IETF Logo Mail Archive

Re: [MEXT] Call for WG adoption of I-D: draft-korhonen-mext-mip6-altsec

Jouni <jouni.nospam@gmail.com> Fri, 28 January 2011 22:52 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D530F3A68B7 for <mext@core3.amsl.com>; Fri, 28 Jan 2011 14:52:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.493
X-Spam-Level:
X-Spam-Status: No, score=-3.493 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZMAqtDUZ5ws for <mext@core3.amsl.com>; Fri, 28 Jan 2011 14:52:09 -0800 (PST)
Received: from vs11.mail.saunalahti.fi (vs11.mail.saunalahti.fi [195.197.172.106]) by core3.amsl.com (Postfix) with ESMTP id F35C83A67EC for <mext@ietf.org>; Fri, 28 Jan 2011 14:52:08 -0800 (PST)
Received: from saunalahti-vams (localhost [127.0.0.1]) by vs11.mail.saunalahti.fi (Postfix) with SMTP id E4A8F1A506A; Sat, 29 Jan 2011 00:55:14 +0200 (EET)
Received: from vs11.mail.saunalahti.fi ([127.0.0.1]) by vs11.mail.saunalahti.fi ([195.197.172.106]) with SMTP (gateway) id A03EB7C98A2; Sat, 29 Jan 2011 00:55:01 +0200
Received: from gw03.mail.saunalahti.fi (gw03.mail.saunalahti.fi [195.197.172.111]) by vs11.mail.saunalahti.fi (Postfix) with ESMTP id BD9421A5058; Sat, 29 Jan 2011 00:55:01 +0200 (EET)
Received: from a88-114-174-127.elisa-laajakaista.fi (a88-114-174-127.elisa-laajakaista.fi [88.114.174.127]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by gw03.mail.saunalahti.fi (Postfix) with ESMTP id 19A212169C0; Sat, 29 Jan 2011 00:54:55 +0200 (EET)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Jouni <jouni.nospam@gmail.com>
In-Reply-To: <98A16B2D00B5724F81E80EF1927A0297040A1E@nasanexd01e.na.qualcomm.com>
Date: Sat, 29 Jan 2011 00:54:55 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B7C82145-9053-447A-BB4F-AB17D371BF64@gmail.com>
References: <878vyarmku.fsf@natisbad.org> <C963527A.D013%basavaraj.patil@nokia.com> <98A16B2D00B5724F81E80EF1927A029703E3FB@nasanexd01e.na.qualcomm.com> <06CCEF13-4E11-474D-A25E-C1425D5B520A@gmail.com> <98A16B2D00B5724F81E80EF1927A029703EAD4@nasanexd01e.na.qualcomm.com> <98A16B2D00B5724F81E80EF1927A02970409A1@nasanexd01e.na.qualcomm.com> <185D5B42-0A88-4CDB-8FFF-B49FD52D6DD5@gmail.com> <98A16B2D00B5724F81E80EF1927A0297040A1E@nasanexd01e.na.qualcomm.com>
To: "Laganier, Julien" <julienl@qualcomm.com>
X-Mailer: Apple Mail (2.1082)
X-Antivirus: VAMS
Cc: "mext@ietf.org" <mext@ietf.org>, "jan@go6.si" <jan@go6.si>, "Basavaraj.Patil@nokia.com" <Basavaraj.Patil@nokia.com>
Subject: Re: [MEXT] Call for WG adoption of I-D: draft-korhonen-mext-mip6-altsec
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jan 2011 22:52:10 -0000

Hmm.. we do handle SPIs differently and our "ESP" can be absent even if UDP encap is used. Would that be an issue regarding the reuse of existing formats?

- Jouni


On Jan 29, 2011, at 12:29 AM, Laganier, Julien wrote:

> Either. 
> 
> IMHO both would be cleaner that the current approach. I understand the latter might also have some caveat but maybe they can be dealt with in an elegant manner, without introducing too much complexity, e.g., see Arnaud's m6t (http://tools.ietf.org/html/draft-ebalard-mext-m6t-02.txt)
> 
> --julien
> 
> Jouni wrote: 
>> 
>> Just a question for my clarification. Do you mean simply taking the UDP
>> encap + ESP format or also inheriting everything those respective RFCs
>> say about their processing etc?
>> 
>> - JOuni
>> 
>> 
>> On Jan 28, 2011, at 9:18 PM, Laganier, Julien wrote:
>> 
>>> Hello again,
>>> 
>>> Thought that maybe making my question a bit more specific would help:
>>> 
>>> So, why don't you simply define a UDP encapsulation to ESP, instead
>> of duplicating ESP functionality into your framework?
>>> 
>>> --julien
>>> 
>>> Laganier, Julien wrote:
>>>> 
>>>> Hi Jouni,
>>>> 
>>>> I understand you "follow the ESP format but feel no shame on
>> changing
>>>> it if we see a reason to do so", but I am (shamelessly ;) wondering
>>>> about the actual reason to do so, as per one of the famous
>>>> Architectural Principles of the Internet documented in RFC 1958:
>>>> 
>>>>  3.2 If there are several ways of doing the same thing, choose one.
>>>>  If a previous design, in the Internet context or elsewhere, has
>>>>  successfully solved the same problem, choose the same solution
>> unless
>>>>  there is a good technical reason not to.  Duplication of the same
>>>>  protocol functionality should be avoided as far as possible,
>> without
>>>>  of course using this argument to reject improvements.
>>>> 
>>>> Would you mind enlightening us?
>>>> 
>>>> --julien
>>>> 
>>>> jouni korhonen wrote:
>>>>> 
>>>>> Few things. The draft already states that "The Padding, Pad Length,
>>>>> Next Header and ICV fields follow the rules of Section 2.4 to 2.8
>> of
>>>>> [RFC4303] unless otherwise stated in this document." So, we follow
>>>>> the ESP format but feel no shame on changing it if we see a reason
>>>>> to do so.
>>>>> 
>>>>> The reason why we chose to do it like this was two fold: 1) some
>>>>> ciphers etc when used would need ~equivalent encapsulation anyway.
>>>>> 2) if we had come up with our very own format the question on the
>>>>> list would have been "why not using RFC4303 encapsulation format".
>>>>> Actually.. the latter already happened offline.
>>>>> 
>>>>> - Jouni
>>>>> 
>>>>> 
>>>>> On Jan 26, 2011, at 12:48 AM, Laganier, Julien wrote:
>>>>> 
>>>>>> Hi Raj,
>>>>>> 
>>>>>>> Inline:
>>>>>>> 
>>>>>>> On 1/24/11 3:58 PM, "ext Arnaud Ebalard" <arno@natisbad.org>
>>>> wrote:
>>>>>>> 
>>>>>>>> 
>>>>>>>> To me, what the draft describes is a patchwork based on MIPv6,
>>>> ESP
>>>>> and
>>>>>>>> TLS. Instead of building on top of those protocols (read
>>>> modularity
>>>>>>> and
>>>>>>>> interoperability), it reuses (hijacks) various blocks of
>>>> associated
>>>>>>>> standards in a non-modular way. For instance, one has to
>>>>> reimplement
>>>>>>> ESP
>>>>>>>> in userspace to support the protocol.
>>>>>>> 
>>>>>>> We are specifying an encapsulation method in the I-D. To say that
>>>>> one
>>>>>>> has to reimplement ESP in userspace is incorrect.
>>>>>> 
>>>>>> The encapsulation format you have in the I-D is:
>>>>>> 
>>>>>> 0                   1                   2                   3
>>>>>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>>> |                                                               |
>>>>>> :         IPv4 or IPv6 header (src-addr=Xa, dst-addr=Ya)        :
>>>>>> |                                                               |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>>> |                                                               |
>>>>>> :            UDP header (src-port=Xp,dst-port=Yp)               :
>>>>>> |                                                               |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> -
>>>> --
>>>>> ---
>>>>>> |PType=8|                    SPI                                |
>>>>> ^Int.
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>> |Cov-
>>>>>> |                      Sequence Number                          |
>>>>> |ered
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |
>>>> -
>>>>> ---
>>>>>> |                    Payload Data* (variable)                   |
>> |
>>>>> ^
>>>>>> :                                                               :
>> |
>>>>> |
>>>>>> |                                                               |
>>>>> |Conf.
>>>>>> +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>> |Cov-
>>>>>> |               |     Padding (0-255 bytes)                     |
>>>>> |ered*
>>>>>> +-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |
>>>>> |
>>>>>> |                               |  Pad Length   | Next Header   |
>> v
>>>>> v
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> -
>>>> --
>>>>> ---
>>>>>> |         Integrity Check Value-ICV   (variable)                |
>>>>>> :                                                               :
>>>>>> |                                                               |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>>> 
>>>>>>     Figure 7: UDP Encapsulated Binding Management Message Format
>>>>>> 
>>>>>> Which looks like a copy/paste of the ESP specification [RFC4303]:
>>>>>> 
>>>>>> 0                   1                   2                   3
>>>>>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> -
>>>> --
>>>>> -
>>>>>> |               Security Parameters Index (SPI)                 |
>>>>> ^Int.
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>> |Cov-
>>>>>> |                      Sequence Number                          |
>>>>> |ered
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |
>>>> -
>>>>> ---
>>>>>> |                    Payload Data* (variable)                   |
>> |
>>>>> ^
>>>>>> ~                                                               ~
>> |
>>>>> |
>>>>>> |                                                               |
>>>>> |Conf.
>>>>>> +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>> |Cov-
>>>>>> |               |     Padding (0-255 bytes)                     |
>>>>> |ered*
>>>>>> +-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |
>>>>> |
>>>>>> |                               |  Pad Length   | Next Header   |
>> v
>>>>> v
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> -
>>>> --
>>>>> ---
>>>>>> |         Integrity Check Value-ICV   (variable)                |
>>>>>> ~                                                               ~
>>>>>> |                                                               |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>>> 
>>>>>>          Figure 1.  Top-Level Format of an ESP Packet
>>>>>> 
>>>>>> 
>>>>>> So the question is: Is your intent to provide a UDP encapsulation
>>>>> format for the already specified ESP protocol, or to provide an
>>>>> alternative encapsulation format to ESP?
>>>>>> 
>>>>>> --julien
>>>>>> _______________________________________________
>>>>>> MEXT mailing list
>>>>>> MEXT@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/mext
>>>>> 
>>>>> _______________________________________________
>>>>> MEXT mailing list
>>>>> MEXT@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/mext
>>>> _______________________________________________
>>>> MEXT mailing list
>>>> MEXT@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/mext
>

v2.23.0 | Report a Bug | By Email