From internet-drafts@ietf.org Mon Jun 10 04:32:39 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61FBC21F8263; Mon, 10 Jun 2013 04:32:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.518 X-Spam-Level: X-Spam-Status: No, score=-102.518 tagged_above=-999 required=5 tests=[AWL=0.082, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EoHEWLkqnt+W; Mon, 10 Jun 2013 04:32:38 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DF1DC21F894E; Mon, 10 Jun 2013 04:32:31 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.50 Message-ID: <20130610113220.18276.32015.idtracker@ietfa.amsl.com> Date: Mon, 10 Jun 2013 04:32:20 -0700 Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action: draft-ietf-hip-rfc5202-bis-02.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jun 2013 11:32:40 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Host Identity Protocol Working Group of t= he IETF. Title : Using the Encapsulating Security Payload (ESP) Transport= Format with the Host Identity Protocol (HIP) Author(s) : Petri Jokela Robert Moskowitz Jan Melen Filename : draft-ietf-hip-rfc5202-bis-02.txt Pages : 36 Date : 2013-06-10 Abstract: This memo specifies an Encapsulated Security Payload (ESP) based mechanism for transmission of user data packets, to be used with the Host Identity Protocol (HIP). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-rfc5202-bis There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-hip-rfc5202-bis-02 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-rfc5202-bis-02 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From internet-drafts@ietf.org Mon Jun 10 04:54:35 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 310C421F8895; Mon, 10 Jun 2013 04:54:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.521 X-Spam-Level: X-Spam-Status: No, score=-102.521 tagged_above=-999 required=5 tests=[AWL=0.079, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aHoIjASLGZ71; Mon, 10 Jun 2013 04:54:34 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D1D721F8F29; Mon, 10 Jun 2013 04:54:05 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.50 Message-ID: <20130610115405.3698.56599.idtracker@ietfa.amsl.com> Date: Mon, 10 Jun 2013 04:54:05 -0700 Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action: draft-ietf-hip-reload-instance-08.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jun 2013 11:54:35 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Host Identity Protocol Working Group of t= he IETF. Title : Host Identity Protocol-Based Overlay Networking Environm= ent (HIP BONE) Instance Specification for REsource LOcation And Discovery (= RELOAD) Author(s) : Ari Keranen Gonzalo Camarillo Jouni Maenpaa Filename : draft-ietf-hip-reload-instance-08.txt Pages : 10 Date : 2013-06-10 Abstract: This document is the Host Identity Protocol-Based Overlay Networking Environment (HIP BONE) instance specification for the REsource LOcation And Discovery (RELOAD) protocol. The document provides the details needed to build a RELOAD-based overlay that uses HIP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-reload-instance There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-hip-reload-instance-08 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-reload-instance-08 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From ari.keranen@nomadiclab.com Mon Jun 10 05:01:58 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 027B921F880F for ; Mon, 10 Jun 2013 05:01:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYFRdaH9bJLg for ; Mon, 10 Jun 2013 05:01:52 -0700 (PDT) Received: from gw.nomadiclab.com (gw.nomadiclab.com [193.234.218.122]) by ietfa.amsl.com (Postfix) with ESMTP id C8BE921F84B5 for ; Mon, 10 Jun 2013 05:01:43 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 7C2464E701 for ; Mon, 10 Jun 2013 15:01:24 +0300 (EEST) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tuH7vFVIOUga for ; Mon, 10 Jun 2013 15:01:21 +0300 (EEST) Received: from tri62.nomadiclab.com (localhost [IPv6:::1]) by gw.nomadiclab.com (Postfix) with ESMTPSA id E9CFD4E6FC for ; Mon, 10 Jun 2013 15:01:21 +0300 (EEST) Message-ID: <51B5C011.1070103@nomadiclab.com> Date: Mon, 10 Jun 2013 15:01:21 +0300 From: Ari Keranen User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: hipsec@ietf.org References: <20130610115405.3698.56599.idtracker@ietfa.amsl.com> In-Reply-To: <20130610115405.3698.56599.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-reload-instance-08.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jun 2013 12:01:58 -0000 Hi all, FYI, this version has a set of small fixes to address the WGLC comments. Cheers, Ari On 6/10/13 2:54 PM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Host Identity Protocol Working Group of the IETF. > > Title : Host Identity Protocol-Based Overlay Networking Environment (HIP BONE) Instance Specification for REsource LOcation And Discovery (RELOAD) > Author(s) : Ari Keranen > Gonzalo Camarillo > Jouni Maenpaa > Filename : draft-ietf-hip-reload-instance-08.txt > Pages : 10 > Date : 2013-06-10 > > Abstract: > This document is the Host Identity Protocol-Based Overlay Networking > Environment (HIP BONE) instance specification for the REsource > LOcation And Discovery (RELOAD) protocol. The document provides the > details needed to build a RELOAD-based overlay that uses HIP. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-hip-reload-instance > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-hip-reload-instance-08 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-hip-reload-instance-08 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From prvs=98737223a2=gonzalo.camarillo@ericsson.com Mon Jun 10 05:08:51 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80D8921F84F2 for ; Mon, 10 Jun 2013 05:08:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.249 X-Spam-Level: X-Spam-Status: No, score=-106.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id de89l3bqE3yL for ; Mon, 10 Jun 2013 05:08:43 -0700 (PDT) Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id 2C8F221F867B for ; Mon, 10 Jun 2013 05:07:52 -0700 (PDT) X-AuditID: c1b4fb2d-b7f5d6d000003d54-f3-51b5c18a1d1f Received: from esessmw0191.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 6D.6C.15700.A81C5B15; Mon, 10 Jun 2013 14:07:39 +0200 (CEST) Received: from [131.160.126.131] (153.88.115.8) by esessmw0191.eemea.ericsson.se (153.88.115.85) with Microsoft SMTP Server id 8.3.279.1; Mon, 10 Jun 2013 14:07:38 +0200 Message-ID: <51B5C18A.30404@ericsson.com> Date: Mon, 10 Jun 2013 15:07:38 +0300 From: Gonzalo Camarillo User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: Ari Keranen References: <20130610115405.3698.56599.idtracker@ietfa.amsl.com> <51B5C011.1070103@nomadiclab.com> In-Reply-To: <51B5C011.1070103@nomadiclab.com> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprKLMWRmVeSWpSXmKPExsUyM+JvrW73wa2BBms/MVq0vfnFZjF10WRm ByaPJUt+Mnl0LooOYIritklKLCkLzkzP07dL4M44fnAdU8EWgYo3Jy+xNDA+4Oli5OSQEDCR OLpxHROELSZx4d56ti5GLg4hgVOMEvfnLGGBcNYySpx+u4kdpIpXQFPi+r9jYB0sAqoSl37P ZwOx2QQsJLbcus8CYosKREnMWfeADaJeUOLkzCdgcREBHYnubXfBepkFhCUeTX8DNlNYwF3i /ME1rF2MHEDLkiQmrvQGCXMK6EksPP0Y6jhJiS0v2tkhWvUkplxtYYSw5SW2v53DDGILCWhL LH/WwjKBUWgWks2zkLTMQtKygJF5FSN7bmJmTnq54SZGYKge3PJbdwfjqXMihxilOViUxHn1 eBcHCgmkJ5akZqemFqQWxReV5qQWH2Jk4uAEEVxSDYymAapFN+u5AqdmzzI/uvpKcPcT/n5u Gcnz6zWflRfG2ilukzybPvmZUOfzV1XJ3ha1lVOiJ32z3tV57eRC5/Ud3Nu31q6UtHUI6qmt c5w9w/+R1QrG7zsf++bnFlyr656+sidTeJ+3osE//XP559u2X86JTzG3nPR5QZu3bfZCVb+T f7buv6rEUpyRaKjFXFScCACmLctcKAIAAA== Cc: hipsec@ietf.org Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-reload-instance-08.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jun 2013 12:08:52 -0000 Thanks Ari. Miika will be this document's shepherd. As soon as he is done with the PROTO writeup we will request its publication. Cheers, Gonzalo On 10/06/2013 3:01 PM, Ari Keranen wrote: > Hi all, > > FYI, this version has a set of small fixes to address the WGLC comments. > > > Cheers, > Ari > > On 6/10/13 2:54 PM, internet-drafts@ietf.org wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Host Identity Protocol Working >> Group of the IETF. >> >> Title : Host Identity Protocol-Based Overlay Networking >> Environment (HIP BONE) Instance Specification for REsource LOcation >> And Discovery (RELOAD) >> Author(s) : Ari Keranen >> Gonzalo Camarillo >> Jouni Maenpaa >> Filename : draft-ietf-hip-reload-instance-08.txt >> Pages : 10 >> Date : 2013-06-10 >> >> Abstract: >> This document is the Host Identity Protocol-Based Overlay Networking >> Environment (HIP BONE) instance specification for the REsource >> LOcation And Discovery (RELOAD) protocol. The document provides the >> details needed to build a RELOAD-based overlay that uses HIP. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-hip-reload-instance >> >> There's also a htmlized version available at: >> http://tools.ietf.org/html/draft-ietf-hip-reload-instance-08 >> >> A diff from the previous version is available at: >> http://www.ietf.org/rfcdiff?url2=draft-ietf-hip-reload-instance-08 >> >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec >> > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From petri.jokela@nomadiclab.com Thu Jun 13 23:57:50 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72FAF21F9C3D for ; Thu, 13 Jun 2013 23:57:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SGQPr6yLmiaV for ; Thu, 13 Jun 2013 23:57:45 -0700 (PDT) Received: from gw.nomadiclab.com (gw.nomadiclab.com [193.234.218.122]) by ietfa.amsl.com (Postfix) with ESMTP id 0C03E21F9C3F for ; Thu, 13 Jun 2013 23:57:43 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id B5A9C4E6EC; Fri, 14 Jun 2013 09:57:41 +0300 (EEST) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q8npwpwqe6I2; Fri, 14 Jun 2013 09:57:41 +0300 (EEST) Received: from [IPv6:::1] (inside.nomadiclab.com [10.0.0.2]) by gw.nomadiclab.com (Postfix) with ESMTP id 155144E6D4; Fri, 14 Jun 2013 09:57:40 +0300 (EEST) Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=us-ascii From: Petri Jokela In-Reply-To: <758141CC3D829043A8C3164DD3D593EA2E513280A6@XCH-NW-16V.nw.nos.boeing.com> Date: Fri, 14 Jun 2013 09:57:40 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <1F03C185-5919-48BE-9492-90A7049A8F46@nomadiclab.com> References: <512C6912.1070206@ericsson.com> <758141CC3D829043A8C3164DD3D593EA2E513280A6@XCH-NW-16V.nw.nos.boeing.com> To: "Henderson, Thomas R" , HIP X-Mailer: Apple Mail (2.1283) Cc: rgm@icsalabs.com Subject: Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jun 2013 06:57:50 -0000 On 11.3.2013, at 23.57, Henderson, Thomas R wrote: > This is a WGLC