Re: [secdir] Fwd: secdir review of draft-ietf-hip-native-nat-traversal
Miika Komu <miika.komu@ericsson.com> Tue, 20 March 2018 15:53 UTC
Return-Path: <miika.komu@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED535126CC7 for <secdir@ietfa.amsl.com>; Tue, 20 Mar 2018 08:53:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6IqCqF2RUtL for <secdir@ietfa.amsl.com>; Tue, 20 Mar 2018 08:53:00 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CD6812708C for <secdir@ietf.org>; Tue, 20 Mar 2018 08:52:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1521561174; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=mRPh7GilJzz6POAuhAOWvmSg0tes8B2jhccnK56l+WA=; b=gthuum4mNaJeez0kvUUr5nmC9i5KtHg5PXjvMpH40ZLG7skvcLsqbko/IpJR7ZgW MgoFsnlO5hI7a86ONAACjce2zHUgzEXOi5mTiKvZZHzZi64hSd/4Y8KuSLM8N+Ax LQkSWphB1rA68Jp6SZAEwZTvv3Au8q5I6vRdlnDfyyg=;
X-AuditID: c1b4fb2d-87c029c000005540-ad-5ab12e5631c9
Received: from ESESSHC011.ericsson.se (Unknown_Domain [153.88.183.51]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id CA.A2.21824.65E21BA5; Tue, 20 Mar 2018 16:52:54 +0100 (CET)
Received: from [100.94.3.116] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.53) with Microsoft SMTP Server id 14.3.382.0; Tue, 20 Mar 2018 16:52:53 +0100
To: Carl Wallace <carl@redhoundsoftware.com>
References: <7B6AC48B-42BC-4821-AD79-DF25C584BE73@ericsson.com>
CC: draft-ietf-hip-native-nat-traversal.all@ietf.org, secdir@ietf.org, The IESG <iesg@ietf.org>
From: Miika Komu <miika.komu@ericsson.com>
Organization: Ericsson AB
Message-ID: <b419526d-4baf-dc8d-4b56-d9da4e80915c@ericsson.com>
Date: Tue, 20 Mar 2018 17:52:53 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <7B6AC48B-42BC-4821-AD79-DF25C584BE73@ericsson.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrHLMWRmVeSWpSXmKPExsUyM2K7sW6Y3sYog8ezBS1WL97EZLHp9B5W ixl/JjJbfFj4kMWBxWPJkp9MHvtm7GYPYIrisklJzcksSy3St0vgyli35QlbwRueinPdl5kb GJdwdTFyckgImEicP3KLqYuRi0NI4DCjxOZtB1ggnFWMEvtetAI5HBzCAm4SPSfjQRpEBHQk Xl3dywxiCwnYS0x60cHaxcjOwSyQKnEwCCTKJqAlserOdbAKfgFJiQ0Nu8FsXqDqlce3MIHY LAKqEvsvTQaLiwpESHSunM8CUSMocXLmE7ClnAIOErcPh4KEmQUsJGbOP88IYYtL3HoynwnC 1pZYtvA1M0i5kICKxMVjwRMYhWYhGTQLSfcsJN2zkHQvYGRZxShanFpcnJtuZKyXWpSZXFyc n6eXl1qyiREY6ge3/Nbdwbj6teMhRgEORiUe3kzFjVFCrIllxZW5hxglOJiVRHgzFYBCvCmJ lVWpRfnxRaU5qcWHGKU5WJTEeU968kYJCaQnlqRmp6YWpBbBZJk4OKUaGNVqlTR8NKauujLt xmMVHfEZU9jyVYI+vJyhtHD1VG7Pt6mCDmucE5+27xWTneitfeDi5Du7l3r4VGR+nRIf98tm m6//ntfrzmef8ti32V72ygRFY2apJetkd722Fc79EVwjM9UidVaM6x2W9c+jlL6Ec6nlFRa9 kHkdcappmfNkhzU6oY/2FyixFGckGmoxFxUnAgD4TMvqcQIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/TMmCkzEIFcZVLmmBrdLL3IDddxE>
Subject: Re: [secdir] Fwd: secdir review of draft-ietf-hip-native-nat-traversal
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 15:53:02 -0000
Hi Carl, (apologies for the delay in the response) > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > This document specifies a new Network Address Translator (NAT) traversal > mode for the Host Identity Protocol (HIP). While I am not a HIP guy, it > seems ready for publication. It's well-written and the security > considerations section is thorough. thanks! > The only bit that raised a question > was in section 4, which states "it should be noted that HIP version 2 > [RFC7401<https://tools.ietf.org/html/rfc7401>] instead of HIPv1 is > expected to be used with this NAT traversal mode". Earlier in the > document, it states the draft is based on HIPv2. Are there any > considerations worth noting in the cases where HIPv1 is used or should > section 4 be revised to require v2? there's nothing HIPv1/v2 specific in the draft really. It's more about that the HIPv1 is obsoleted by HIPv2 RFC. Nevertheless, I can encourage to stick to the latest specification by changing the text a bit: Original: Also, it should be noted that HIP version 2 [RFC7401] instead of HIPv1 is expected to be used with this NAT traversal mode. New: Also, it should be noted that HIP version 2 [RFC7401] MUST be used instead of HIPv1 with this NAT traversal mode. Does this address your concern?
- [secdir] secdir review of draft-ietf-hip-native-n… Carl Wallace
- Re: [secdir] Fwd: secdir review of draft-ietf-hip… Miika Komu
- Re: [secdir] secdir review of draft-ietf-hip-nati… Carl Wallace