From hipsec-bounces@ietf.org Mon Jan 5 08:04:31 2009 Return-Path: X-Original-To: hipsec-archive@megatron.ietf.org Delivered-To: ietfarch-hipsec-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 35AB33A6853; Mon, 5 Jan 2009 08:04:31 -0800 (PST) X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C32323A6853; Mon, 5 Jan 2009 08:04:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tjEXVrCD0kyD; Mon, 5 Jan 2009 08:04:28 -0800 (PST) Received: from creon.otaverkko.fi (creon.otaverkko.fi [212.68.0.5]) by core3.amsl.com (Postfix) with ESMTP id 7BF9A3A67A5; Mon, 5 Jan 2009 08:04:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by creon.otaverkko.fi (Postfix) with ESMTP id 5B46821AF59; Mon, 5 Jan 2009 18:04:15 +0200 (EET) Received: from creon.otaverkko.fi ([127.0.0.1]) by localhost (creon.otaverkko.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27826-04; Mon, 5 Jan 2009 18:04:11 +0200 (EET) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by creon.otaverkko.fi (Postfix) with ESMTP id 619B721AF55; Mon, 5 Jan 2009 18:04:11 +0200 (EET) Received: from [193.167.187.26] (halko.pc.infrahip.net [193.167.187.26]) by argo.otaverkko.fi (Postfix) with ESMTP id 5524125ED06; Mon, 5 Jan 2009 18:04:11 +0200 (EET) Message-ID: <49622F7B.2000909@hiit.fi> Date: Mon, 05 Jan 2009 18:04:11 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: hipsec@ietf.org, hipsec-rg@listserv.cybertrust.com X-Virus-Scanned: amavisd-new at otaverkko.fi Cc: p2psip@ietf.org Subject: [Hipsec] [Fwd: hipl release 1.0.4] X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: hipsec-bounces@ietf.org Errors-To: hipsec-bounces@ietf.org FYI, -------- Original Message -------- Subject: hipl release 1.0.4 Date: Mon, 05 Jan 2009 18:02:49 +0200 From: Miika Komu Reply-To: miika.komu@hiit.fi To: hipl-users@freelists.org, hipl-announce@freelists.org Hi folks, we have published HIP for Linux (HIPL) release 1.0.4 in the URL below: http://infrahip.hiit.fi/hipl/release/1.0.4/ The release includes binaries for Ubuntu, Fedora, CentOS and Maemo for Nokia Tablets. The binaries (and updates) can also be downloaded using apt and yum in few steps using the instructions below: http://infrahip.hiit.fi/index.php?index=download The release includes many improvements including a number of bug fixes and better support for infrastructure (DNS, Bamboo DHT, rendezvous). Please refer to release notes for further details. The main theme in the following release (1.0.5) is on fault-tolerant mobility management. Suggestions for improvements and bugs can be reported at: http://www.freelists.org/list/hipl-users _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@ietf.org Mon Jan 19 15:14:55 2009 Return-Path: X-Original-To: hipsec-archive@megatron.ietf.org Delivered-To: ietfarch-hipsec-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7E9E3A6A04; Mon, 19 Jan 2009 15:14:55 -0800 (PST) X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 01B3F3A6A04 for ; Mon, 19 Jan 2009 15:14:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.058 X-Spam-Level: X-Spam-Status: No, score=-2.058 tagged_above=-999 required=5 tests=[AWL=0.542, BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DPTtnLNFvIN7 for ; Mon, 19 Jan 2009 15:14:48 -0800 (PST) Received: from felwood.infrahip.net (felwood.infrahip.net [IPv6:2001:708:140:220::3]) by core3.amsl.com (Postfix) with ESMTP id 96C773A6817 for ; Mon, 19 Jan 2009 15:14:46 -0800 (PST) Received: from stargazer.pc.infrahip.net (stargazer.pc.infrahip.net [IPv6:2001:708:140:220:215:60ff:fe9f:60c4]) by felwood.infrahip.net (8.14.2/8.14.2) with ESMTP id n0JNEPnE013815 for ; Tue, 20 Jan 2009 01:14:27 +0200 Date: Tue, 20 Jan 2009 01:14:25 +0200 (EET) From: Oleg Ponomarev X-X-Sender: ponomare@stargazer.pc.infrahip.net To: hipsec@ietf.org Message-ID: User-Agent: Alpine 2.00 (LFD 1167 2008-08-23) X-GPG-FINGRPRINT: E94D 632A 70E4 3F92 9A7E B04E 20BF FC6B 983B CA5E X-GPG-PUBLIC_KEY: http://ponomarev.ru/oleg.asc MIME-Version: 1.0 Subject: [Hipsec] HIT to IP in DNS X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: hipsec-bounces@ietf.org Errors-To: hipsec-bounces@ietf.org Hi! I just submitted an initial version of a draft[1] to specify one of the methods used in HIPL[2] to do the HIT->current IP addresses resolution. This is needed to run legacy applications. Briefly: query A/AAAA 8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1. 