IETF Logo Mail Archive

Re: [MEXT] Call for WG adoption of I-D: draft-korhonen-mext-mip6-altsec

jouni korhonen <jouni.nospam@gmail.com> Sat, 05 February 2011 09:31 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 882583A68A2 for <mext@core3.amsl.com>; Sat, 5 Feb 2011 01:31:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XjOAvMbA22YE for <mext@core3.amsl.com>; Sat, 5 Feb 2011 01:31:08 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id A12513A6888 for <mext@ietf.org>; Sat, 5 Feb 2011 01:31:07 -0800 (PST)
Received: by bwz12 with SMTP id 12so3861399bwz.31 for <mext@ietf.org>; Sat, 05 Feb 2011 01:34:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to:x-mailer; bh=go3WAES5yAppDVvZaqb5+PPNuu3aNPgYwu10qXkOhxo=; b=DTESK0LddNruACOLEO8hL864ussDX5WD+xOLnRUy9l8J15G7XM9KlyceGW0Yy633H7 KFMc5a7MuYvnUpKFSvtLm5j+NNVz8Uh3wDaAmYyaC7cLKhf7g0FhBJ3PCTubgvSNDWmP nXIaeGXOYAxr4WWqB9TB6iG+V8JF7XaIEVSPo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=JbMga9cjmQXJT+FQcGBdRXaZZkHChkjpStQ2xp4K3pS4Ie4W/1u9Yy1ZEidT+Mttjx wESAnmORP3Z2kznhyeYZHTObp3KB28jRVXv459A+gc3dRf/wUN7Js9SfP4ZO/LrLkaZa dNlgrC1M6ywktwN5LY/4zuqQFRkHBVzbUwqDY=
Received: by 10.204.59.8 with SMTP id j8mr12447850bkh.26.1296898472418; Sat, 05 Feb 2011 01:34:32 -0800 (PST)
Received: from [192.168.0.82] (c83-249-112-207.bredband.comhem.se [83.249.112.207]) by mx.google.com with ESMTPS id 12sm884635bki.19.2011.02.05.01.34.29 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 05 Feb 2011 01:34:31 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: jouni korhonen <jouni.nospam@gmail.com>
In-Reply-To: <98A16B2D00B5724F81E80EF1927A0297040A7F@nasanexd01e.na.qualcomm.com>
Date: Sat, 05 Feb 2011 11:34:28 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <FEF1DA1D-91DF-4AE4-8C10-7B12A4D4CF36@gmail.com>
References: <878vyarmku.fsf@natisbad.org> <C963527A.D013%basavaraj.patil@nokia.com> <98A16B2D00B5724F81E80EF1927A029703E3FB@nasanexd01e.na.qualcomm.com> <06CCEF13-4E11-474D-A25E-C1425D5B520A@gmail.com> <98A16B2D00B5724F81E80EF1927A029703EAD4@nasanexd01e.na.qualcomm.com> <98A16B2D00B5724F81E80EF1927A02970409A1@nasanexd01e.na.qualcomm.com> <185D5B42-0A88-4CDB-8FFF-B49FD52D6DD5@gmail.com> <98A16B2D00B5724F81E80EF1927A0297040A1E@nasanexd01e.na.qualcomm.com> <B7C82145-9053-447A-BB4F-AB17D371BF64@gmail.com> <98A16B2D00B5724F81E80EF1927A0297040A7F@nasanexd01e.na.qualcomm.com>
To: "Laganier, Julien" <julienl@qualcomm.com>
X-Mailer: Apple Mail (2.1078)
Cc: "mext@ietf.org" <mext@ietf.org>, "jan@go6.si" <jan@go6.si>, "Basavaraj.Patil@nokia.com" <Basavaraj.Patil@nokia.com>
Subject: Re: [MEXT] Call for WG adoption of I-D: draft-korhonen-mext-mip6-altsec
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Feb 2011 09:31:10 -0000

Hi Julien,


On Jan 29, 2011, at 1:10 AM, Laganier, Julien wrote:

> None of these two points explains to me why you have to duplicate ESP functionality:
> 
> 1) You have chosen to handle SPI differently, but I don't know why. 

That was a design decision for easily to detect the type of the UDP payload. In some other cases folks have used algorithms, hash functions and such to encode more information into the SPI but we thought that would an too much. Therefore, we just dedicated few bits of the SPI for additional information.

> 2) As to ESP being absent, if the goal is to not protect some of the user-plane traffic, you can use ESP-NULL, or just the UDP encap...