review of RFC5202-bis. >=20 > This draft seems to be close to being ready. There are two areas = (more detail below) that IMO could be clarified or else left out of = scope: >=20 > 1) handling of simultaneous IPsec and HIP ESP Hi,=20 I somehow missed this point when I was fixing the document. I'm not sure = what we should do with this, any comments or suggestions? Currently the = document says: 3.4. IPsec and HIP ESP Implementation Considerations When HIP is run on a node where a standards compliant IPsec is used, some issues have to be considered. The HIP implementation must be able to co-exist with other IPsec keying protocols. When the HIP implementation selects the SPI value, it may lead to a collision if not implemented properly. To avoid the possibility for a collision, the HIP implementation MUST ensure that the SPI values used for HIP SAs are not used for IPsec or other SAs, and vice versa. In the sending host, the HIP SA processing takes place always before the IPsec processing. Vice versa, at the receiving host, the IPsec processing is done first for incoming packets and the decrypted packet is further given to the HIP processing. Incoming packets using an SA that is not negotiated by HIP MUST NOT be processed as described in Section 3.2, paragraph 2. The SPI will identify the correct SA for packet decryption and MUST be used to identify that the packet has an upper-layer checksum that is calculated as specified in [I-D.ietf-hip-rfc5201-bis]. /petri From internet-drafts@ietf.org Fri Jun 14 09:27:22 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADBFB21F9CDA; Fri, 14 Jun 2013 09:27:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.491 X-Spam-Level: X-Spam-Status: No, score=-102.491 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lQZLUMhfQbUV; Fri, 14 Jun 2013 09:27:22 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 04AE921F85E8; Fri, 14 Jun 2013 09:27:22 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.51.p2 Message-ID: <20130614162721.11576.82966.idtracker@ietfa.amsl.com> Date: Fri, 14 Jun 2013 09:27:21 -0700 Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-05.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jun 2013 16:27:22 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Host Identity Protocol Working Group of t= he IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Author(s) : Ari Keranen Jan Melen Filename : draft-ietf-hip-native-nat-traversal-05.txt Pages : 14 Date : 2013-06-14 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-05 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-native-nat-traversal-05 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From ari.keranen@nomadiclab.com Fri Jun 14 09:34:43 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E47421F9644 for ; Fri, 14 Jun 2013 09:34:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNjBDZeQ+thY for ; Fri, 14 Jun 2013 09:34:39 -0700 (PDT) Received: from gw.nomadiclab.com (gw.nomadiclab.com [193.234.218.122]) by ietfa.amsl.com (Postfix) with ESMTP id 2449A21F84B4 for ; Fri, 14 Jun 2013 09:34:39 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 7869B4E6F8 for ; Fri, 14 Jun 2013 19:34:37 +0300 (EEST) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1e7dNLFVUtep for ; Fri, 14 Jun 2013 19:34:35 +0300 (EEST) Received: from tri62.nomadiclab.com (localhost [IPv6:::1]) by gw.nomadiclab.com (Postfix) with ESMTPSA id 63F274E6D4 for ; Fri, 14 Jun 2013 19:34:35 +0300 (EEST) Message-ID: <51BB461B.8020409@nomadiclab.com> Date: Fri, 14 Jun 2013 19:34:35 +0300 From: Ari Keranen User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: hipsec@ietf.org References: <20130614162721.11576.82966.idtracker@ietfa.amsl.com> In-Reply-To: <20130614162721.11576.82966.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-05.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jun 2013 16:34:43 -0000 Keepalive update. This is waiting for update on rfc5203-bis and the CERT draft (for registration authentication). Cheers, Ari On 6/14/13 7:27 PM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Host Identity Protocol Working Group of the IETF. > > Title : Native NAT Traversal Mode for the Host Identity Protocol > Author(s) : Ari Keranen > Jan Melen > Filename : draft-ietf-hip-native-nat-traversal-05.txt > Pages : 14 > Date : 2013-06-14 > > Abstract: > This document specifies a new Network Address Translator (NAT) > traversal mode for the Host Identity Protocol (HIP). The new mode is > based on the Interactive Connectivity Establishment (ICE) methodology > and UDP encapsulation of data and signaling traffic. The main > difference from the previously specified modes is the use of HIP > messages for all NAT traversal procedures. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-05 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-05 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From samu.varjonen@helsinki.fi Mon Jun 17 01:52:17 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75D9721F9968 for ; Mon, 17 Jun 2013 01:52:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id thaxoquQdftg for ; Mon, 17 Jun 2013 01:52:16 -0700 (PDT) Received: from argo.otaverkko.fi (argo.ipv6.otaverkko.fi [IPv6:2a02:4880:10:1000::2:25]) by ietfa.amsl.com (Postfix) with ESMTP id ADCFF21F935A for ; Mon, 17 Jun 2013 01:52:15 -0700 (PDT) Received: from [192.168.43.5] (37-219-214-109.nat.bb.dnainternet.fi [37.219.214.109]) by argo.otaverkko.fi (Postfix) with ESMTPSA id 992EC2062D for ; Mon, 17 Jun 2013 11:52:13 +0300 (EEST) Message-ID: <51BECE3C.80500@helsinki.fi> Date: Mon, 17 Jun 2013 11:52:12 +0300 From: Samu Varjonen User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130510 Thunderbird/17.0.6 MIME-Version: 1.0 To: hipsec@ietf.org References: <20130614162721.11576.82966.idtracker@ietfa.amsl.com> <51BB461B.8020409@nomadiclab.com> In-Reply-To: <51BB461B.8020409@nomadiclab.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-05.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jun 2013 08:52:17 -0000 On 06/14/2013 07:34 PM, Ari Keranen wrote: > Keepalive update. This is waiting for update on rfc5203-bis and the CERT draft > (for registration authentication). > Which reminds me to remind you guys to give feedback on CERT so we can get forward with the CERT draft. BR, Samu > > Cheers, > Ari > > On 6/14/13 7:27 PM, internet-drafts@ietf.org wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts directories. >> This draft is a work item of the Host Identity Protocol Working Group of the >> IETF. >> >> Title : Native NAT Traversal Mode for the Host Identity Protocol >> Author(s) : Ari Keranen >> Jan Melen >> Filename : draft-ietf-hip-native-nat-traversal-05.txt >> Pages : 14 >> Date : 2013-06-14 >> >> Abstract: >> This document specifies a new Network Address Translator (NAT) >> traversal mode for the Host Identity Protocol (HIP). The new mode is >> based on the Interactive Connectivity Establishment (ICE) methodology >> and UDP encapsulation of data and signaling traffic. The main >> difference from the previously specified modes is the use of HIP >> messages for all NAT traversal procedures. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal >> >> There's also a htmlized version available at: >> http://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-05 >> >> A diff from the previous version is available at: >> http://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-05 >> >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec >> > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From prvs=688260fb96=gonzalo.camarillo@ericsson.com Wed Jun 19 01:46:04 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD22A21F8E2A for ; Wed, 19 Jun 2013 01:46:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.024 X-Spam-Level: X-Spam-Status: No, score=-106.024 tagged_above=-999 required=5 tests=[AWL=0.225, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jovXqsQYJAuJ for ; Wed, 19 Jun 2013 01:45:59 -0700 (PDT) Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 2145721F8ADC for ; Wed, 19 Jun 2013 01:45:58 -0700 (PDT) X-AuditID: c1b4fb30-b7f9e6d000002643-c8-51c16fc55344 Received: from esessmw0256.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id 15.F2.09795.5CF61C15; Wed, 19 Jun 2013 10:45:58 +0200 (CEST) Received: from [131.160.126.60] (153.88.115.8) by esessmw0256.eemea.ericsson.se (153.88.115.97) with Microsoft SMTP Server id 8.3.279.1; Wed, 19 Jun 2013 10:45:57 +0200 Message-ID: <51C16FC5.8030900@ericsson.com> Date: Wed, 19 Jun 2013 11:45:57 +0300 From: Gonzalo Camarillo User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: HIP References: <512C6912.1070206@ericsson.com> <758141CC3D829043A8C3164DD3D593EA2E513280A6@XCH-NW-16V.nw.nos.boeing.com> <1F03C185-5919-48BE-9492-90A7049A8F46@nomadiclab.com> In-Reply-To: <1F03C185-5919-48BE-9492-90A7049A8F46@nomadiclab.com> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrFLMWRmVeSWpSXmKPExsUyM+Jvre6x/IOBBnvvsVtMXTSZ2eLOxPPs Fq8PT2KzmPbhPIsDi8fvg2+YPZbcecXmsWTJTyaPzkXRASxR3DZJiSVlwZnpefp2CdwZPx/v YClYIFBx8OB/5gbG/TxdjJwcEgImEgePv2KGsMUkLtxbz9bFyMUhJHCKUeLYgj1QzhpGiaOT D7OAVPEKaEuc6tsEZrMIqEpM7Z8JZrMJWEhsuXUfzBYViJKYs+4BG0S9oMTJmU/A4iICkhI9 d5eC2cwCNRJdf78wgdjCAmYSmz/sA7tCSGA1o8ST4zYgNqeAk0T72hesENdJSmx50c4O0asn MeVqCyOELS+x/e0cqF5tieXPWlgmMArNQrJ6FpKWWUhaFjAyr2Jkz03MzEkvN9/ECAzqg1t+ G+xg3HRf7BCjNAeLkjjvp1O7AoUE0hNLUrNTUwtSi+KLSnNSiw8xMnFwggguqQZG5rlrYrN2 vOP/0vBrRvc2a8+1TLH/vjolyO5SmbpBbOeBZaxBTB8eX7e6m1qj3vW+Z13iszX6W3JUZTd9 nesWtHPKPpZtlzlZJm1RXtgr+Pjp+YkHp8x/sXte4zW+wljNmztXrMl51regOG76vclXHrKb u2k1BW99/Ssp1fy3c9zcd44eHYkdOUosxRmJhlrMRcWJAFCrJwc9AgAA Cc: rgm@icsalabs.com Subject: Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jun 2013 08:46:05 -0000 Folks, note that we are waiting for this issue to be resolved in order to request the publication of RFC4843bis, 5201bis, and 5202bis. Thanks, Gonzalo On 14/06/2013 9:57 AM, Petri Jokela wrote: > > On 11.3.2013, at 23.57, Henderson, Thomas R wrote: > >> This is a WGLC review of RFC5202-bis. >> >> This draft seems to be close to being ready. There are two areas (more detail below) that IMO could be clarified or else left out of scope: >> >> 1) handling of simultaneous IPsec and HIP ESP > > > Hi, > > I somehow missed this point when I was fixing the document. I'm not sure what we should do with this, any comments or suggestions? Currently the document says: > > 3.4. IPsec and HIP ESP Implementation Considerations > > When HIP is run on a node where a standards compliant IPsec is used, > some issues have to be considered. > > The HIP implementation must be able to co-exist with other IPsec > keying protocols. When