0.0.1.0.0.2.hit-to-ip.example.net. and allow their changes from the corresponding HIT. Your comments are appreciated as usual. [1] http://tools.ietf.org/html/draft-ponomarev-hip-hit2ip-00 [2] http://hipl.hiit.fi/ -- Regards, Oleg. _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@ietf.org Wed Jan 21 08:16:35 2009 Return-Path: X-Original-To: hipsec-archive@megatron.ietf.org Delivered-To: ietfarch-hipsec-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B2243A6BE7; Wed, 21 Jan 2009 08:10:24 -0800 (PST) X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A31028C154 for ; Wed, 21 Jan 2009 08:10:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.689 X-Spam-Level: X-Spam-Status: No, score=-5.689 tagged_above=-999 required=5 tests=[AWL=0.910, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dmyapImqcB+7 for ; Wed, 21 Jan 2009 08:10:17 -0800 (PST) Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id 860513A699F for ; Wed, 21 Jan 2009 08:10:17 -0800 (PST) Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id n0LG9lWq011027 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 21 Jan 2009 10:09:48 -0600 (CST) Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id n0LG9kk6014982; Wed, 21 Jan 2009 08:09:46 -0800 (PST) Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by blv-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id n0LG9jQ1014893; Wed, 21 Jan 2009 08:09:46 -0800 (PST) Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 21 Jan 2009 08:09:35 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Wed, 21 Jan 2009 08:09:34 -0800 Message-ID: <77F357662F8BFA4CA7074B0410171B6D07B0BCD6@XCH-NW-5V1.nw.nos.boeing.com> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Hipsec] HIT to IP in DNS Thread-Index: Acl6i7U8OYR9FCdDQ1S1+W33gCAO4wBVG4Fg References: From: "Henderson, Thomas R" To: "Oleg Ponomarev" , X-OriginalArrivalTime: 21 Jan 2009 16:09:35.0328 (UTC) FILETIME=[A71CD600:01C97BE2] Subject: Re: [Hipsec] HIT to IP in DNS X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: hipsec-bounces@ietf.org Errors-To: hipsec-bounces@ietf.org Hi Oleg, A few comments below. > -----Original Message----- > From: Oleg Ponomarev [mailto:oleg.ponomarev@hiit.fi] > Sent: Monday, January 19, 2009 3:14 PM > To: hipsec@ietf.org > Subject: [Hipsec] HIT to IP in DNS > > Hi! > > I just submitted an initial version of a draft[1] to specify > one of the > methods used in HIPL[2] to do the HIT->current IP addresses > resolution. > This is needed to run legacy applications. I disagree that this is strictly needed to run legacy applications. Perhaps "may be useful" instead of "needed"? > > Briefly: query A/AAAA > 8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1. > 0.0.1.0.0.2.hit-to-ip.example.net. and allow their changes from the > corresponding HIT. > > Your comments are appreciated as usual. You are really talking about defining domain names based on HITs and storing them in a well known domain. Maybe the title could be simplified to "Storing HITs as domain names in the DNS". What if the target end system uses an RVS? 2.1. Preconfigured Domain The systems using this method MUST have the same domain pre- configured, for example hit-to-ip.example.net. It seems like this could be slightly relaxed to state that systems MUST share at least one top-level domain storing the HITs, since it is conceivable that more than one server (name service provider) could be used, and records could be looked up at multiple places. 2.4 Managing the Records The system MAY send DNS UPDATE[RFC2136] to the server provided by SOA MNAME field of the domain. The system MUST use HIT as the source address in this case. Can you clarify what "source address" you are talking about above? The system MAY add or delete A/AAAA or CNAME records for its own HIT representation. The domain provided in SOA MNAME field of the preconfigured domain MUST have Host Identity of the server stored in DNS, the IP addresses MUST be listed in that domain using suggested method and the server MUST accept DNS UPDATE messages, which add or delete A/AAAA or CNAME records for the HIT representation of the client after successfull HIP base exchange. It might be helpful to clarify that the HIP base exchange here serves to authenticate the origin of the DNS UPDATE, from the server's perspective. Also, DHTs are an alternative lookup mechanism that can be used in this scenario; it would be helpful to reference that draft: http://tools.ietf.org/html/draft-ahrenholz-hiprg-dht-03 - Tom _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@ietf.org Wed Jan 28 23:49:44 2009 Return-Path: X-Original-To: hipsec-archive@megatron.ietf.org Delivered-To: ietfarch-hipsec-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60B283A69CE; Wed, 28 Jan 2009 23:49:44 -0800 (PST) X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 107543A69CE for ; Wed, 28 Jan 2009 23:49:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fnRyciG-yDhC for ; Wed, 28 Jan 2009 23:49:43 -0800 (PST) Received: from creon.otaverkko.fi (creon.otaverkko.fi [212.68.0.5]) by core3.amsl.com (Postfix) with ESMTP id 24DAD3A68DD for ; Wed, 28 Jan 2009 23:49:42 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by creon.otaverkko.fi (Postfix) with ESMTP id 85A6021AF58; Thu, 29 Jan 2009 09:49:23 +0200 (EET) Received: from creon.otaverkko.fi ([127.0.0.1]) by localhost (creon.otaverkko.