Well, yes-ish. However, if I decided to send a packet without being protected, then after dispatching the packet (that is based on our SPI with type information) why would I need to do any further processing on it? If you got ESP-NULL, you still need to do additional processing like integrity check (if I were to follow ESP rules). I admit it might be "minor" but still.

So, I'll just ask once more. If I were to use ESP format laid out in other RFC and reference to them to make sure the format processing goes right, is it OK for me then to go against all MUSTs and SHALLs for the rest of the ESP rules, for example when it comes to handling of ESP-NULL?



- JOuni

> 
> --julien
> 
> None of the above explains why you need to 
> 
> Jouni wrote:
>> 
>> Hmm.. we do handle SPIs differently and our "ESP" can be absent even if
>> UDP encap is used. Would that be an issue regarding the reuse of
>> existing formats?
>> 
>> - Jouni
>> 
>> 
>> On Jan 29, 2011, at 12:29 AM, Laganier, Julien wrote:
>> 
>>> Either.
>>> 
>>> IMHO both would be cleaner that the current approach. I understand
>> the latter might also have some caveat but maybe they can be dealt with
>> in an elegant manner, without introducing too much complexity, e.g.,
>> see Arnaud's m6t (http://tools.ietf.org/html/draft-ebalard-mext-m6t-
>> 02.txt)
>>> 
>>> --julien
>>> 
>>> Jouni wrote:
>>>> 
>>>> Just a question for my clarification. Do you mean simply taking the
>> UDP
>>>> encap + ESP format or also inheriting everything those respective
>> RFCs
>>>> say about their processing etc?
>>>> 
>>>> - JOuni
>>>> 
>>>> 
>>>> On Jan 28, 2011, at 9:18 PM, Laganier, Julien wrote:
>>>> 
>>>>> Hello again,
>>>>> 
>>>>> Thought that maybe making my question a bit more specific would
>> help:
>>>>> 
>>>>> So, why don't you simply define a UDP encapsulation to ESP, instead
>>>> of duplicating ESP functionality into your framework?
>>>>> 
>>>>> --julien
>>>>> 
>>>>> Laganier, Julien wrote:
>>>>>> 
>>>>>> Hi Jouni,
>>>>>> 
>>>>>> I understand you "follow the ESP format but feel no shame on
>>>> changing
>>>>>> it if we see a reason to do so", but I am (shamelessly ;)
>> wondering
>>>>>> about the actual reason to do so, as per one of the famous
>>>>>> Architectural Principles of the Internet documented in RFC 1958:
>>>>>> 
>>>>>> 3.2 If there are several ways of doing the same thing, choose one.
>>>>>> If a previous design, in the Internet context or elsewhere, has
>>>>>> successfully solved the same problem, choose the same solution
>>>> unless
>>>>>> there is a good technical reason not to.  Duplication of the same
>>>>>> protocol functionality should be avoided as far as possible,
>>>> without
>>>>>> of course using this argument to reject improvements.
>>>>>> 
>>>>>> Would you mind enlightening us?
>>>>>> 
>>>>>> --julien
>>>>>> 
>>>>>> jouni korhonen wrote:
>>>>>>> 
>>>>>>> Few things. The draft already states that "The Padding, Pad
>> Length,
>>>>>>> Next Header and ICV fields follow the rules of Section 2.4 to 2.8
>>>> of
>>>>>>> [RFC4303] unless otherwise stated in this document." So, we
>> follow
>>>>>>> the ESP format but feel no shame on changing it if we see a
>> reason
>>>>>>> to do so.
>>>>>>> 
>>>>>>> The reason why we chose to do it like this was two fold: 1) some
>>>>>>> ciphers etc when used would need ~equivalent encapsulation anyway.
>>>>>>> 2) if we had come up with our very own format the question on the
>>>>>>> list would have been "why not using RFC4303 encapsulation format".
>>>>>>> Actually.. the latter already happened offline.
>>>>>>> 
>>>>>>> - Jouni
>>>>>>> 
>>>>>>> 
>>>>>>> On Jan 26, 2011, at 12:48 AM, Laganier, Julien wrote:
>>>>>>> 
>>>>>>>> Hi Raj,
>>>>>>>> 
>>>>>>>>> Inline:
>>>>>>>>> 
>>>>>>>>> On 1/24/11 3:58 PM, "ext Arnaud Ebalard" <arno@natisbad.org>
>>>>>> wrote:
>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> To me, what the draft describes is a patchwork based on MIPv6,
>>>>>> ESP
>>>>>>> and
>>>>>>>>>> TLS. Instead of building on top of those protocols (read
>>>>>> modularity
>>>>>>>>> and