the HIP implementation selects the SPI value, > it may lead to a collision if not implemented properly. To avoid the > possibility for a collision, the HIP implementation MUST ensure that > the SPI values used for HIP SAs are not used for IPsec or other SAs, > and vice versa. > > In the sending host, the HIP SA processing takes place always before > the IPsec processing. Vice versa, at the receiving host, the IPsec > processing is done first for incoming packets and the decrypted > packet is further given to the HIP processing. > > Incoming packets using an SA that is not negotiated by HIP MUST NOT > be processed as described in Section 3.2, paragraph 2. The SPI will > identify the correct SA for packet decryption and MUST be used to > identify that the packet has an upper-layer checksum that is > calculated as specified in [I-D.ietf-hip-rfc5201-bis]. > > > /petri > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > > From thomas.r.henderson@boeing.com Wed Jun 19 15:12:15 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09B5C21F9E4A for ; Wed, 19 Jun 2013 15:12:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9h+cS5CF8qID for ; Wed, 19 Jun 2013 15:12:08 -0700 (PDT) Received: from blv-mbsout-01.boeing.com (blv-mbsout-01.boeing.com [130.76.32.231]) by ietfa.amsl.com (Postfix) with ESMTP id 6B03521F9C2F for ; Wed, 19 Jun 2013 15:12:01 -0700 (PDT) Received: from blv-mbsout-01.boeing.com (localhost.localdomain [127.0.0.1]) by blv-mbsout-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id r5JMCeYQ009544 for ; Wed, 19 Jun 2013 15:12:40 -0700 Received: from XCH-NWHT-09.nw.nos.boeing.com (xch-nwht-09.nw.nos.boeing.com [130.247.25.115]) by blv-mbsout-01.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id r5JMCdRf009539 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Wed, 19 Jun 2013 15:12:40 -0700 Received: from XCH-NW-16V.nw.nos.boeing.com ([130.247.25.238]) by XCH-NWHT-09.nw.nos.boeing.com ([130.247.25.115]) with mapi; Wed, 19 Jun 2013 15:11:59 -0700 From: "Henderson, Thomas R" To: "'Petri Jokela'" , HIP Date: Wed, 19 Jun 2013 15:11:58 -0700 Thread-Topic: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis Thread-Index: Ac5ozHyOuGZXe0jnRhme264uf4JvpwEbLrHg Message-ID: <758141CC3D829043A8C3164DD3D593EA2EA6C32580@XCH-NW-16V.nw.nos.boeing.com> References: <512C6912.1070206@ericsson.com> <758141CC3D829043A8C3164DD3D593EA2E513280A6@XCH-NW-16V.nw.nos.boeing.com> <1F03C185-5919-48BE-9492-90A7049A8F46@nomadiclab.com> In-Reply-To: <1F03C185-5919-48BE-9492-90A7049A8F46@nomadiclab.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-TM-AS-MML: disable Cc: "rgm@icsalabs.com" Subject: Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jun 2013 22:12:15 -0000 > -----Original Message----- > From: Petri Jokela [mailto:petri.jokela@nomadiclab.com] > Sent: Thursday, June 13, 2013 11:58 PM > To: Henderson, Thomas R; HIP > Cc: rgm@icsalabs.com; jan.melen@nomadiclab.com Melen > Subject: Re: [Hipsec] WGLC: draft-ietf-hip-rfc5202-bis >=20 >=20 > On 11.3.2013, at 23.57, Henderson, Thomas R wrote: >=20 > > This is a WGLC review of RFC5202-bis. > > > > This draft seems to be close to being ready. There are two areas > (more detail below) that IMO could be clarified or else left out of > scope: > > > > 1) handling of simultaneous IPsec and HIP ESP >=20 >=20 > Hi, >=20 > I somehow missed this point when I was fixing the document. I'm not > sure what we should do with this, any comments or suggestions? I posted the comment, which said: "Section 3.4, third paragraph. I don't know the basis for the assertion th= at HIP SA processing takes place always before the IPsec processing. Isn't= this implementation dependent? What HIP processing is being referred to h= ere, pseudo-header manipulation, or more? Can we delete this paragraph, or= otherwise clarify? " > Currently the document says: >=20 > 3.4. IPsec and HIP ESP Implementation Considerations >=20 > When HIP is run on a node where a standards compliant IPsec is used, > some issues have to be considered. >=20 > The HIP implementation must be able to co-exist with other IPsec > keying protocols. When the HIP implementation selects the SPI > value, > it may lead to a collision if not implemented properly. To avoid > the > possibility for a collision, the HIP implementation MUST ensure that > the SPI values used for HIP SAs are not used for IPsec or other SAs, > and vice versa. >=20 > In the sending host, the HIP SA processing takes place always before > the IPsec processing. Vice versa, at the receiving host, the IPsec > processing is done first for incoming packets and the decrypted > packet is further given to the HIP processing. >=20 > Incoming packets using an SA that is not negotiated by HIP MUST NOT > be processed as described in Section 3.2, paragraph 2. The SPI will > identify the correct SA for packet decryption and MUST be used to > identify that the packet has an upper-layer checksum that is > calculated as specified in [I-D.ietf-hip-rfc5201-bis]. >=20 >=20 I propose to delete the paragraph starting with "In the sending host,..." i= f there are no other comments. I don't understand the use case that is sug= gested by this paragraph. - Tom From rene.hummen@comsys.rwth-aachen.de Wed Jun 26 02:58:32 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D78621E80D7 for ; Wed, 26 Jun 2013 02:58:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.948 X-Spam-Level: X-Spam-Status: No, score=-5.948 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAezPpevukvM for ; Wed, 26 Jun 2013 02:58:27 -0700 (PDT) Received: from mx-out-1.rwth-aachen.de (mx-out-1.rwth-aachen.de [134.130.5.186]) by ietfa.amsl.com (Postfix) with ESMTP id A38DA11E80D2 for ; Wed, 26 Jun 2013 02:58:26 -0700 (PDT) X-IronPort-AV: E=Sophos;i="4.87,943,1363129200"; d="p7s'?scan'208,217";a="227383581" Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by mx-1.rz.rwth-aachen.de with ESMTP; 26 Jun 2013 11:58:25 +0200 MIME-version: 1.0 Received: from i4-mbp.informatik.rwth-aachen.de ([unknown] [137.226.12.102]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0MOZ0047NVPC0660@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Wed, 26 Jun 2013 11:58:24 +0200 (CEST) From: =?iso-8859-1?Q?Ren=E9_Hummen?= Content-type: multipart/signed; boundary="Apple-Mail=_E396F9A1-515B-4E26-ABBD-DB535FB554A5"; protocol="application/pkcs7-signature"; micalg=sha1 Message-id: Date: Wed, 26 Jun 2013 11:58:25 +0200 To: "hipsec@ietf.org WG" X-Mailer: Apple Mail (2.1508) Subject: [Hipsec] TRANSPORT_FORMAT_LIST issues in 5201-bis and 5202-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jun 2013 09:58:32 -0000 --Apple-Mail=_E396F9A1-515B-4E26-ABBD-DB535FB554A5 Content-Type: multipart/alternative; boundary="Apple-Mail=_94ABCE58-CBB2-48D0-B625-FF2DC77540AB" --Apple-Mail=_94ABCE58-CBB2-48D0-B625-FF2DC77540AB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Hi, I just noticed an issue in 5201-bis and 5202-bis related to the = integration of the new TRANSPORT_FORMAT_LIST parameter. More precisely, = the specification in both documents is still incomplete. Regarding 5201-bis: ---------------------------- Section 6.7 [1] says: "6. The responder expresses its supported HIP transport formats in the = TRANSPORT_FORMAT_LIST as described in Section 5.2.10. The Responder MUST = at least provide one payload transport format type." First, this text should refer to Section 5.2.11 as Section 5.2.10 = defines the HIT_SUITE_LIST parameter, whereas Section 5.2.11 specifies = the TRANSPORT_FORMAT_LIST parameter. Second, the text above implies that the TRANSPORT_FORMAT_LIST parameter = is mandatory in HIPv2 (which makes a lot of sense). However, it is = currently not mentioned in sections 5.3.2 [2] and 5.3.3 [3]. Here, the = parameter must be added to the packet overview as a mandatory parameter. Furthermore, I suggest to add the following text to Section 5.3.2: "The TRANSPORT_FORMAT_LIST parameter is an ordered list of the = Responder's preferred and supported transport format types. The list = allows the Initiator and the Responder to agree on a common type for = payload protection." ... and to Section 5.3.3: "The TRANSPORT_FORMAT_LIST contains the single transport format type = selected by the Initiator. The chosen type MUST correspond to one of the = types offered by the Responder in the R1. Currently, the only transport = format defined is IPsec ESP [I-D.ietf-hip-rfc5202-bis]." Note that the parameter is already discussed in the packet processing = instructions in the subsections of Section 6.6 [4, 5]. Do we also need = to define instructions in Section 6.9 [6] in order to tell implementors = what to do when receiving the TRANSPORT_FORMAT_LIST parameter in an I2 = message or do we leave that to documents such as 5202-bis? Regarding 5202-bis: ---------------------------- There is currently no reference to the TRANSPORT_FORMAT_LIST parameter = in this document. Here, we need to specify the transform format type for = IPsec ESP. I suggest to add the following new section to the document = [7]: "4.1.1 IPsec ESP Transport Format Type The HIP handshake signals the TRANSPORT_FORMAT_LIST parameter in the R1 = and I2 messages. This parameter contains a list of the supported HIP = transport formats of the sending host in the order of preference. The = transport format type for IPsec ESP is X (TBD)." Furthermore, I suggest to move the ESP_TRANSFORM negotiation to the I2 = and R2 in order to complete the transport format type negotiation before = starting the ESP transform negotiation. As I see it, this should not = negatively impact ESP SA setup as the KEYMAT index in the ESP_INFO = parameter is independent from the chosen ESP Suite ID. Or did I make a = mistake here? BR Ren=E9 [1] http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-11#section-6.7 [2] = http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-11#section-5.3.2 [3] = http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-11#section-5.3.3 [4] http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-11#section-6.7 [5] http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-11#section-6.8 [6] http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-11#section-6.9 [7] http://tools.ietf.org/html/draft-ietf-hip-rfc5202-bis-02#section-4.1 -- Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and Distributed Systems RWTH Aachen University, Germany tel: +49 241 80 21429 web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ --Apple-Mail=_94ABCE58-CBB2-48D0-B625-FF2DC77540AB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1 TRANSPORT_FORMAT_LIST parameter. = More precisely, the specification

