From nobody Wed Nov 2 06:32:19 2016 Return-Path: X-Original-To: hipsec@ietf.org Delivered-To: hipsec@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 22C3D12965C; Wed, 2 Nov 2016 06:32:15 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.37.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <147809353513.24053.3836261800611659555.idtracker@ietfa.amsl.com> Date: Wed, 02 Nov 2016 06:32:15 -0700 Archived-At: Cc: hip-chairs@ietf.org, draft-ietf-hip-rfc5206-bis@ietf.org, hipsec@ietf.org, The IESG , rfc-editor@rfc-editor.org Subject: [Hipsec] Protocol Action: 'Host Mobility with the Host Identity Protocol' to Proposed Standard (draft-ietf-hip-rfc5206-bis-14.txt) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2016 13:32:15 -0000 The IESG has approved the following document: - 'Host Mobility with the Host Identity Protocol' (draft-ietf-hip-rfc5206-bis-14.txt) as Proposed Standard This document is the product of the Host Identity Protocol Working Group. The IESG contact persons are Suresh Krishnan and Terry Manderson. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-rfc5206-bis/ Technical Summary This document defines mobility extensions to the Host Identity Protocol (HIP). Specifically, this document defines a general "LOCATOR_SET" parameter for HIP messages that allows for a HIP host to notify peers about alternate addresses at which it may be reached. This document also defines elements of procedure for mobility of a HIP host -- the process by which a host dynamically changes the primary locator that it uses to receive packets. While the same LOCATOR_SET parameter can also be used to support end-host multihoming, detailed procedures are out of scope for this document. This document obsoletes RFC 5206. Working Group Summary There was WG consensus behind this document. Document Quality As discussed in RFC 6538, there are several implementations of the Experimental HIP specs. At least HIP for Linux and OpenHIP will be updated to comply with the new standards-track specs like this one. Personnel Gonzalo Camarillo is the documetn shepherd. Terry Manderson is the responsible area director. From nobody Wed Nov 2 06:33:56 2016 Return-Path: X-Original-To: hipsec@ietf.org Delivered-To: hipsec@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FCBB129649; Wed, 2 Nov 2016 06:33:51 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.37.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <147809363165.24057.4200072367858808481.idtracker@ietfa.amsl.com> Date: Wed, 02 Nov 2016 06:33:51 -0700 Archived-At: Cc: hip-chairs@ietf.org, hipsec@ietf.org, The IESG , draft-ietf-hip-multihoming@ietf.org, rfc-editor@rfc-editor.org Subject: [Hipsec] Protocol Action: 'Host Multihoming with the Host Identity Protocol' to Proposed Standard (draft-ietf-hip-multihoming-12.txt) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2016 13:33:52 -0000 The IESG has approved the following document: - 'Host Multihoming with the Host Identity Protocol' (draft-ietf-hip-multihoming-12.txt) as Proposed Standard This document is the product of the Host Identity Protocol Working Group. The IESG contact persons are Suresh Krishnan and Terry Manderson. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-multihoming/ Technical Summary This document defines host multihoming extensions to the Host Identity Protocol (HIP), by leveraging protocol components defined for host mobility. Working Group Summary There was WG consensus behind this document. Document Quality As discussed in RFC 6538, there are several implementations of the Experimental HIP specs. At least HIP for Linux and OpenHIP will be updated to comply with the new standards-track specs like this one. Personnel Gonzalo Camarillo is the document shepherd. Terry Manderson is the responsible area director. From nobody Wed Nov 2 07:06:12 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55A381294B6 for ; Wed, 2 Nov 2016 07:06:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.221 X-Spam-Level: X-Spam-Status: No, score=-104.