Re: [Hipsec] WGLC: draft-ietf-hip-native-nat-traversal

Ari Keränen <> Tue, 16 February 2016 14:22 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 902AF1A871A for <>; Tue, 16 Feb 2016 06:22:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.901
X-Spam-Status: No, score=-3.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id K8esa9eS-qyG for <>; Tue, 16 Feb 2016 06:22:51 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AEE541A6F3B for <>; Tue, 16 Feb 2016 06:22:50 -0800 (PST)
X-AuditID: c1b4fb2d-f794c6d000006f31-5e-56c330b8f21a
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id C4.74.28465.8B033C65; Tue, 16 Feb 2016 15:22:48 +0100 (CET)
Received: from ( by ( with Microsoft SMTP Server id; Tue, 16 Feb 2016 15:22:48 +0100
To: Gonzalo Camarillo <>, Tom Henderson <>, HIP <>
References: <> <>
From: Ari Keränen <>
Message-ID: <>
Date: Tue, 16 Feb 2016 16:22:48 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrFLMWRmVeSWpSXmKPExsUyM2K7t+4Og8NhBt1HLS2mLprMbDHz/EE2 ByaPJUt+Mnm0XI8JYIrisklJzcksSy3St0vgyvjfIVpwh79iz/ojrA2MJ3m6GDk4JARMJF4+ 0Opi5AQyxSQu3FvP1sXIxSEkcJhRoudBLzOEs45RYkv7ZkaQKmEBe4mT+26xgzSLCFRKbD7H ChIWEsiWOPvnFRtImFkgRmJmIzdImE3AVuJ3+x4mEJtXQFvizZ6LYFNYBFQlVj2bxAJiiwqk Seyf/RuqRlDi5MwnYHFOAR2JxQ2P2CFG2ks82FoGEmYWkJfY/nYOM8RWVYmr/14xTmAUnIWk exZCxywkHQsYmVcxihanFhfnphsZ66UWZSYXF+fn6eWllmxiBIbowS2/dXcwrn7teIhRgINR iYe3IOJQmBBrYllxZe4hRgkOZiUR3n+vgEK8KYmVValF+fFFpTmpxYcYpTlYlMR51zivDxMS SE8sSc1OTS1ILYLJMnFwSjUwmjPsi7+/enOa4r7JakW/ubep/fq+9K62PePRNWU5xkzPjSVe zqkIvfW1xPhNaRg3o+5ysxVTHitPVf7QcS8675WAwMmEtzG7Dyw4uP/tl4A94Zvql8T4/o6t ef8y8uTH2K+F6bsupkuef7Buc1NTyqrue+WyG9N7+G79+Hi44/xGhbn97nqsaUosxRmJhlrM RcWJABsYjHlNAgAA
Archived-At: <>
Cc: Jan Melen <>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-native-nat-traversal
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 16 Feb 2016 14:22:52 -0000

Thank you for the review Tom! Please see below.

> On 12/02/2016 11:54 PM, Tom Henderson wrote:
>> Gonzalo and all,
>> My understanding is that the WG reached consensus several years ago
>> that the standards-track NAT traversal variant would be the native
>> NAT traversal and not the RFC5770-based ICE/STUN/TURN version.
>> I reviewed the above draft and noticed that it still contains
>> normative references to RFC5770 (pointers to material found only in
>> RFC5770) throughout, and contains RFC5770 as a normative reference
>> in Section 8.1.  It seems to me that the WG ought to produce a
>> specification that can stand alone from RFC5770, because as it
>> stands now, it seems to me that someone implementing it would need
>> to consult both drafts and may be uncertain about what is still
>> applicable from RFC5770.  For example, is the UDP-ENCAPSULATION
>> mode still valid?

Indeed this variant is the standards-track solution, but I think it 
makes sense to not obsolete the RFC5770. For example, in some scenario 
the STUN based solution could be better than native HIP based. And also 
the UDP-ENCAPSULATION mode should be still valid.

>> ICE (RFC 5245) is also still listed as normative but it seems to me
>> that it should also be informative in this draft.

The details of e.g., how ICE checklists are used are defined in RFC5245 
so I think it needs to be normative.

>> I think it would be appropriate to just reference 5770 in the
>> Introduction, stating that this specification replaces RFC 5770
>> with a different mechanism than ICE/STUN/TURN, and then try to
>> avoid referencing 5770 from then on.

Avoiding RFC 5770 altogether would require lots of editorial work with 
this draft for a questionable amount of benefit, so I think it's better 
if we simply have it as normative reference. The maturity level of 5770 
(experimental) is an issue, but I think it is possible - and makes sense 
- to make an exception here.