First, this text = should refer to Section 5.2.11 as Section 5.2.10 defines = the HIT_SUITE_LIST parameter, whereas Section 5.2.11 specifies = the TRANSPORT_FORMAT_LIST = parameter.

Second, the text above implies that = the TRANSPORT_FORMAT_LIST parameter is mandatory in HIPv2 (which = makes a lot of sense). However, it is currently not mentioned in = sections 5.3.2 [2] and 5.3.3 [3]. Here, the parameter must be added to = the packet overview as a mandatory = parameter.

Furthermore, I suggest to add the = following text to Section = 5.3.2:
"The TRANSPORT_FORMAT_LIST parameter is an = ordered list of the Responder's preferred and supported transport = format types. The list allows the Initiator and the Responder to agree = on a common type for payload protection."

... = and to Section = 5.3.3:
"The TRANSPORT_FORMAT_LIST contains the = single transport format type selected by the Initiator. = The chosen type MUST correspond to one of the types offered by = the Responder in the R1. Currently, the only transport format = defined is IPsec = ESP [I-D.ietf-hip-rfc5202-bis]."

Note that = the parameter is already discussed in the packet processing instructions = in the subsections of Section 6.6 [4, 5]. Do we also need to define = instructions in Section 6.9 [6] in order to tell implementors what to do = when receiving the TRANSPORT_FORMAT_LIST parameter in an I2 message = or do we leave that to documents such as = 5202-bis?


Regarding = 5202-bis:
----------------------------
There = is currently no reference to the TRANSPORT_FORMAT_LIST parameter in = this document. Here, we need to specify the transform format type for = IPsec ESP. I suggest to add the following new section to the = document [7]:
"4.1.1 IPsec ESP Transport Format = Type
The HIP handshake signals the TRANSPORT_FORMAT_LIST = parameter in the R1 and I2 messages. This parameter contains a list of = the supported HIP transport formats  of the sending host in = the order of preference. The transport format type for IPsec ESP is X = (TBD)."

Furthermore, I suggest to move = the ESP_TRANSFORM negotiation to = the I2 and R2 in order to complete the transport format type negotiation = before starting the ESP transform negotiation. As I see it, this should = not negatively impact ESP SA setup as the KEYMAT index in = the ESP_INFO parameter is = independent from the chosen ESP Suite ID. Or did I make a = mistake = here?


