Re: [Hipsec] a review of ietf-hip-rfc5206-bis-10
Tom Henderson <tomhend@u.washington.edu> Tue, 19 April 2016 17:12 UTC
Return-Path: <tomhend@u.washington.edu>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BA8312EC75 for <hipsec@ietfa.amsl.com>; Tue, 19 Apr 2016 10:12:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wLbmZbDROD4k for <hipsec@ietfa.amsl.com>; Tue, 19 Apr 2016 10:12:10 -0700 (PDT)
Received: from mxout26.s.uw.edu (mxout26.s.uw.edu [140.142.234.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D86B112EBB0 for <hipsec@ietf.org>; Tue, 19 Apr 2016 10:12:10 -0700 (PDT)
Received: from hymn04.u.washington.edu (hymn04.u.washington.edu [140.142.8.72]) by mxout26.s.uw.edu (8.14.4+UW14.03/8.14.4+UW16.03) with ESMTP id u3JHBajJ029101 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 19 Apr 2016 10:11:36 -0700
Received: from hymn04.u.washington.edu (localhost [127.0.0.1]) by hymn04.u.washington.edu (8.14.4+UW14.03/8.14.4+UW16.03) with ESMTP id u3JHBUuh031099; Tue, 19 Apr 2016 10:11:30 -0700
Received: from localhost (Unknown UID 17623@localhost) by hymn04.u.washington.edu (8.14.4+UW14.03/8.14.4+Submit-local) with ESMTP id u3JHBUkF031083; Tue, 19 Apr 2016 10:11:30 -0700
X-Auth-Received: from [73.239.169.224] by hymn04.u.washington.edu via HTTP; Tue, 19 Apr 2016 10:11:30 PDT
Date: Tue, 19 Apr 2016 10:11:30 -0700
From: Tom Henderson <tomhend@u.washington.edu>
To: hip WG <hipsec@ietf.org>, Miika Komu <miika.komu@ericsson.com>
Message-ID: <alpine.LRH.2.01.1604191011300.16100@hymn04.u.washington.edu>
User-Agent: Web Alpine 2.01 (LRH 1302 2010-07-20)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Content-Transfer-Encoding: 8bit
X-PMX-Version: 6.2.1.2493963, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.4.19.170315
X-PMX-Server: mxout26.s.uw.edu
X-Uwash-Spam: Gauge=IIIIIIII, Probability=8%, Report=' HTML_00_01 0.05, HTML_00_10 0.05, BODY_SIZE_6000_6999 0, BODY_SIZE_7000_LESS 0, DATE_TZ_NA 0, NO_CTA_URI_FOUND 0, NO_URI_FOUND 0, NO_URI_HTTPS 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __FORWARDED_MSG 0, __FRAUD_BADTHINGS 0, __HAS_FROM 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __SUBJ_ALPHA_NEGATE 0, __TO_MALFORMED_2 0, __USER_AGENT 0'
Archived-At: <http://mailarchive.ietf.org/arch/msg/hipsec/tdcJGQS33zNPYV_Vzhbl7GgyMPE>
Subject: Re: [Hipsec] a review of ietf-hip-rfc5206-bis-10
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2016 17:12:12 -0000
Hi Miika, thanks for the review; some responses are inline below. I will continue later in a second message.
- Tom
On 04/17/2016 01:26 PM, Miika Komu wrote:
> Hi,
>
> I read through ietf-hip-rfc5206-bis-10, and it is in pretty good shape.
> Below are a few nits.
>
> > 3.1. Operating Environment
> >
> > [...]
> >
> > Consider next a mobility event, in which a host moves to another IP
> > address. Two things must occur in this case. First, the peer must
> > be notified of the address change using a HIP UPDATE message.
> > Second, each host must change its local bindings at the HIP sublayer
> > (new IP addresses). It may be that both the SPIs and IP addresses
> > are changed simultaneously in a single UPDATE; the protocol described
> > herein supports this. However, elements of procedure to recover from
>
> I think simultaneous mobility is covered as already mentioned in the intro?
Fixed
>
> > 3.2.3. Mobility messaging through rendezvous server
> >
> > 3. A host receiving an UPDATE packet MUST be prepared to process the
> > FROM and RVS_HMAC parameters, and MUST include a VIA_RVS
> > parameter in the UPDATE reply that contains the ACK of the UPDATE
> > SEQ.
>
> (I would add that the return routability test should be invoked to the
> end-host's addresses rather than the ones in VIA_RVS)
I added another numbered item:
An initiator receiving a VIA_RVS in the UPDATE reply should
initiate address reachability tests (described later in this
document) towards the end host's address and not towards the
address included in the VIA_RVS.
>
> > 4. This scenario requires that hosts using rendezvous servers also
> > take steps to update their current address bindings with their
> > rendezvous server upon a mobility event.
