[Hipsec] Roman Danyliw's No Objection on draft-ietf-hip-native-nat-traversal-30: (with COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 03 March 2020 21:48 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: hipsec@ietf.org
Delivered-To: hipsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 802B23A0A82; Tue, 3 Mar 2020 13:48:22 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-hip-native-nat-traversal@ietf.org, hip-chairs@ietf.org, hipsec@ietf.org, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, gonzalo.camarillo@ericsson.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.119.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <158327210243.7870.10766874805525371271@ietfa.amsl.com>
Date: Tue, 03 Mar 2020 13:48:22 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/mjIn43kSSPC1cjhPnK57oVIRNYU>
Subject: [Hipsec] Roman Danyliw's No Objection on draft-ietf-hip-native-nat-traversal-30: (with COMMENT)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2020 21:48:23 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-hip-native-nat-traversal-30: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


** Section 6.1.  Per “Also, revealing host addresses exposes information about
the local topology that may not be allowed in all corporate environments.”,
concur with the sentiment.  However, this desire to reduce exposure may be
beyond just “corporate” environment – recommend dropping the “corporate”

** Section 6.1. Per “For these two local policy reasons, an end-host MAY
exclude certain host addresses from its LOCATOR_SET parameter, but this
requires further experimentation.”, what actions should implementers take from
the “this requires further experimentation”?

** Section 6.2.  Per “In opportunistic HIP mode (cf.  Section 4.1.8 in
[RFC7401]), an Initiator sends an I1 with without setting  the destination HIT
of the Responder”, the text conflicts on whether to send the destination HIT –
it likely should say “without the destination HIT” (i.e., “initial I1 packet
contains all zeros as the destination HIT” per RFC7401).

** Section 6.3.  Could the reference to [HIP-MIDDLE] be clarified:
-- The reference says its: “Heer, T., Wehrle, K., and M. Komu, "End-Host
Authentication for HIP Middleboxes", Work in Progress, February 2009”.  Is that
the same as draft-heer-hip-middle-auth-04, from October 2011?

-- How much confidence is there in making this recommendation to an
unpublished, expired experimental draft?

** Editorial Nits important for clarity in security considerations:
-- Section 5.8.  s/Similarly as with RVS_HMAC, also RELAY_HMAC is keyed
.../Similarly as with RVS_HMAC, RELAY_HMAC .../

-- Section 6.1. Editorial.  s/Especially, this could be problematic with a
…/This could be especially problematic with a …/

Section 6.1.  Recommend being clearing on the privacy and DoS protection by:
s/This partially protects the …/This use also partially protects the …/

-- Section 6.7  Editorial.  Recommend clarification how HIP is immune to the
Section 19.2 of RFC8445 attack with: s/HIP bases its control plane security  on
Diffie-Hellman key exchange, public keys and Hashed Message Authentication
codes, meaning that the mentioned security concerns do not apply to HIP
either./ As HIP bases its control plane security  on Diffie-Hellman key
exchange, public keys and Hashed Message Authentication codes, this attack is
mitigated in this protocol./

-- Section 6.7.  Editorial.
s/The mentioned section discusses also of …/
Section 19.2 of [RFC8445] also mentioned also discusses …/

-- Section 6.7. Editorial.  Recommend referencing the text of the connectivity
check that prevents the MiTM replay attack: s/The connectivity checks in this
protocol are immune … and send back as a response./ The connectivity checks in
this protocol are immune … and send back as a response per Section 4.6.1./

Editorial Nits
-- Section 1.  Editorial.  Per “Also, especially NATs usually …” reads
awkwardly to me – perhaps “Also, NATs usually ..”

-- Section 1.  Editorial.  Per “… so that basically ICE is responsible for NAT
traversal …” reads colloquially – perhaps “so that ICE is responsible for NAT
traversal …”

-- Section 1.  Editorial.  Per “Similarly as Legacy ICE-HIP, also this
specification …”, it might be more readable as “As with Legacy ICE-HIP, this
specification …”

-- Section 2.  Typo. s/prodecure/procedure/

-- Section 2. Typo. s/the the/the/

-- Section 3.  Typo.  s/Cotrol/Control/

-- Section 5.6.  Typo. s/reserved/reserved/

-- Section 6.5.  Typo. s/a another/another/

-- Section 7.  Typo. s/emphemeral/ephemeral/