BR
Ren=E9



= --Apple-Mail=_94ABCE58-CBB2-48D0-B625-FF2DC77540AB-- --Apple-Mail=_E396F9A1-515B-4E26-ABBD-DB535FB554A5 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOGzCCBCEw ggMJoAMCAQICAgDHMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNEZXV0 c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQD ExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAeFw0wNjEyMTkxMDI5MDBaFw0xOTA2MzAyMzU5 MDBaMFoxCzAJBgNVBAYTAkRFMRMwEQYDVQQKEwpERk4tVmVyZWluMRAwDgYDVQQLEwdERk4tUEtJ MSQwIgYDVQQDExtERk4tVmVyZWluIFBDQSBHbG9iYWwgLSBHMDEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDpm8NnhfkNrvWNVMOWUDU9YuluTO2U1wBblSJ01CDrNI/W7MAxBAuZgeKm FNJSoCgjhIt0iQReW+DieMF4yxbLKDU5ey2QRdDtoAB6fL9KDhsAw4bpXCsxEXsM84IkQ4wcOItq aACa7txPeKvSxhObdq3u3ibo7wGvdA/BCaL2a869080UME/15eOkyGKbghoDJzANAmVgTe3RCSMq ljVYJ9N2xnG2kB3E7f81hn1vM7PbD8URwoqDoZRdQWvY0hD1TP3KUazZve+Sg7va64sWVlZDz+HV Ez2mHycwzUlU28kTNJpxdcVs6qcLmPkhnSevPqM5OUhqjK3JmfvDEvK9AgMBAAGjgdkwgdYwcAYD VR0fBGkwZzBloGOgYYZfaHR0cDovL3BraS50ZWxlc2VjLmRlL2NnaS1iaW4vc2VydmljZS9hZl9E b3dubG9hZEFSTC5jcmw/LWNybF9mb3JtYXQ9WF81MDkmLWlzc3Vlcj1EVF9ST09UX0NBXzIwHQYD VR0OBBYEFEm3xs/oPR9/6kR7Eyn38QpwPt5kMB8GA1UdIwQYMBaAFDHDeRu69VPXF+CJei0XbAqz K50zMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMA0GCSqGSIb3DQEBBQUAA4IB AQA74Vp3wEgX3KkY7IGvWonwvSiSpspZGBJw7Cjy565/lizn8l0ZMfYTK3S9vYCyufdnyTmieTvh ERHua3iRM347XyYndVNljjNj7s9zw7CSI0khUHUjoR8Y4pSFPT8z6XcgjaK95qGFKUD2P3MyWA0J a6bahWzAP7uNZmRWJE6uDT8yNQFb6YyC2XJZT7GGhfF0hVblw/hc843uR7NTBXDn5U2KaYMo4RMJ hp5eyOpYHgwf+aTUWgRo/Sg+iwK2WLX2oSw3VwBnqyNojWOl75lrXP1LVvarQIc01BGSbOyHxQoL BzNytG8MHVQs2FHHzL8w00Ny8TK/jM5JY6gA9/IcMIIE6DCCA9CgAwIBAgIECfJ04DANBgkqhkiG 9w0BAQUFADBaMQswCQYDVQQGEwJERTETMBEGA1UEChMKREZOLVZlcmVpbjEQMA4GA1UECxMHREZO LVBLSTEkMCIGA1UEAxMbREZOLVZlcmVpbiBQQ0EgR2xvYmFsIC0gRzAxMB4XDTA3MDIxNDExNDkz OFoXDTE5MDIxMzAwMDAwMFowXjELMAkGA1UEBhMCREUxFDASBgNVBAoTC1JXVEggQWFjaGVuMRcw FQYDVQQDEw5SV1RIIEFhY2hlbiBDQTEgMB4GCSqGSIb3DQEJARYRY2FAcnd0aC1hYWNoZW4uZGUw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4MAhk48jcelLfNUI5kvMv+CF54xJnL4x/ cJQnN2NId6CJ3fqs0siO2exIACfzdjxOUpQ6ZFOn5pdTvTi7stnk8WAaP/d9LFd8k9Gbxjh7xh3L +0a3ac+/tHJcX564ntUxGtVGMuShEoUaZUT5fw97TL36UJ8OqXLrqpdAKcFKaJ+pgRp2gTLj4MNU MPjA4GlstpjoLnT++qFm7t/ZS92/E3OqNJUwHH6C35vSroVscmg+a7XxT6U4JO99MYxNcTIMzhPS 9Ytp+302w7i51daBjr0hFGPK0nLSV6gv77zBSFJ7AVGJJxBSUzDn0xkDLYvZwqaeYkj8kDB2oSeR yfGjAgMBAAGjggGwMIIBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU btU+wBwvcck8v0lO72pVSOzR8jgwHwYDVR0jBBgwFoAUSbfGz+g9H3/qRHsTKffxCnA+3mQwHAYD VR0RBBUwE4ERY2FAcnd0aC1hYWNoZW4uZGUwgYgGA1UdHwSBgDB+MD2gO6A5hjdodHRwOi8vY2Rw MS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMD2gO6A5hjdodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIGiBggr BgEFBQcBAQSBlTCBkjBHBggrBgEFBQcwAoY7aHR0cDovL2NkcDEucGNhLmRmbi5kZS9nbG9iYWwt cm9vdC1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9jZHAyLnBj YS5kZm4uZGUvZ2xvYmFsLXJvb3QtY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEB BQUAA4IBAQAXh37GLAscIHrVqQYrG5P/dYULxAseU6xuXKnSpVTnMWVFf1TtN/p2D+8XTKtl/A4W lYa9np+ONblWcS1nJsuYf7N9wrO4zCEcVBNLIAHCY3ZXG+IoNHwgXqSYqXHzrAQZjkSJr1RfbFE4 njUy0nNhtC51HX0ongWfqODc6z7aF9we20615Mh8Kk8uox4XgjLLV/UjPVlwRAnuYIeF0wycvQ6j z/PJMuOrXShpqejpaiRXqKx8oPXAlCcnoqRLlQc1L0iwQHBn0Em6tDmMHcahbf9SBOWiZ8+O0av4 ly8CQ95okz9hto9UErXUIzNea2AQXBtlIyLLKgVuYPf4i3IyMIIFBjCCA+6gAwIBAgIHFHkMp6Zz lDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldUSCBBYWNoZW4xFzAV BgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3RoLWFhY2hlbi5kZTAe Fw0xMjA5MTkwOTIzMzVaFw0xNTA5MTkwOTIzMzVaMDkxCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEUMBIGA1UEAxMLUmVuZSBIdW1tZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDDoo52P1ghFxnZmWNVnv7+qDKjyif4AoLkJrs7CVV34cRm/PhuW8WzLqOES0B0ENWE eDUez2Dc4inRNXdF5zMy36rLuKsK5MuznnXTzqYGMeGQAU7MkUvSZdMIWDpMdVc5nKzP81leStBY c3t6T2PNFHbeQEoHqjUNMQc9wfFWVQHTnQt9+kejn8NDMHqzKjJ+bnXm3byZCEs09CnmGli1irfJ cR6Fo4KcRMHKVrAHUG8NB+QyPv9RzEawbxwZgyDot5G/A4iRnX0aZ7OjB6ohkepKniBZqSMeOIu1 /Y7p6zYwqiLLywX1VtDQz067R4pkrT5h/IO/VcEGXukXqPA/AgMBAAGjggHsMIIB6DAvBgNVHSAE KDAmMBEGDysGAQQBga0hgiwBAQQCAzARBg8rBgEEAYGtIYIsAgEEAgMwCQYDVR0TBAIwADALBgNV HQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBTAJpMHhUGI 9hiu0k6Ccd8MggDivTAfBgNVHSMEGDAWgBRu1T7AHC9xyTy/SU7valVI7NHyODAsBgNVHREEJTAj gSFyZW5lLmh1bW1lbkBjb21zeXMucnd0aC1hYWNoZW4uZGUweQYDVR0fBHIwcDA2oDSgMoYwaHR0 cDovL2NkcDEucGNhLmRmbi5kZS9yd3RoLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMDagNKAyhjBodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2NybC9jYWNybC5jcmwwgZQGCCsGAQUFBwEB BIGHMIGEMEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2Nh Y2VydC9jYWNlcnQuY3J0MEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgt Y2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQCA/Plhm3Cxu6mOs3O3 Wsl/9Ow7rbANrMvB2zxZW4yGJGu5FKaib+ir66xbpMAbmN4gqQmwuDMW+oWC7U+m9IfFG+T482Rz AvsYEOZUmq3Y0KFx87MEJdgaWtJ7PnlUaGtgQjdMso0pvAboZnp2pfxazq46lHXDgTCJsd7MUHb6 MzV9JpDzq0qnXeM2d+WxpOckuo11SAtXod+zuI9Udm7oUVIGeI8yFQrtHhtfESOmi57zSTseEYNS meInQtPv1ARHwuFRBcG5SkHDqbFZIw+2QVK2qq23NlTeBB/JfitX13NYdYNMgymz30iHXvxmB1nN fmJ9RDejQ4SVonYR7pLLMYIC5zCCAuMCAQEwaTBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldU SCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3Ro LWFhY2hlbi5kZQIHFHkMp6ZzlDAJBgUrDgMCGgUAoIIBUzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xMzA2MjYwOTU4MjVaMCMGCSqGSIb3DQEJBDEWBBSoC6/P1Msr WZ5XgVucy5JQgGE03jB4BgkrBgEEAYI3EAQxazBpMF4xCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEXMBUGA1UEAxMOUldUSCBBYWNoZW4gQ0ExIDAeBgkqhkiG9w0BCQEWEWNhQHJ3 dGgtYWFjaGVuLmRlAgcUeQynpnOUMHoGCyqGSIb3DQEJEAILMWugaTBeMQswCQYDVQQGEwJERTEU MBIGA1UEChMLUldUSCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcN AQkBFhFjYUByd3RoLWFhY2hlbi5kZQIHFHkMp6ZzlDANBgkqhkiG9w0BAQEFAASCAQBGwebJ3w5i kvLmJUt0XbO4muem21pnBYofT+t/TLBLBZILOfMrCPDeWyvdOGCul05wev0e3ebqDZAPyEfU7NNu ipDvmkXjeX4CPtyWRhmVco2hWCYkCthA77PKjjEuPU8N3hmHv1VnYkc7LCBckB9Mg5qR0i7jFJkR qs+jcfrp01thX9xRxzwKKdf7wxMsxmYjwqdGWJKBusyc6BQN0A8/Y8aK3pYgdCfIcOuPNM7APUVw FH2O5eXxAarelF6whKI7kG70cLaoP+ziLhJEDNdkRyPOZMnaEAuMhOdaxjdrVN7y7/40Ho8VcNWe H81JynwbUjLu+Mz8h4ZQeIekGyp2AAAAAAAA --Apple-Mail=_E396F9A1-515B-4E26-ABBD-DB535FB554A5-- From rene.hummen@comsys.rwth-aachen.de Wed Jun 26 04:21:30 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D84B21F9A38 for ; Wed, 26 Jun 2013 04:21:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.948 X-Spam-Level: X-Spam-Status: No, score=-5.948 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OjElnWe+OB3U for ; Wed, 26 Jun 2013 04:21:25 -0700 (PDT) Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ietfa.amsl.com (Postfix) with ESMTP id EE13B21F9D17 for ; Wed, 26 Jun 2013 04:21:17 -0700 (PDT) X-IronPort-AV: E=Sophos;i="4.87,943,1363129200"; d="p7s'?scan'208,217";a="139348335" Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by mx-2.rz.rwth-aachen.de with ESMTP; 26 Jun 2013 13:21:11 +0200 MIME-version: 1.0 Received: from i4-mbp.informatik.rwth-aachen.de ([unknown] [137.226.12.102]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0MOZ0041JZJA0690@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Wed, 26 Jun 2013 13:21:10 +0200 (CEST) From: =?iso-8859-1?Q?Ren=E9_Hummen?= Content-type: multipart/signed; boundary="Apple-Mail=_266D75D9-1EBC-4D17-A5E9-4159AE562C01"; protocol="application/pkcs7-signature"; micalg=sha1 Message-id: <14043337-1F24-4BBB-B4A6-7B229B28046D@comsys.rwth-aachen.de> Date: Wed, 26 Jun 2013 13:21:11 +0200 References: To: "hipsec@ietf.org WG" In-reply-to: X-Mailer: Apple Mail (2.1508) Subject: Re: [Hipsec] TRANSPORT_FORMAT_LIST issues in 5201-bis and 5202-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jun 2013 11:21:30 -0000 --Apple-Mail=_266D75D9-1EBC-4D17-A5E9-4159AE562C01 Content-Type: multipart/alternative; boundary="Apple-Mail=_DE45EC7D-3364-418B-BC02-927A7DE227D1" --Apple-Mail=_DE45EC7D-3364-418B-BC02-927A7DE227D1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 On 26.06.2013, at 11:58, Ren=E9 Hummen = wrote: [...] > Regarding 5202-bis: > ---------------------------- > There is currently no reference to the TRANSPORT_FORMAT_LIST parameter = in this document. Here, we need to specify the transform format type for = IPsec ESP. I suggest to add the following new section to the document = [7]: > "4.1.1 IPsec ESP Transport Format Type > The HIP handshake signals the TRANSPORT_FORMAT_LIST parameter in the = R1 and I2 messages. This parameter contains a list of the supported HIP = transport formats of the sending host in the order of preference. The = transport format type for IPsec ESP is X (TBD)." According to 5201-bis, the transport format type is defined as [1]: "The TF type numbers correspond to the HIP parameter type numbers of the = respective transform parameters." Hence, the last sentence of my suggested text should rather read as = follows: "The transport format type for IPsec ESP is the type number of the = ESP_TRANSFORM parameter, i.e., 4095." BR Ren=E9 [1] = http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-11#section-5.2.11 -- Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and Distributed Systems RWTH Aachen University, Germany tel: +49 241 80 21429 web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ --Apple-Mail=_DE45EC7D-3364-418B-BC02-927A7DE227D1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1 rene.hummen@comsys.rwth-= aachen.de> = wrote:

[...]

The HIP handshake signals the TRANSPORT_FORMAT_LIST = parameter in the R1 and I2 messages. This parameter contains a list of = the supported HIP transport formats  of the sending host in = the order of preference. The transport format type for IPsec ESP is X = (TBD)."

According to = 5201-bis, the transport format type is defined as = [1]:
"The TF type numbers correspond to the HIP parameter = type numbers of the respective = transform parameters."

Hence, the last = sentence of my suggested text should rather read as = follows:
"The transport format type for IPsec ESP is the type = number of the ESP_TRANSFORM parameter, i.e., 4095."

Ren=E9
[1] http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-11#section-5.= 2.11

--
Dipl.-Inform. Rene Hummen, = Ph.D. Student
Chair of Communication and = Distributed Systems
RWTH Aachen University, Germany
tel: +49 = 241 80 21429
web: http://www.com= sys.rwth-aachen.de/team/rene-hummen/

= --Apple-Mail=_DE45EC7D-3364-418B-BC02-927A7DE227D1-- --Apple-Mail=_266D75D9-1EBC-4D17-A5E9-4159AE562C01 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOGzCCBCEw ggMJoAMCAQICAgDHMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNEZXV0 c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQD ExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAeFw0wNjEyMTkxMDI5MDBaFw0xOTA2MzAyMzU5 MDBaMFoxCzAJBgNVBAYTAkRFMRMwEQYDVQQKEwpERk4tVmVyZWluMRAwDgYDVQQLEwdERk4tUEtJ MSQwIgYDVQQDExtERk4tVmVyZWluIFBDQSBHbG9iYWwgLSBHMDEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDpm8NnhfkNrvWNVMOWUDU9YuluTO2U1wBblSJ01CDrNI/W7MAxBAuZgeKm FNJSoCgjhIt0iQReW+DieMF4yxbLKDU5ey2QRdDtoAB6fL9KDhsAw4bpXCsxEXsM84IkQ4wcOItq aACa7txPeKvSxhObdq3u3ibo7wGvdA/BCaL2a869080UME/15eOkyGKbghoDJzANAmVgTe3RCSMq ljVYJ9N2xnG2kB3E7f81hn1vM7PbD8URwoqDoZRdQWvY0hD1TP3KUazZve+Sg7va64sWVlZDz+HV Ez2mHycwzUlU28kTNJpxdcVs6qcLmPkhnSevPqM5OUhqjK3JmfvDEvK9AgMBAAGjgdkwgdYwcAYD VR0fBGkwZzBloGOgYYZfaHR0cDovL3BraS50ZWxlc2VjLmRlL2NnaS1iaW4vc2VydmljZS9hZl9E b3dubG9hZEFSTC5jcmw/LWNybF9mb3JtYXQ9WF81MDkmLWlzc3Vlcj1EVF9ST09UX0NBXzIwHQYD VR0OBBYEFEm3xs/oPR9/6kR7Eyn38QpwPt5kMB8GA1UdIwQYMBaAFDHDeRu69VPXF+CJei0XbAqz K50zMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMA0GCSqGSIb3DQEBBQUAA4IB AQA74Vp3wEgX3KkY7IGvWonwvSiSpspZGBJw7Cjy565/lizn8l0ZMfYTK3S9vYCyufdnyTmieTvh ERHua3iRM347XyYndVNljjNj7s9zw7CSI0khUHUjoR8Y4pSFPT8z6XcgjaK95qGFKUD2P3MyWA0J a6bahWzAP7uNZmRWJE6uDT8yNQFb6YyC2XJZT7GGhfF0hVblw/hc843uR7NTBXDn5U2KaYMo4RMJ hp5eyOpYHgwf+aTUWgRo/Sg+iwK2WLX2oSw3VwBnqyNojWOl75lrXP1LVvarQIc01BGSbOyHxQoL BzNytG8MHVQs2FHHzL8w00Ny8TK/jM5JY6gA9/IcMIIE6DCCA9CgAwIBAgIECfJ04DANBgkqhkiG 9w0BAQUFADBaMQswCQYDVQQGEwJERTETMBEGA1UEChMKREZOLVZlcmVpbjEQMA4GA1UECxMHREZO LVBLSTEkMCIGA1UEAxMbREZOLVZlcmVpbiBQQ0EgR2xvYmFsIC0gRzAxMB4XDTA3MDIxNDExNDkz OFoXDTE5MDIxMzAwMDAwMFowXjELMAkGA1UEBhMCREUxFDASBgNVBAoTC1JXVEggQWFjaGVuMRcw FQYDVQQDEw5SV1RIIEFhY2hlbiBDQTEgMB4GCSqGSIb3DQEJARYRY2FAcnd0aC1hYWNoZW4uZGUw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4MAhk48jcelLfNUI5kvMv+CF54xJnL4x/ cJQnN2NId6CJ3fqs0siO2exIACfzdjxOUpQ6ZFOn5pdTvTi7stnk8WAaP/d9LFd8k9Gbxjh7xh3L +0a3ac+/tHJcX564ntUxGtVGMuShEoUaZUT5fw97TL36UJ8OqXLrqpdAKcFKaJ+pgRp2gTLj4MNU MPjA4GlstpjoLnT++qFm7t/ZS92/E3OqNJUwHH6C35vSroVscmg+a7XxT6U4JO99MYxNcTIMzhPS 9Ytp+302w7i51daBjr0hFGPK0nLSV6gv77zBSFJ7AVGJJxBSUzDn0xkDLYvZwqaeYkj8kDB2oSeR yfGjAgMBAAGjggGwMIIBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU btU+wBwvcck8v0lO72pVSOzR8jgwHwYDVR0jBBgwFoAUSbfGz+g9H3/qRHsTKffxCnA+3mQwHAYD VR0RBBUwE4ERY2FAcnd0aC1hYWNoZW4uZGUwgYgGA1UdHwSBgDB+MD2gO6A5hjdodHRwOi8vY2Rw MS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMD2gO6A5hjdodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIGiBggr BgEFBQcBAQSBlTCBkjBHBggrBgEFBQcwAoY7aHR0cDovL2NkcDEucGNhLmRmbi5kZS9nbG9iYWwt cm9vdC1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9jZHAyLnBj YS5kZm4uZGUvZ2xvYmFsLXJvb3QtY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEB BQUAA4IBAQAXh37GLAscIHrVqQYrG5P/dYULxAseU6xuXKnSpVTnMWVFf1TtN/p2D+8XTKtl/A4W lYa9np+ONblWcS1nJsuYf7N9wrO4zCEcVBNLIAHCY3ZXG+IoNHwgXqSYqXHzrAQZjkSJr1RfbFE4 njUy0nNhtC51HX0ongWfqODc6z7aF9we20615Mh8Kk8uox4XgjLLV/UjPVlwRAnuYIeF0wycvQ6j z/PJMuOrXShpqejpaiRXqKx8oPXAlCcnoqRLlQc1L0iwQHBn0Em6tDmMHcahbf9SBOWiZ8+O0av4 ly8CQ95okz9hto9UErXUIzNea2AQXBtlIyLLKgVuYPf4i3IyMIIFBjCCA+6gAwIBAgIHFHkMp6Zz lDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldUSCBBYWNoZW4xFzAV BgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3RoLWFhY2hlbi5kZTAe Fw0xMjA5MTkwOTIzMzVaFw0xNTA5MTkwOTIzMzVaMDkxCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEUMBIGA1UEAxMLUmVuZSBIdW1tZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDDoo52P1ghFxnZmWNVnv7+qDKjyif4AoLkJrs7CVV34cRm/PhuW8WzLqOES0B0ENWE eDUez2Dc4inRNXdF5zMy36rLuKsK5MuznnXTzqYGMeGQAU7MkUvSZdMIWDpMdVc5nKzP81leStBY c3t6T2PNFHbeQEoHqjUNMQc9wfFWVQHTnQt9+kejn8NDMHqzKjJ+bnXm3byZCEs09CnmGli1irfJ cR6Fo4KcRMHKVrAHUG8NB+QyPv9RzEawbxwZgyDot5G/A4iRnX0aZ7OjB6ohkepKniBZqSMeOIu1 /Y7p6zYwqiLLywX1VtDQz067R4pkrT5h/IO/VcEGXukXqPA/AgMBAAGjggHsMIIB6DAvBgNVHSAE KDAmMBEGDysGAQQBga0hgiwBAQQCAzARBg8rBgEEAYGtIYIsAgEEAgMwCQYDVR0TBAIwADALBgNV HQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBTAJpMHhUGI 9hiu0k6Ccd8MggDivTAfBgNVHSMEGDAWgBRu1T7AHC9xyTy/SU7valVI7NHyODAsBgNVHREEJTAj gSFyZW5lLmh1bW1lbkBjb21zeXMucnd0aC1hYWNoZW4uZGUweQYDVR0fBHIwcDA2oDSgMoYwaHR0 cDovL2NkcDEucGNhLmRmbi5kZS9yd3RoLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMDagNKAyhjBodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2NybC9jYWNybC5jcmwwgZQGCCsGAQUFBwEB BIGHMIGEMEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2Nh Y2VydC9jYWNlcnQuY3J0MEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgt Y2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQCA/Plhm3Cxu6mOs3O3 Wsl/9Ow7rbANrMvB2zxZW4yGJGu5FKaib+ir66xbpMAbmN4gqQmwuDMW+oWC7U+m9IfFG+T482Rz AvsYEOZUmq3Y0KFx87MEJdgaWtJ7PnlUaGtgQjdMso0pvAboZnp2pfxazq46lHXDgTCJsd7MUHb6 MzV9JpDzq0qnXeM2d+WxpOckuo11SAtXod+zuI9Udm7oUVIGeI8yFQrtHhtfESOmi57zSTseEYNS meInQtPv1ARHwuFRBcG5SkHDqbFZIw+2QVK2qq23NlTeBB/JfitX13NYdYNMgymz30iHXvxmB1nN fmJ9RDejQ4SVonYR7pLLMYIC5zCCAuMCAQEwaTBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldU SCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3Ro LWFhY2hlbi5kZQIHFHkMp6ZzlDAJBgUrDgMCGgUAoIIBUzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xMzA2MjYxMTIxMTJaMCMGCSqGSIb3DQEJBDEWBBRa+1lRIbTv H1fWYt+K2dOiXzC4MjB4BgkrBgEEAYI3EAQxazBpMF4xCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEXMBUGA1UEAxMOUldUSCBBYWNoZW4gQ0ExIDAeBgkqhkiG9w0BCQEWEWNhQHJ3 dGgtYWFjaGVuLmRlAgcUeQynpnOUMHoGCyqGSIb3DQEJEAILMWugaTBeMQswCQYDVQQGEwJERTEU MBIGA1UEChMLUldUSCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcN AQkBFhFjYUByd3RoLWFhY2hlbi5kZQIHFHkMp6ZzlDANBgkqhkiG9w0BAQEFAASCAQB7araeRKO3 i5N76A4MB27brWNGere/ABr1+c1l6W9rwJT2f6Cx3X7XggeazVkUhqiC3CIDhpnYez740P3DKWsV RQ/R05ZISyPk383K+R2g4V7TXbO7NgG3fsj5HCl6LTDBn6CEF8TrUvJFLyZ6TR1vMv5gbmWSse3r jwSNkfvS+fT3BCxZMCzKGHRgEg2wr7DqkZcbcOI5tgwIhKBTmzGtbUKDTMBFw5qlwERSm6St5J/X za/1P2wQuIOZY9Re6VMcxyEXLGn557J0KfbvSsGv2YC2MvIzWMlF+JrG3yS7PnJOEwGP1OGziR/q EA1aXnWluJwa9MrQvGgbNYJjiwgqAAAAAAAA --Apple-Mail=_266D75D9-1EBC-4D17-A5E9-4159AE562C01-- From thomas.r.henderson@boeing.com Wed Jun 26 22:45:22 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6799821F9C06 for ; Wed, 26 Jun 2013 22:45:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.299 X-Spam-Level: X-Spam-Status: No, score=-106.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ps-go7rewWcI for ; Wed, 26 Jun 2013 22:45:16 -0700 (PDT) Received: from slb-mbsout-02.boeing.com (slb-mbsout-02.boeing.com [130.76.64.129]) by ietfa.amsl.com (Postfix) with ESMTP id 2F0F121F9349 for ; Wed, 26 Jun 2013 22:45:16 -0700 (PDT) Received: from slb-mbsout-02.boeing.com (localhost.localdomain [127.0.0.1]) by slb-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id r5R5jEpC009598 for ; Wed, 26 Jun 2013 22:45:15 -0700 Received: from XCH-NWHT-08.nw.nos.boeing.com (xch-nwht-08.nw.nos.boeing.com [130.247.25.112]) by slb-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id r5R5jCTR009576 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Wed, 26 Jun 2013 22:45:13 -0700 Received: from XCH-NW-16V.nw.nos.boeing.com ([130.247.25.238]) by XCH-NWHT-08.nw.nos.boeing.com ([130.247.25.112]) with mapi; Wed, 26 Jun 2013 22:45:12 -0700 From: "Henderson, Thomas R" To: HIP , =?iso-8859-1?Q?Ren=E9_Hummen?