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11515-09; Thu, 29 Jan 2009 09:49:19 +0200 (EET) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by creon.otaverkko.fi (Postfix) with ESMTP id 09BC821AF43; Thu, 29 Jan 2009 09:49:19 +0200 (EET) Received: from [193.167.187.26] (halko.pc.infrahip.net [193.167.187.26]) by argo.otaverkko.fi (Postfix) with ESMTP id 0298625ED06; Thu, 29 Jan 2009 09:49:19 +0200 (EET) Message-ID: <49815F7E.5080604@hiit.fi> Date: Thu, 29 Jan 2009 09:49:18 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: hipsec@ietf.org X-Virus-Scanned: amavisd-new at otaverkko.fi Subject: [Hipsec] feedback of hiccups-01 draft X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: hipsec-bounces@ietf.org Errors-To: hipsec-bounces@ietf.org Hi, I have some feedback of the hiccups draft. The draft is well written and easy to read and understand. However, I have few questions (sorry if these have been asked already): * I guess the draft assumes that data packets may be sent over HIP-aware overlays. I would suggest that the authors have a look at draft-heer-hip-middle-auth and perhaps add a pointer to the draft. Particularly, I would propose to make the public key mandatory and perhaps the middlebox extension as SHOULD? There is a new version of the draft coming up very soon. Feel free to ask Tobias for a preview if you are interested. * The justification for the seq/ack mechanism is a bit unclear. Is it only about replay protection? * I just implemented minimal support for HIP_DATA in HIPL. Now the implementation should be able to respond with an R1 to a HIPL_DATA packet. Now we need to test it for interoperability :) I would suggest that OpenHIP folks also implemented this feature because it should be only few lines of code. * Second paragraph in section 5 explain about the issues with fragmentation. Implementation wise, shouldn't this problem be just solved by lowering the MTU of the tunnel device by the size of HIP header, [HOST_ID], payload HMAC and HIP_SIGNATURE? _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@ietf.org Fri Jan 30 10:25:15 2009 Return-Path: X-Original-To: hipsec-archive@megatron.ietf.org Delivered-To: ietfarch-hipsec-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 336DA3A6AC8; Fri, 30 Jan 2009 10:25:15 -0800 (PST) X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CACE128C19D for ; Fri, 30 Jan 2009 10:25:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.819 X-Spam-Level: X-Spam-Status: No, score=-5.819 tagged_above=-999 required=5 tests=[AWL=0.780, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qi+wRRR1Z8Bm for ; Fri, 30 Jan 2009 10:25:12 -0800 (PST) Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 432673A6AEE for ; Fri, 30 Jan 2009 10:25:11 -0800 (PST) Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id n0UIOhQw027256 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 30 Jan 2009 10:24:44 -0800 (PST) Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id n0UIOgxe027328; Fri, 30 Jan 2009 12:24:42 -0600 (CST) Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by stl-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id n0UIObHx027132; Fri, 30 Jan 2009 12:24:42 -0600 (CST) Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 30 Jan 2009 10:24:42 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 30 Jan 2009 10:24:42 -0800 Message-ID: <77F357662F8BFA4CA7074B0410171B6D07B0BD3A@XCH-NW-5V1.nw.nos.boeing.com> In-Reply-To: <49815F7E.5080604@hiit.fi> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Hipsec] feedback of hiccups-01 draft Thread-Index: AcmB5h1BR0ZI/UoSTRai7zTd7vu/jwBIKCgw References: <49815F7E.5080604@hiit.fi> From: "Henderson, Thomas R" To: , X-OriginalArrivalTime: 30 Jan 2009 18:24:42.0371 (UTC) FILETIME=[05012D30:01C98308] Subject: Re: [Hipsec] feedback of hiccups-01 draft X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: hipsec-bounces@ietf.org Errors-To: hipsec-bounces@ietf.org > > * The justification for the seq/ack mechanism is a bit unclear. Is it > only about replay protection? I have a similar question-- why not just make this an unreliable data service and delegate reliability to the application? > > * I just implemented minimal support for HIP_DATA in HIPL. Now the > implementation should be able to respond with an R1 to a HIPL_DATA > packet. Now we need to test it for interoperability :) I > would suggest > that OpenHIP folks also implemented this feature because it should be > only few lines of code. > what is your user-space API for this service? It is some kind of SEQPACKET socket? > * Second paragraph in section 5 explain about the issues with > fragmentation. Implementation wise, shouldn't this problem be just > solved by lowering the MTU of the tunnel device by the size of HIP > header, [HOST_ID], payload HMAC and HIP_SIGNATURE? I think this is a complicated issue and agree that it would be helpful to give more guidance on how to handle it, beyond "should not generate too large datagrams". Again, there may be API issues to discuss with respect to this. - Tom _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec