Re: [shim6] AD review of draft-ietf-shim6-multihome-shim-api

Miika Komu <mkomu@cs.hut.fi> Fri, 08 October 2010 05:57 UTC

Return-Path: <mkomu@cs.hut.fi>
X-Original-To: shim6@core3.amsl.com
Delivered-To: shim6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B12843A682D for <shim6@core3.amsl.com>; Thu, 7 Oct 2010 22:57:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.174
X-Spam-Level:
X-Spam-Status: No, score=-6.174 tagged_above=-999 required=5 tests=[AWL=0.425, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HRbI+0ygTi7O for <shim6@core3.amsl.com>; Thu, 7 Oct 2010 22:57:43 -0700 (PDT)
Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by core3.amsl.com (Postfix) with ESMTP id 2119B3A681A for <shim6@ietf.org>; Thu, 7 Oct 2010 22:57:42 -0700 (PDT)
Received: from hutcs.cs.hut.fi ([130.233.192.10] helo=[127.0.0.1]) by mail.cs.hut.fi with esmtp (Exim 4.54) id 1P45ye-0004UN-MG; Fri, 08 Oct 2010 08:58:44 +0300
Message-ID: <4CAEB35B.3020107@cs.hut.fi>
Date: Fri, 08 Oct 2010 08:59:55 +0300
From: Miika Komu <mkomu@cs.hut.fi>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8
MIME-Version: 1.0
To: Jari Arkko <jari.arkko@piuha.net>
References: <20100816114202.1241.59079.idtracker@localhost> <4C692876.60802@cs.hut.fi> <4535F52C-8E78-4CBE-8983-DD7195722865@apnic.net> <4C69DE84.8010706@sfc.wide.ad.jp> <4C91D119.5010101@cs.hut.fi> <4C91E946.6080807@sfc.wide.ad.jp> <4C920431.2090603@cs.hut.fi> <86C69B19-D385-46A9-B116-5EE198273305@apnic.net> <4CAA425E.2070906@piuha.net>
In-Reply-To: <4CAA425E.2070906@piuha.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 08 Oct 2010 00:52:13 -0700
Cc: shim6 <shim6@ietf.org>, kristian.slavov@ericsson.com
Subject: Re: [shim6] AD review of draft-ietf-shim6-multihome-shim-api
X-BeenThere: shim6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SHIM6 Working Group Mailing List <shim6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shim6>
List-Post: <mailto:shim6@ietf.org>
List-Help: <mailto:shim6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2010 05:57:45 -0000

Hi Jari,

On 05/10/10 00:08, Jari Arkko wrote:
>> 13.1.2. Treatment of Unknown Destination Locator
>>
>>
>>    If the shim sub-layer turns out to be SHIM6, the SHIM6 implementation
>>    MUST reject the request for using unknown destination locator.
>>
>>    If the shim sub-layer turns out to be HIP, the HIP implementation MAY
>>    accept the request for using unknown destination locator.
>
> This seems like an insufficiently explained security issue. Why is it OK
> for HIP to do this, or at least you should describe what are
> consequences if it does so?

I would suggest to change this text as follows:

If the shim sub-layer turns out to be HIP, the HIP implementation MAY 
accept the request for using unknown destination locator after a 
successful address verification procedure.

Does this work for you?