= Date: Wed, 26 Jun 2013 22:45:12 -0700 Thread-Topic: [Hipsec] TRANSPORT_FORMAT_LIST issues in 5201-bis and 5202-bis Thread-Index: Ac5yU8XZyQVwmdtnQDC2xZXitsrozQApBSGAAAAEIgA= Message-ID: <758141CC3D829043A8C3164DD3D593EA2ED6C951B3@XCH-NW-16V.nw.nos.boeing.com> References: <758141CC3D829043A8C3164DD3D593EA2ED6C951B2@XCH-NW-16V.nw.nos.boeing.com> In-Reply-To: <758141CC3D829043A8C3164DD3D593EA2ED6C951B2@XCH-NW-16V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-TM-AS-MML: disable Subject: Re: [Hipsec] TRANSPORT_FORMAT_LIST issues in 5201-bis and 5202-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jun 2013 05:45:22 -0000 Rene, inline below... >=20 > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On > Behalf Of Ren=E9 Hummen > Sent: Wednesday, June 26, 2013 2:58 AM > To: hipsec@ietf.org WG > Subject: [Hipsec] TRANSPORT_FORMAT_LIST issues in 5201-bis and 5202-bis >=20 > Hi, >=20 > I just noticed an issue in 5201-bis and 5202-bis related to the > integration of the new=A0TRANSPORT_FORMAT_LIST=A0parameter. More precisel= y, > the specification=A0in both documents is still incomplete. >=20 > Regarding 5201-bis: > ---------------------------- > Section 6.7 [1] says: > "6. =A0The responder expresses its supported HIP transport formats in=A0t= he > TRANSPORT_FORMAT_LIST as described in Section 5.2.10. The=A0Responder > MUST at least provide one payload transport format=A0type." >=20 > First, this text should refer to Section 5.2.11 as Section 5.2.10 > defines the=A0HIT_SUITE_LIST parameter, whereas Section 5.2.11 specifies > the=A0TRANSPORT_FORMAT_LIST parameter. I agree. >=20 > Second, the text above implies that the=A0TRANSPORT_FORMAT_LIST parameter > is mandatory in HIPv2 (which makes a lot of sense). However, it is > currently not mentioned in sections 5.3.2 [2] and 5.3.3 [3]. Here, the > parameter must be added to the packet overview as a mandatory > parameter. >=20 > Furthermore, I suggest to add the following text to Section 5.3.2: > "The=A0TRANSPORT_FORMAT_LIST=A0parameter is an ordered list of the > Responder's=A0preferred and supported transport format types. The list > allows the Initiator and the Responder to agree on a common type for > payload protection." >=20 > ... and to Section 5.3.3: > "The=A0TRANSPORT_FORMAT_LIST=A0contains the single transport format > type=A0selected by=A0the Initiator. The=A0chosen type MUST correspond to = one > of the types offered by the=A0Responder in the R1.=A0Currently, the only > transport format defined is IPsec ESP=A0[I-D.ietf-hip-rfc5202-bis]." I agree with all of the above suggestions. >=20 > Note that the parameter is already discussed in the packet processing > instructions in the subsections of Section 6.6 [4, 5]. Do we also need > to define instructions in Section 6.9 [6] in order to tell implementors > what to do when receiving the=A0TRANSPORT_FORMAT_LIST parameter in an I2 > message or do we leave that to documents such as 5202-bis? I think it would help to at least mention here that other documents such as= 5202-bis will specify what to do about any specific transport selected (an= d to expect to have to process this parameter in the received I2). If there are no other comments, I will apply the above changes shortly. >=20 >=20 > Regarding 5202-bis: > ---------------------------- > There is currently no reference to the=A0TRANSPORT_FORMAT_LIST parameter > in this document. Here, we need to specify the transform format type > for IPsec ESP.=A0I suggest to add the following new section to the > document [7]: > "4.1.1 IPsec ESP Transport Format Type > The HIP handshake signals the TRANSPORT_FORMAT_LIST parameter in the R1 > and I2 messages. This parameter contains a list of the supported=A0HIP > transport formats =A0of the sending host in the order of preference. The > transport format type for IPsec ESP is X (TBD)." I agree with this (and also with your separate post to resolve the 'TBD'). >=20 > Furthermore, I suggest to move the=A0ESP_TRANSFORM negotiation to the I2 > and R2 in order to complete the transport format type negotiation > before starting the ESP transform negotiation. As I see it, this should > not negatively impact ESP SA setup as the=A0KEYMAT index in the=A0ESP_INF= O > parameter is independent from the chosen ESP=A0Suite ID. Or did I make a > mistake here? >=20 Here, I think the impact may be that it is not aligned with other negotiati= ons in which the responder provides the list for the initiator to choose fr= om. By delaying it as you suggest, the initiator will be sending the list = of acceptable transforms and the responder choosing. =20 As is currently specified, the inclusion in R1 also adds clarity to the TRA= NSPORT_FORMAT_LIST in the sense that the responders clarifies to the initia= tor, e.g. "I accept ESP, and by ESP, I mean the suites defined in this ESP_= TRANSFORM list", and the initiator can decide to proceed or not based on th= at information. The downside to the current text seems to be that some bytes may be wasted = in starting the transform-specific negotiations for possibly unselected tra= nsforms. I don't know how much this would occur or be a problem in practic= e. =20 - Tom From Rene.Hummen@comsys.rwth-aachen.de Thu Jun 27 02:20:06 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9BC621F9C7F for ; Thu, 27 Jun 2013 02:20:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.948 X-Spam-Level: X-Spam-Status: No, score=-5.948 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wZtEAZM2RURa for ; Thu, 27 Jun 2013 02:19:47 -0700 (PDT) Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ietfa.amsl.com (Postfix) with ESMTP id B107121F9C72 for ; Thu, 27 Jun 2013 02:19:45 -0700 (PDT) X-IronPort-AV: E=Sophos;i="4.87,950,1363129200"; d="scan'208,217";a="139521474" Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by mx-2.rz.rwth-aachen.de with ESMTP; 27 Jun 2013 11:19:45 +0200 MIME-version: 1.0 Content-type: multipart/alternative; boundary="Boundary_(ID_iGLVN9XrNtBUYargdACJpQ)" Received: from i4-mbp.informatik.rwth-aachen.de ([unknown] [137.226.12.102]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0MP100CRGOKWJ380@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Thu, 27 Jun 2013 11:19:44 +0200 (CEST) From: =?iso-8859-1?Q?Ren=E9_Hummen?= In-reply-to: <758141CC3D829043A8C3164DD3D593EA2ED6C951B3@XCH-NW-16V.nw.nos.boeing.com> Date: Thu, 27 Jun 2013 11:19:47 +0200 Message-id: <5FBDFE72-9531-4E3F-AD70-D03E09FB9B57@comsys.rwth-aachen.de> References: <758141CC3D829043A8C3164DD3D593EA2ED6C951B2@XCH-NW-16V.nw.nos.boeing.com> <758141CC3D829043A8C3164DD3D593EA2ED6C951B3@XCH-NW-16V.nw.nos.boeing.com> To: "Henderson, Thomas R" X-Mailer: Apple Mail (2.1508) Cc: HIP Subject: Re: [Hipsec] TRANSPORT_FORMAT_LIST issues in 5201-bis and 5202-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jun 2013 09:20:06 -0000 --Boundary_(ID_iGLVN9XrNtBUYargdACJpQ) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable On 27.06.2013, at 07:45, "Henderson, Thomas R" = wrote: >> Furthermore, I suggest to move the ESP_TRANSFORM negotiation to the = I2 >> and R2 in order to complete the transport format type negotiation >> before starting the ESP transform negotiation. As I see it, this = should >> not negatively impact ESP SA setup as the KEYMAT index in the = ESP_INFO >> parameter is independent from the chosen ESP Suite ID. Or did I make = a >> mistake here? >>=20 >=20 > Here, I think the impact may be that it is not aligned with other = negotiations in which the responder provides the list for the initiator = to choose from. By delaying it as you suggest, the initiator will be = sending the list of acceptable transforms and the responder choosing. Ok, but the Initiator already proposes the DH_GROUP_LIST in HIPv2. > As is currently specified, the inclusion in R1 also adds clarity to = the TRANSPORT_FORMAT_LIST in the sense that the responders clarifies to = the initiator, e.g. "I accept ESP, and by ESP, I mean the suites defined = in this ESP_TRANSFORM list", and the initiator can decide to proceed or = not based on that information. That's actually a good point. > The downside to the current text seems to be that some bytes may be = wasted in starting the transform-specific negotiations for possibly = unselected transforms. I don't know how much this would occur or be a = problem in practice.=20 We could argue that resource-constrained devices will probably restrict = support to a single transform for the sake of minimizing ROM overhead = and that the additional parameter adds negligible overhead in = unconstrained scenarios. With this line of argumentation, we can leave = the negotiation in 5202-bis as it is today. Other opinions? BR Ren=E9 -- Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and Distributed Systems RWTH Aachen University, Germany tel: +49 241 80 21429 web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ --Boundary_(ID_iGLVN9XrNtBUYargdACJpQ) Content-type: text/html; charset=iso-8859-1 Content-transfer-encoding: quoted-printable thomas.r.henderson@boeing.co= m> wrote:
Furthermore, I suggest to move = the ESP_TRANSFORM negotiation to the I2
and R2 in order to = complete the transport format type negotiation
before starting the = ESP transform negotiation. As I see it, this should
not negatively = impact ESP SA setup as the KEYMAT index in = the ESP_INFO
parameter is independent from the chosen = ESP Suite ID. Or did I make a
mistake = here?


