Re: [rohc] AD comments on draft-ietf-rohc-ipsec-extensions-hcoipsec-04
Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 26 May 2009 09:06 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rohc@core3.amsl.com
Delivered-To: rohc@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D3CC43A7029 for <rohc@core3.amsl.com>; Tue, 26 May 2009 02:06:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.186
X-Spam-Level:
X-Spam-Status: No, score=-6.186 tagged_above=-999 required=5 tests=[AWL=0.063, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xfk87UYGuU1A for <rohc@core3.amsl.com>; Tue, 26 May 2009 02:06:28 -0700 (PDT)
Received: from mailgw3.ericsson.se (mailgw3.ericsson.se [193.180.251.60]) by core3.amsl.com (Postfix) with ESMTP id 75E2C3A697F for <rohc@ietf.org>; Tue, 26 May 2009 02:06:27 -0700 (PDT)
X-AuditID: c1b4fb3c-b7b94ae000000eff-45-4a1bb1733184
Received: from esealmw128.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw3.ericsson.se (Symantec Mail Security) with SMTP id 04.1D.03839.371BB1A4; Tue, 26 May 2009 11:08:03 +0200 (CEST)
Received: from esealmw126.eemea.ericsson.se ([153.88.254.170]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Tue, 26 May 2009 11:08:03 +0200
Received: from [147.214.183.61] ([147.214.183.61]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Tue, 26 May 2009 11:08:02 +0200
Message-ID: <4A1BB173.7090008@ericsson.com>
Date: Tue, 26 May 2009 11:08:03 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: "Ertekin, Emre [USA]" <ertekin_emre@bah.com>
References: <4A0C421C.8000803@ericsson.com> <37BDD2FAF2AEAE459C6C70FDC2892E4E04A1E170@MCLNEXVS05.resource.ds.bah.com>
In-Reply-To: <37BDD2FAF2AEAE459C6C70FDC2892E4E04A1E170@MCLNEXVS05.resource.ds.bah.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-OriginalArrivalTime: 26 May 2009 09:08:02.0945 (UTC) FILETIME=[79503710:01C9DDE1]
X-Brightmail-Tracker: AAAAAA==
Cc: draft-ietf-rohc-ipsec-extensions-hcoipsec@tools.ietf.org, rohc@ietf.org
Subject: Re: [rohc] AD comments on draft-ietf-rohc-ipsec-extensions-hcoipsec-04
X-BeenThere: rohc@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Robust Header Compression <rohc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rohc>, <mailto:rohc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rohc>
List-Post: <mailto:rohc@ietf.org>
List-Help: <mailto:rohc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rohc>, <mailto:rohc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2009 09:06:28 -0000
Ertekin, Emre [USA] skrev: > Hi Magnus, > > Please find our responses to your comments on the IPsec extensions > draft. > >> Section 3.1: >> >> Shouldn't it be discussed when this protocol number is appropriate to >> be >> used. To me it appears that some requirements need to be fulfilled >> before one uses it on a particular layer. Running ROHC straight on top >> of IPv6 for example seems like a bad idea in most case due to such >> considerations as security and denial of service for the decompressor, >> the multi-hop environment, and lack of clear logical channel. > > This is good idea. At the end of the section, we can add a paragraph > that describes usage considerations of the ROHC protocol number. > > However, we would like to craft the paragraph such that it doesn't > preclude the ROHC protocol number use in other scenarios. Rather, the > text will identify considerations that need to be accounted for if the > ROHC protocol number is used for some other purpose. Yes, fully agreed. I simply want some explicit mention on when this may be considered suitable. >> Section 3.2.1: >> >> What ICV algorithms and key lengths must be supported in the >> implementations? This is to ensure that there are at least one >> algorithm >> and key length that are supported by everyone. > > This was discussed in a separate email thread. I would recommend that > we remain consistent the AUTH algorithm requirements defined in RFC > 4835: > > Requirement Algorithm > ----------- ---------------- > MUST HMAC-SHA1-96 > SHOULD+ AES-XCBC-MAC-96 > MAY HMAC-MD5-96 > > Note, however, that this does not necessarily mean that HMAC-SHA1-96 > must be negotiated for any particular ROHC-enabled SA. What is actually > negotiated depends on depends on policy. Specification of the above > provides a "common denominator" for the AUTH algorithm that is available > for use across all ROHCoIPsec implementations. > Understood, it is all about enabling interoperability points. If policy doesn't allow them, that is another question. Cheers Magnus Westerlund IETF Transport Area Director & TSVWG Chair ---------------------------------------------------------------------- Multimedia Technologies, Ericsson Research EAB/TVM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [rohc] AD comments on draft-ietf-rohc-ipsec-exten… Magnus Westerlund
- Re: [rohc] AD comments on draft-ietf-rohc-ipsec-e… Ertekin, Emre [USA]
- Re: [rohc] AD comments on draft-ietf-rohc-ipsec-e… Magnus Westerlund