Re: [Hipsec] DEX parameters and parameter usage
Robert Moskowitz <rgm@htt-consult.com> Wed, 14 July 2010 15:58 UTC
Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1F8633A6B78 for <hipsec@core3.amsl.com>; Wed, 14 Jul 2010 08:58:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZvhKH7nAKQY for <hipsec@core3.amsl.com>; Wed, 14 Jul 2010 08:58:30 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 811AA3A6A33 for <hipsec@ietf.org>; Wed, 14 Jul 2010 08:58:27 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 83D1068B24; Wed, 14 Jul 2010 15:50:02 +0000 (UTC)
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BT8obndHwDBJ; Wed, 14 Jul 2010 11:49:52 -0400 (EDT)
Received: from nc2400.htt-consult.com (unknown [12.2.202.16]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 60A4F68AD0; Wed, 14 Jul 2010 11:49:52 -0400 (EDT)
Message-ID: <4C3DDE9E.10508@htt-consult.com>
Date: Wed, 14 Jul 2010 08:58:22 -0700
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100430 Fedora/3.0.4-2.fc12 Thunderbird/3.0.4
MIME-Version: 1.0
To: Tobias Heer <heer@cs.rwth-aachen.de>
References: <4C3C7661.4000408@nomadiclab.com> <3C59C310-9904-418D-AE52-F1E9891D89C8@cs.rwth-aachen.de> <4C3DBA1B.7060308@htt-consult.com> <82291E08-91E0-4913-937B-2C7B578481DC@cs.rwth-aachen.de>
In-Reply-To: <82291E08-91E0-4913-937B-2C7B578481DC@cs.rwth-aachen.de>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HIP WG <hipsec@ietf.org>
Subject: Re: [Hipsec] DEX parameters and parameter usage
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2010 15:58:31 -0000
> > Hello Robert, > > Am 14.07.2010 um 15:22 schrieb Robert Moskowitz: > > >> On 07/14/2010 03:03 AM, Tobias Heer wrote: >> >>> Hello Ari, >>> >>> Am 13.07.2010 um 16:21 schrieb Ari Keranen: >>> >>> >>> >>>> Hi all, >>>> >>>> As discussed in the other thread, instead of adding new parameters to the 0-1023 range, we should rather use higher ranges for "non-essential" type of extensions. Currently the text in RFC5201 about the ranges says: >>>> >>>> Parameters numbered between 0-1023 are used in HIP >>>> handshake and update procedures and are covered by signatures. >>>> Parameters numbered between 1024-2047 are reserved. Parameters >>>> numbered between 2048-4095 are used for parameters related to HIP >>>> transform types. Parameters numbered between 4096 and (2^16 - 2^12) >>>> 61439 are reserved. >>>> >>>> The VIA and BONE extensions are not actually "handshake and update procedures", or "essential stuff", but we originally put the signed parameters OVERLAY_ID [1] and ROUTE_DST [2] there since the other possible ranges, according to the text above, were "reserved". >>>> >>>> However, better approach would be to use a higher range for this kind of extensions. For example, 4096-16383. Latest version of HICCUPS [3] already uses that range and we were planning to move the OVERLAY_ID and ROUTE_DST parameters there too (values 4592 and 4600, respectively), unless someone objects. >>>> >>>> >>> I agree that the current assignments are way to coarse grained. However, I am not really convinced that putting all extensions into one big bucket is the solution we want. Right now we have a grouping based on functionality and security requirements (signed/unsigned, BEX, other stuff). I like that approach (and would like it even better if it was a bit more fine grained) because it allows implementors to classify parameters easily. Putting every extension into the same range would mean that you can only distinguish between extension and non-extension. I would rather try to come up with a sensible allocation based on functions (although I don't have one at hand right now). >>> >>> Maybe this could be one agenda item for the 5201-bis document crafting session? >>> >> In HIP DEX I have a HIP_MAC_3 parameter since its MACing rules are different than HIP_MAC or HIP_MAC_2. So do I use the type +1 of HIP_MAC_2 or some other range? >> > +1 implies that the HIP_MAC_3 is not critical. Is this the case? Otherwise, +2 would be appropriate. Some spacing might not hurt either. > > >> I need an ENCRYPTED parameter but it has a much different content than what HIP BEX is encrypting. Do I use the same parameter or make a different one? >> > I would suggest to use a different one if it does something different. > >> In HIP DEX R1, I2, R2, UPDATE, NOTIFY, and CLOSE have different constructions. R1, I2, R2 should not be a problem using the same Packet Type, by the HIP_SUITE_ID you know you are doing HPI DEX. But what about UPDATE, NOTIFY, and CLOSE? Is the HIP_SUITE_ID enough information to process them appropriately? (note that the difference is they lack a HIP_SIGNATURE parameter, as DEX cannot do a signing operation). >> >> > I believe the packet types should stay the same as long as the function is identical. They may have different parameters but no implementation will ever run into the problem of having to handle a Diet HIP CLOSE, UPDATE or NOTIFY if it does not complete a DEX first. Of course it could receive such packet as result of an error but that would just be a malformed packet then, right? > > > >> Then there is the HIP RFID ID. How should the parameters there be numbered and what about the Packet Types? >> > It is difficult to answer this question without knowing the actual differences between HIP BEX and the RFID thing. > draft-irtf-hiprg-rfid-00.txt > >> As I look at the evolving HIP Exchange 'family', I see we are able to target different classes of computing entities. This is goodness and I am looking forward to pushing this concept in a number of venues. >> >> HIP BEX - For REAL computing platforms, PCs, PDA, Network Infrastructure things >> HIP DEX - For constrained sensors and embedded processors >> HIP TEX - (what I am calling the RFID exchange, I don't like REX, it is for any tag object) >> >> I am thinking of reworking a part of 4423-bis to discuss a family of exchanges beyond just the Base EXchange. >> >> > I would be cautious not to stretch this too far. It makes sense to be flexible but engineered flexibility often comes at the price of complexity. I think there should be a good amount of overlap between the concepts and technical solutions of BEX, DEX, and TEX to really state that they are all HIP. > > Tobias > > >> > > > >
- [Hipsec] Updating parameter type values for VIA a… Ari Keranen
- Re: [Hipsec] Updating parameter type values for V… Tobias Heer
- Re: [Hipsec] Updating parameter type values for V… Ari Keranen
- Re: [Hipsec] Updating parameter type values for V… Robert Moskowitz
- [Hipsec] DEX parameters and parameter usage (was:… Tobias Heer
- [Hipsec] Parameter space design (was: Updating pa… Tobias Heer
- Re: [Hipsec] DEX parameters and parameter usage Robert Moskowitz
- Re: [Hipsec] Parameter space design Ari Keranen