[Hipsec] preview of draft-ietf-hip-mm-00 for review
thomas.r.henderson@boeing.com (Henderson, Thomas R) Mon, 04 October 2004 23:48 UTC
From: thomas.r.henderson@boeing.com
Date: Mon, 04 Oct 2004 23:48:01 +0000
Subject: [Hipsec] preview of draft-ietf-hip-mm-00 for review
Message-ID: <6938661A6EDA8A4EA8D1419BCE46F24C04060880@xch-nw-27.nw.nos.boeing.com>
X-Date: Mon Oct 4 23:48:01 2004
I plan to submit this draft as WG version -00 in a few days, but have put it up for any early comments: http://hip4inter.net/documentation/drafts/draft-nikander-hip-mm-02.txt I have tried to address the issues that people have raised on the list, and issues that have been discovered upon implementing the previous draft version. Below is a summary of open issues: Update on HIP mobility management open issues --------------- Note: The first four issues are logged at the issue tracker. The remainder are issues that have arisen during revision of the text, and open issues raised on the mailing list. On the hip-mm issue tracker, I would suggest to keep issues 1, 2, and 3 open, close issue 4, and add 6, 10, and 11 (below) to the issue tracker. 1. (Roundup issue tracker #1): Potential conflict in updating SPI values Suggested resolution: Keep open. This issue pertains to whether=20 we can abandon the address group abstraction. We agreed to leave it open until we had more insight. 2. (Roundup issue tracker #2): Problems with middleboxes Suggested resolution: Keep open. Middlebox traversal needs to be considered more carefully before this issue can be closed. For example, should one-way REAs be deprecated? 3. (Roundup issue tracker #3): address check RR design Suggested resolution: Keep open. The use of ECHO_REQUEST/REPLY has plugged the main issue raised here, but additional work ongoing in mobike and multi6 design team on failover detection and validation of alternate addresses that may apply also to HIP. 4. (Roundup issue tracker #4): Use of multiple SAs Suggested resolution: Close this issue (resolved). 5. REA parameter type is "to be defined" Suggested resolution: Tentatively, we have used the value "3" in our implementation. The desire has been to keep REA forward in the list of parameters, to make middlebox parsing easier. Whether REA should precede SPI (value "1") or vice versa might be debatable. =20 6. Bidirectionality of NES conflicting with unidirectionality of SAs and REA in multihoming case Mika has suggested in a recent mail that, when there are multiple SAs in a REA, and REA is paired with NES, that it can become ambiguous as to which SA should be rekeyed upon receipt of a REA/NES. Suggested resolution: Add a note to the text that, in the case of multihoming with multiple SAs, it is RECOMMENDED to associate SAs in pairs, and that when a NES is received for a particular SA, the peer should rekey the paired SA. Also, state that using asymmetrically set up SAs is experimental,=20 and may fail to interoperate. Also, issue should be opened in issue tracker. 7. The issue was raised on the list whether there needs to be an API to allow an application to select the source or destination IP address when there are multiple choices. Suggested resolution: Should be left outside of the draft, or discussed in an appendix. For now, there is no proposed text that would address this issue. =20 8. Discussion on the use of multihomed SAs for load balancing Suggested resolution: There are many unsolved issues with respect to load balancing across multiple addresses. For now,=20 we recommend that multihoming is just used/specified for=20 failover purposes, although experimentation is recommended. 9. If HIP negotiates base exchange using link locals, and one host moves, it will not be able to find its peer Suggested resolution: State that a host SHOULD provide its peer with a globally reachable IP address instead of relying exclusively on link-local addresses. 10. Should REA be included in R2 or R1 (R1 is presently specified in text)? Note that there is some conflict in saying that, when REA=20 is included in R1 and it includes a new preferred address,=20 that the puzzle solution MUST be valid for both responder=20 addresses. The conflict is in using Appendix D (base spec)=20 mapping functions. Suggested resolution: Open, but leaning towards recommending inclusion in R2 instead of R1, unless the reason for putting it in R1 is (re)discovered. Also, issue should be opened in issue tracker. 11. Use of SPI parameter when REA is present-- is it necessary? Suggested resolution: Open until middlebox implications are better understood. Also, issue should be opened in issue tracker.
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Henderson, Thomas R
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Miika Komu
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Mika Kousa
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Mika Kousa
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Mika Kousa
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Mika Kousa
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Pekka Nikander
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Mika Kousa
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Pekka Nikander
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Mika Kousa
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Mika Kousa
- [Hipsec] preview of draft-ietf-hip-mm-00 for revi… Pekka Nikander