Here, I think the impact may = be that it is not aligned with other negotiations in which the responder = provides the list for the initiator to choose from.  By delaying it = as you suggest, the initiator will be sending the list of acceptable = transforms and the responder choosing.

The downside to the current text seems = to be that some bytes may be wasted in starting the transform-specific = negotiations for possibly unselected transforms.  I don't know how = much this would occur or be a problem in practice. 

We could argue that resource-constrained devices will = probably restrict support to a single transform for the sake of = minimizing ROM overhead and that the additional parameter adds = negligible overhead in unconstrained scenarios. With this line of = argumentation, we can leave the negotiation in 5202-bis as it is today. = Other opinions?

BR
Ren=E9


--
Dipl.-Inform. Rene Hummen, = Ph.D. Student
Chair of Communication and = Distributed Systems
RWTH Aachen University, Germany
tel: +49 = 241 80 21429
web: http://www.com= sys.rwth-aachen.de/team/rene-hummen/

= --Boundary_(ID_iGLVN9XrNtBUYargdACJpQ)-- From internet-drafts@ietf.org Sun Jun 30 09:27:03 2013 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BD5321F9AE8; Sun, 30 Jun 2013 09:27:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NN9+ybCCxR30; Sun, 30 Jun 2013 09:27:02 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4234521F9A84; Sun, 30 Jun 2013 09:27:02 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.51.p2 Message-ID: <20130630162702.12802.63993.idtracker@ietfa.amsl.com> Date: Sun, 30 Jun 2013 09:27:02 -0700 Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action: draft-ietf-hip-rfc5201-bis-12.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jun 2013 16:27:03 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Host Identity Protocol Working Group of t= he IETF. Title : Host Identity Protocol Version 2 (HIPv2) Author(s) : Robert Moskowitz Tobias Heer Petri Jokela Thomas R. Henderson Filename : draft-ietf-hip-rfc5201-bis-12.txt Pages : 125 Date : 2013-06-30 Abstract: This document specifies the details of the Host Identity Protocol (HIP). HIP allows consenting hosts to securely establish and maintain shared IP-layer state, allowing separation of the identifier and locator roles of IP addresses, thereby enabling continuity of communications across IP address changes. HIP is based on a SIGMA- compliant Diffie-Hellman key exchange, using public key identifiers from a new Host Identity namespace for mutual peer authentication. The protocol is designed to be resistant to denial-of-service (DoS) and man-in-the-middle (MitM) attacks. When used together with another suitable security protocol, such as the Encapsulated Security Payload (ESP), it provides integrity protection and optional encryption for upper-layer protocols, such as TCP and UDP. This document obsoletes RFC 5201 and addresses the concerns raised by the IESG, particularly that of crypto agility. It also incorporates lessons learned from the implementations of RFC 5201. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-rfc5201-bis There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-12 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-rfc5201-bis-12 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/