCtQgLaEsuftbBM YBSYhaR7FkLHLCQdCxiZVzGKFqcWJ+WmGxnrpRZlJhcX5+fp5aWWbGIEhunBLb9VdzBefuN4 iFGAg1GJh1fhAUOkEGtiWXFl7iFGCQ5mJRFeyZ2MkUK8KYmVValF+fFFpTmpxYcYpTlYlMR5 HfddiBASSE8sSc1OTS1ILYLJMnFwSjUwcpx/YHXPfJd+5MsQpSfV8ezJ3UWyu+79Lr52ufJs 6GE1jT3njjptspJbxdh7wVthia1J0uagx9e8fUWaE75FfN0n9VX604uO5vR1pX1XNvffPvdZ PEtmlsApPd6PqybNuS5VKS3GOlf7rcu5zRyv5qqESb5XWv7sYUrXxX3aFQ392rlXfRl1lViK MxINtZiLihMBzs3wLU8CAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/kYsTerM7wJD_dWuw7fBc1VOcVFM>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-dex-04
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2017 11:14:58 -0000

Hi Rene,

to be clear, you had 3 questions on your email below and you said you
needed further input from the group. Do you mean version 05 of the draft
is ready to be sent to the IESG (i.e., ready for publication request),
or you will revise the draft once more before it is ready?

Thanks,

Gonzalo


On 26/03/2017 7:16 PM, René Hummen wrote:
> Hi Gonzalo,
> 
> I did not receive any comments indicating the need to make further
> changes. From my side, we are ready to finalize the draft.
> 
> BR
> René
> 
> 2017-03-16 16:25 GMT+01:00 Gonzalo Camarillo
> <Gonzalo.Camarillo@ericsson.com <mailto:Gonzalo.Camarillo@ericsson.com>>:
> 
>     Hi Rene,
> 
>     did you get answers to your questions below and, in general, enough
>     input to finalize the draft?
> 
>     Thanks,
> 
>     Gonzalo
> 
>     On 05/02/2017 11:59 PM, René Hummen wrote:
>     > Hi Tom,
>     >
>     > thanks for your review!
>     >
>     > I have addressed most of your comments in the new revision 05 that I
>     > just uploaded before. For your remaining comments, I need additional
>     > input from you and the rest of this group:
>     >
>     > 1) The text from Section 6.3 that you refer to is the same as in
>     RFC5201
>     > (HIPv1). I agree with you on the endianess. However, I assume that
>     there
>     > was a good reason why the sort() was specified this way in the
>     original
>     > HIP version. I would therefore prefer to keep the text as is.
>     > Concerning the 96 vs. 128 bit issue, the draft defines HITs the
>     same way
>     > as HIPv2, which from my understanding are the full 128bit.
>     >
>     > 2) Concerning Sec. 6.5 through 6.8, I consciously chose to provide the
>     > full specification here in order to significantly increase the
>     > readability of these sections. When only stating the differences, I
>     > found myself constantly changing between two documents (RFC7401
>     for the
>     > content and the DEX draft to see if the content was relevant, removed,
>     > or modified). To support those interested in the changes between
>     RFC7401
>     > and the DEX draft, I specifically call out the main differences at the
>     > end of each section. Does this satisfy your comment?
>     >
>     > 3) If your suggestion for Section 10 is purely cosmetic in nature, I
>     > would prefer to not put additional effort into the IANA section.
>     So, are
>     > these changes cosmetic or mandatory?
>     >
>     > BR
>     > René
>     >
>     > 2016-11-20 3:32 GMT+01:00 Tom Henderson <tomhend@u.washington.edu
>     <mailto:tomhend@u.washington.edu>
>     > <mailto:tomhend@u.washington.edu <mailto:tomhend@u.washington.edu>>>:
>     >
>     >     Gonzalo, I have reviewed HIP DEX again and believe it is ready to
>     >     publish, although I spotted a few minor items below that can be
>     >     handled in the next revision.
>     >
>     >     - Tom
>     >
>     >     Editorial/minor:
>     >
>     >     Section 1:  The numbered list is somewhat tersely written and may be
>     >     hard to interpret by the newcomer to HIP specifications.  Consider
>     >     to elaborate more (using fuller sentences and not sentence
>     >     fragments).  e.g.:
>     >
>     >     "Forfeit of Perfect Forward Secrecy with the dropping of an
>     >     ephemeral Diffie-Hellman key agreement." could be
>     >     "Forfeit of the HIPv2 Perfect Forward Secrecy property due to the
>     >     removal of the HIPv2 ephemeral Diffie-Hellman key agreement."
>     >
>     >     Section 1.1, spell out 'DoS' first time usage
>     >
>     >     Section 4.1:  "Note that x and y each constitute half the final
>     >     session key material."  (change to 'half of the')
>     >
>     >     The figure in 4.1 does not have a caption, and also, why is 'mac'
>     >     lowercased?
>     >
>     >     Sec 4.1.3.1 <http://4.1.3.1>:  "Since only little data is
>     protected
>     >     by this SA" (perhaps s/little/a small amount/)
>     >
>     >     Sec. 5.2.4:  "The following new HIT Suite IDs are defined..."
>     (s/IDs
>     >     are/ID is/ because there is only one defined)
>     >
>     >     Sec. 6.3:  "sort(HIT-I | HIT-R) is defined as the network byte
>     order
>     >     concatenation of the two HITs... comparison of the two HITs
>     >     interpreted as positive (unsigned) 128-bit integers in network
>     byte
>     >     order"  what does it mean to define a sort on a network byte order
>     >     concatenation?  It seems perhaps clearer to leave endian
>     issues out
>     >     (they are implicit everywhere in a protocol) and just define
>     it as a
>     >     comparison on HITs interpreted as unsigned 128-bit integers
>     (and by
>     >     the way, is the full 128 bits including prefix included or
>     just the
>     >     96 bits)?
>     >
>     >     Sec. 6.5 through 6.8:  Unlike much of this draft, these
>     sections do
>     >     not just specifically call out the differences from the
>     >     corresponding RFC 7401 sections, but instead restate the modified
>     >     processing flow, and it is hard to spot what is different here.  I
>     >     wonder whether it would be clearer to just refer to those
>     processing
>     >     steps in RFC 7401 that are changed.
>     >
>     >     Sec. 8:  Can a MITM reply to I1 with ICMP parameter problem,
>     causing
>     >     the true response (coming later) to be ignored because the
>     initiator
>     >     already gave up?  Maybe clarify here or in sec 5.4 to wait a
>     little
>     >     while before accepting the result of an ICMP.
>     >
>     >     Sec. 10:  Consider to update the IANA section in the style
>     that RFC
>     >     8003 (and others) used, stating the history of the registry
>     and what
>     >     exactly is requested to be changed.  For example, something like
>     >     "RFC 5201 and later RFC 7401 established the following registry
>     >     ....  This document defines the following new codepoints for that
>     >     registry ..."
>     >
>     >
>     >     _______________________________________________
>     >     Hipsec mailing list
>     >     Hipsec@ietf.org <mailto:Hipsec@ietf.org>
>     <mailto:Hipsec@ietf.org <mailto:Hipsec@ietf.org>>
>     >     https://www.ietf.org/mailman/listinfo/hipsec
>     <https://www.ietf.org/mailman/listinfo/hipsec>
>     >     <https://www.ietf.org/mailman/listinfo/hipsec
>     <https://www.ietf.org/mailman/listinfo/hipsec>>
>     >
>     >
> 
>

v2.23.0 | Report a Bug | By Email