Re: [manet] SMF - overloading the ID field
"Templin, Fred L" <Fred.L.Templin@boeing.com> Tue, 22 November 2011 17:54 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9937E21F8B81 for <manet@ietfa.amsl.com>; Tue, 22 Nov 2011 09:54:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.728
X-Spam-Level:
X-Spam-Status: No, score=-6.728 tagged_above=-999 required=5 tests=[AWL=-0.129, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aKm9Ua93jdjb for <manet@ietfa.amsl.com>; Tue, 22 Nov 2011 09:54:34 -0800 (PST)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by ietfa.amsl.com (Postfix) with ESMTP id E8CE021F8A69 for <manet@ietf.org>; Tue, 22 Nov 2011 09:54:33 -0800 (PST)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id pAMHsR8v028721 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 22 Nov 2011 11:54:28 -0600 (CST)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id pAMHsPN5012514; Tue, 22 Nov 2011 11:54:25 -0600 (CST)
Received: from XCH-NWHT-11.nw.nos.boeing.com (xch-nwht-11.nw.nos.boeing.com [130.247.25.114]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id pAMHsOcI012484 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Tue, 22 Nov 2011 11:54:25 -0600 (CST)
Received: from XCH-NW-01V.nw.nos.boeing.com ([130.247.64.97]) by XCH-NWHT-11.nw.nos.boeing.com ([130.247.25.114]) with mapi; Tue, 22 Nov 2011 09:54:24 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Joe Macker <joseph.macker@nrl.navy.mil>, Teco Boot <teco@inf-net.nl>
Date: Tue, 22 Nov 2011 09:54:23 -0800
Thread-Topic: [manet] SMF - overloading the ID field
Thread-Index: Acylry6UFDJ1bzRLQmKbwCGhwDkdFwDjK4wg
Message-ID: <E1829B60731D1740BB7A0626B4FAF0A65C7911EF74@XCH-NW-01V.nw.nos.boeing.com>
References: <56316A17-2BCE-45A7-B43C-7ED04C205274@inf-net.nl> <07AB3231-A249-4987-848A-D5ED2EF9B9C7@nrl.navy.mil> <1E53FEB8-83FE-4959-BE17-B74A15C67D0D@inf-net.nl> <F2109C6C-E4DF-497D-A813-48573C05B2DB@nrl.navy.mil>
In-Reply-To: <F2109C6C-E4DF-497D-A813-48573C05B2DB@nrl.navy.mil>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "manet@ietf.org IETF" <manet@ietf.org>
Subject: Re: [manet] SMF - overloading the ID field
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2011 17:54:34 -0000
About SMF and I-DPD, you might be interested to know about SEAL encapsulation which includes a 32-bit packet ID field that behaves the in exactly the same way as for the IPsec AH and ESP Sequence Number: http://www.ietf.org/id/draft-templin-intarea-seal-39.txt SEAL is like a lightweight variation of tunnel-mode IPsec/AH, but it also takes care of path MTU adaptation, nested encapsulation and re-encapsulation. I haven't written about SEAL and multicast yet, but multicast SEAL tunnel neighbor associations would be handled the same as for multicast IPsec security associations. SEAL is for MANET applications, but is also broadly applicable for numerous other use case secenarios. It works in conjunction with VET, and supports the IRON architectural framework: http://www.ietf.org/id/draft-templin-intarea-vet-31.txt http://www.ietf.org/id/draft-templin-ironbis-08.txt Should I start a new discussion thread on the applicability of IRON, SEAL and VET for MANET scenarios? Thanks - Fred fred.l.templin@boeing.com > -----Original Message----- > From: manet-bounces@ietf.org [mailto:manet-bounces@ietf.org] > On Behalf Of Joe Macker > Sent: Thursday, November 17, 2011 8:59 PM > To: Teco Boot > Cc: manet@ietf.org IETF > Subject: Re: [manet] SMF - overloading the ID field > > On Nov 16, 2011, at 9:50 PM, Teco Boot wrote: > > > Did you remove all of I-DPD, I mean also the IPsec enhanced > Tuple I-DPD Check? > > Anyway, a mix of H-DPD and "complete I-DPD" works just > fine, if implemented well. There is no need for > standardization, the function is local to the box. > > > > Teco > > > > > > Op 16 nov. 2011, om 19:18 heeft Joe Macker het volgende geschreven: > > > >> On Nov 16, 2011, at 4:49 AM, Teco Boot wrote: > >>> More thoughts on what to do with SMF IPv4 I-DPD: > >>> > >>> If one says we shall not overload the ID field and take > out all IPv4 I-DPD functions, I wonder why we keep IPv6 > I-DPD. Tomorrow one could write something like: > >>>> o >> IPv6 Fragment Header Identification field MUST NOT > be used for purposes other than > >>> > >>>> fragmentation and reassembly. > >>> > >>> Oeps, I did already... > >>> > >>> AFAIK no one came up with real harm using the IPv4 ID > field for DPD. RFC 1122 suggests so ("discard duplicate > datagrams"), for slightly different reasons. But yes, there > are concerns with atomic non-IPsec datagrams. We can use > H-DPD for these, which will use the ID field anyway ;-) > >>> > >>> I don't think there is a strong need to take out I-DPD > for non-atomic datagrams. ID field is OK, ipv4-id-update: > >>>> o IPv4 ID uniqueness applies to only non-atomic datagrams. > >> > >> Agreed so its not really overloading in that non-atomic > case. That is what I said in jabber last night. > >> > >> However, I have already rewritten the IPv4 part to be > H-DPD only and while I agree with your subtle point in > non-atomic case I think a hybrid I-DPD/H-DPD state machine is > more complex. > >> > >> I think a need a few more days to possibly refactor the > security considerations since there is a relationship and > then I can pass it on. > >>> > >>> > >>> Teco. > >>> > >>> _______________________________________________ > >>> manet mailing list > >>> manet@ietf.org > >>> https://www.ietf.org/mailman/listinfo/manet > >>> > >> > > > > > > _______________________________________________ > manet mailing list > manet@ietf.org > https://www.ietf.org/mailman/listinfo/manet >
- [manet] SMF - overloading the ID field Teco Boot
- Re: [manet] SMF - overloading the ID field Charles E. Perkins
- Re: [manet] SMF - overloading the ID field Joe Macker
- Re: [manet] SMF - overloading the ID field Cole, Robert G USA CIV (US)
- Re: [manet] SMF - overloading the ID field Teco Boot
- Re: [manet] SMF - overloading the ID field Joe Macker
- Re: [manet] SMF - overloading the ID field Templin, Fred L