>>>>>>>>>> interoperability), it reuses (hijacks) various blocks of
>>>>>> associated
>>>>>>>>>> standards in a non-modular way. For instance, one has to
>>>>>>> reimplement
>>>>>>>>> ESP
>>>>>>>>>> in userspace to support the protocol.
>>>>>>>>> 
>>>>>>>>> We are specifying an encapsulation method in the I-D. To say
>> that
>>>>>>> one
>>>>>>>>> has to reimplement ESP in userspace is incorrect.
>>>>>>>> 
>>>>>>>> The encapsulation format you have in the I-D is:
>>>>>>>> 
>>>>>>>> 0                   1                   2                   3
>>>>>>>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>>>>>> |
>> |
>>>>>>>> :         IPv4 or IPv6 header (src-addr=Xa, dst-
>> addr=Ya)        :
>>>>>>>> |
>> |
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>>>>>> |
>> |
>>>>>>>> :            UDP header (src-port=Xp,dst-
>> port=Yp)               :
>>>>>>>> |
>> |
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>> -
>>>>>> --
>>>>>>> ---
>>>>>>>> |PType=8|                    SPI
>> |
>>>>>>> ^Int.
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>>>>> |Cov-
>>>>>>>> |                      Sequence Number
>> |
>>>>>>> |ered
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>> |
>>>>>> -
>>>>>>> ---
>>>>>>>> |                    Payload Data* (variable)
>> |
>>>> |
>>>>>>> ^
>>>>>>>> :
>> :
>>>> |
>>>>>>> |
>>>>>>>> |
>> |
>>>>>>> |Conf.
>>>>>>>> +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>>>>> |Cov-
>>>>>>>> |               |     Padding (0-255 bytes)
>> |
>>>>>>> |ered*
>>>>>>>> +-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>> |
>>>>>>> |
>>>>>>>> |                               |  Pad Length   | Next Header
>> |
>>>> v
>>>>>>> v
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>> -
>>>>>> --
>>>>>>> ---
>>>>>>>> |         Integrity Check Value-ICV   (variable)
>> |
>>>>>>>> :
>> :
>>>>>>>> |
>> |
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>>>>>> 
>>>>>>>>    Figure 7: UDP Encapsulated Binding Management Message Format
>>>>>>>> 
>>>>>>>> Which looks like a copy/paste of the ESP specification
>> [RFC4303]:
>>>>>>>> 
>>>>>>>> 0                   1                   2                   3
>>>>>>>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>> -
>>>>>> --
>>>>>>> -
>>>>>>>> |               Security Parameters Index (SPI)
>> |
>>>>>>> ^Int.
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>>>>> |Cov-
>>>>>>>> |                      Sequence Number
>> |
>>>>>>> |ered
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>> |
>>>>>> -
>>>>>>> ---
>>>>>>>> |                    Payload Data* (variable)
>> |
>>>> |
>>>>>>> ^
>>>>>>>> ~
>> ~
>>>> |
>>>>>>> |
>>>>>>>> |
>> |
>>>>>>> |Conf.
>>>>>>>> +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>>>>> |Cov-
>>>>>>>> |               |     Padding (0-255 bytes)
>> |
>>>>>>> |ered*
>>>>>>>> +-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>> |
>>>>>>> |
>>>>>>>> |                               |  Pad Length   | Next Header
>> |
>>>> v
>>>>>>> v
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>> -
>>>>>> --
>>>>>>> ---
>>>>>>>> |         Integrity Check Value-ICV   (variable)
>> |
>>>>>>>> ~
>> ~
>>>>>>>> |
>> |
>>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
>> +
>>>>>>>> 
>>>>>>>>         Figure 1.  Top-Level Format of an ESP Packet
>>>>>>>> 
>>>>>>>> 
>>>>>>>> So the question is: Is your intent to provide a UDP
>> encapsulation
>>>>>>> format for the already specified ESP protocol, or to provide an
>>>>>>> alternative encapsulation format to ESP?
>>>>>>>> 
>>>>>>>> --julien
>>>>>>>> _______________________________________________
>>>>>>>> MEXT mailing list
>>>>>>>> MEXT@ietf.org
>>>>>>>> https://www.ietf.org/mailman/listinfo/mext
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> MEXT mailing list
>>>>>>> MEXT@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/mext
>>>>>> _______________________________________________
>>>>>> MEXT mailing list
>>>>>> MEXT@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/mext
>>> 
>

v2.23.0 | Report a Bug | By Email