> > [I-D.ietf-hip-rfc5204-bis] does not specify how to update the
> > rendezvous server with a client host's new address.
> > [I-D.ietf-hip-rfc5203-bis] Section 3.2 describes how a host may
> > send a REG_REQUEST in either an I2 packet (if there is no active
> > association) or an UPDATE packet (if such association exists).
>
> (Maybe this should have been actually step 0)
It really should not be in the sequential list; I moved it outside of the list.
>
> > The procedures described in [I-D.ietf-hip-rfc5203-bis] for
> > sending a REG_REQUEST and REG_RESPONSE to the rendezvous server
> > apply also to this mobility scenario.
>
> This was a bit vague, how?
Here is how I clarified it; do you agree?
According to procedures described in [I-D.ietf-hip-rfc5203-bis],
if a mobile host
has an active registration, it may use mobility updates specified
herein, within the context of that association, to readdress the
association.
>
> > 3.2.4. Network Renumbering
> >
> > It is expected that IPv6 networks will be renumbered much more often
> > than most IPv4 networks. From an end-host point of view, network
> > renumbering is similar to mobility.
>
> ...and?
added " , and procedures described herein also apply to notify a peer of
a changed address."
>
> > 3.3. Other Considerations
> >
> > 3.3.1. Address Verification
> >
> > When a HIP host receives a set of locators from another HIP host in a
> > LOCATOR_SET, it does not necessarily know whether the other host is
> > actually reachable at the claimed addresses. In fact, a malicious
> > peer host may be intentionally giving bogus addresses in order to
> > cause a packet flood towards the target addresses [RFC4225].
> > Therefore, the HIP host must first check that the peer is reachable
> > at the new address.
> >
> > An additional potential benefit of performing address verification is
> > to allow middleboxes in the network along the new path to obtain the
> > peer host's inbound SPI.
> >
> > Address verification is implemented by the challenger sending some
> > piece of unguessable information to the new address, and waiting for
> > some acknowledgment from the Responder that indicates reception of
> > the information at the new address. This may include the exchange of
> > a nonce, or the generation of a new SPI and observation of data
> > arriving on the new SPI.
>
> I suggest would move the second paragraph after the third one.
OK
>
> > 3.3.2. Credit-Based Authorization
> >
> > On this basis, rather than eliminating malicious packet redirection
> > in the first place, Credit-Based Authorization prevents
> > amplifications. This is accomplished by limiting the data a host can
> > send to an unverified address of a peer by the data recently received
> > from that peer. Redirection-based flooding attacks thus become less
> > attractive than, for example, pure direct flooding, where the
> > attacker itself sends bogus packets to the victim.
>
> Reference section 5.6?
OK
>
> > 4.3. UPDATE Packet with Included LOCATOR_SET
> >
> > A number of combinations of parameters in an UPDATE packet are
> > possible (e.g., see Section 3.2). In this document, procedures are
> > defined only for the case in which one LOCATOR_SET and one ESP_INFO
> > parameter is used in any HIP packet. Furthermore, the LOCATOR_SET
> > SHOULD list all of the locators that are active on the HIP
> > association (including those on SAs not covered by the ESP_INFO
> > parameter).
>
> What do you mean by "including those on SAs..."?
This is related to multihoming and can be deleted here.
>
> > Any UPDATE packet that includes a LOCATOR_SET parameter
> > SHOULD include both an HMAC and a HIP_SIGNATURE parameter.
>
> Please add a paragraph break here.
OK
>
> > The UPDATE MAY also include a HOST_ID parameter (which may be useful for
> > middleboxes inspecting the HIP messages for the first time). If the
> > UPDATE includes the HOST_ID parameter, the receiving host MUST verify
> > that the HOST_ID corresponds to the HOST_ID that was used to
> > establish the HIP association, and the HIP_SIGNATURE must verify with
> > the public key assodiated with this HOST_ID parameter.
>
> assodiated -> associated
>
> Please add a paragraph break here.
OK
>
> > The relationship between the announced Locators and any ESP_INFO
> > parameters present in the packet is defined in Section 5.2. This
> > draft does not support any elements of procedure for sending more
> > than one LOCATOR_SET or ESP_INFO parameter in a single UPDATE.
>
> draft -> document
OK
(remainder of comments will be addressed in a second message)
- [Hipsec] a review of ietf-hip-rfc5206-bis-10 Miika Komu
- Re: [Hipsec] a review of ietf-hip-rfc5206-bis-10 Tom Henderson
- Re: [Hipsec] a review of ietf-hip-rfc5206-bis-10 Miika Komu
- Re: [Hipsec] a review of ietf-hip-rfc5206-bis-10 Tom Henderson
- Re: [Hipsec] a review of ietf-hip-rfc5206-bis-10 Miika Komu