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_Re816Z92PI for ; Wed, 2 Nov 2016 07:06:06 -0700 (PDT) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E5DD12964E for ; Wed, 2 Nov 2016 07:06:05 -0700 (PDT) X-AuditID: c1b4fb2d-5b107980000009f7-5a-5819f2cbd2f8 Received: from ESESSHC022.ericsson.se (Unknown_Domain [153.88.183.84]) by (Symantec Mail Security) with SMTP id 5D.CE.02551.BC2F9185; Wed, 2 Nov 2016 15:06:03 +0100 (CET) Received: from [100.94.10.152] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.86) with Microsoft SMTP Server id 14.3.319.2; Wed, 2 Nov 2016 15:06:02 +0100 To: Robert Moskowitz , HIP References: <521c8747-2653-b1be-aa58-3c3e79410beb@htt-consult.com> From: Gonzalo Camarillo Message-ID: <513d3eab-c0d5-de7f-2b01-be146f6aef25@ericsson.com> Date: Wed, 2 Nov 2016 16:06:01 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <521c8747-2653-b1be-aa58-3c3e79410beb@htt-consult.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrOLMWRmVeSWpSXmKPExsUyM2J7iO7pT5IRBj8atSymLprMbNGw7jOj A5PH7klN7B5LlvxkCmCK4rJJSc3JLEst0rdL4Mpo3PKMseAfd8Ws7j72BsYfnF2MnBwSAiYS 0ya9ZO5i5OIQEljHKLHvzDQ2CGcVo8S7ZceYQaqEBTQkbtyaBGaLCDhK/Ot+wAZiCwk4Sfzc cY0VxGYTsJDYcus+C4jNK2Av8WvXJnYQm0VARaJ9URdYXFQgRuL6s0dsEDWCEidnPgGLcwo4 S2xc+ReonoODWUBTYv0ufZAws4C8xPa3c5ghVmlLLH/WwjKBkX8Wku5ZCB2zkHQsYGRexSha nFpcnJtuZKyXWpSZXFycn6eXl1qyiREYfAe3/Nbdwbj6teMhRgEORiUe3g9rJSKEWBPLiitz DzFKcDArifC+eC8ZIcSbklhZlVqUH19UmpNafIhRmoNFSZzXbOX9cCGB9MSS1OzU1ILUIpgs EwenVAOjj7PE7wXBv5/xPzpyL3KTQZnfSvagjN1NelmC/Gdu7rtzcKO39h85/s8V56t+PlkU viGNrfTm5WVemW6tm84dTvgvdkRrruOLPXOatUUtZ5/Rn6Sw28juxJ445aJdG1M0D4Wryr2Q KD31rU5yccLufcv36+kzfNpasj+5MGq+0fcv9hXp2+OuKLEUZyQaajEXFScCAP1/txM6AgAA Archived-At: Subject: Re: [Hipsec] Updated hip drafts X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2016 14:06:09 -0000 Hi Bob, as you know, this WG is scheduled to close down soon, per our charter: https://datatracker.ietf.org/wg/hip/charter/ The plan is to publish the native NAT traversal, HIP DEX, and architecture specs and then close it down. So, at this point we would need to find a home for these new drafts. The idea would be to socialize them, get some traction in the community, and then talk with our AD. If there is energy behind them, our AD will for sure find or create a home for them. If there is not enough energy... well... Cheers, Gonzalo On 28/10/2016 3:31 AM, Robert Moskowitz wrote: > I just updated a a set of drafts: > > These define a Secure Session Layer Service. The last has how to manage > it with HIP and defines some new HIP parameters to negotiate sse and > gpcomp: > > https://www.ietf.org/internet-drafts/draft-moskowitz-sse-04.txt > https://www.ietf.org/internet-drafts/draft-moskowitz-gpcomp-01.txt > https://www.ietf.org/internet-drafts/draft-moskowitz-ssls-hip-01.txt > > These propose a hip-based mobility solution for 5gpp. IPnHIP can use > gpcomp: > > https://www.ietf.org/internet-drafts/draft-moskowitz-hierarchical-hip-02.txt > > https://www.ietf.org/internet-drafts/draft-moskowitz-hip-ipnhip-01.txt > https://www.ietf.org/internet-drafts/draft-moskowitz-hip-fast-mobility-01.txt > > https://www.ietf.org/internet-drafts/draft-moskowitz-hip-based-5gpp-ip-mobility-01.txt > > > I welcome all comments. > > Thank you > > Robert Moskowitz > From nobody Wed Nov 2 07:07:36 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E020129625 for ; Wed, 2 Nov 2016 07:07:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.221 X-Spam-Level: X-Spam-Status: No, score=-104.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tGsdGFsxfPZz for ; Wed, 2 Nov 2016 07:07:32 -0700 (PDT) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D1CB1294B6 for ; Wed, 2 Nov 2016 07:07:32 -0700 (PDT) X-AuditID: c1b4fb3a-447ff700000070a2-44-5819f321a244 Received: from ESESSHC005.ericsson.se (Unknown_Domain [153.88.183.33]) by (Symantec Mail Security) with SMTP id 79.40.28834.123F9185; Wed, 2 Nov 2016 15:07:31 +0100 (CET) Received: from [100.94.10.152] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.35) with Microsoft SMTP Server id 14.3.319.2; Wed, 2 Nov 2016 15:07:29 +0100 To: HIP References: From: Gonzalo Camarillo Message-ID: Date: Wed, 2 Nov 2016 16:07:28 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLLMWRmVeSWpSXmKPExsUyM2K7oq7yZ8kIgylbmC2mLprM7MDosWTJ T6YAxigum5TUnMyy1CJ9uwSujLvb3jAVfGSqaG5vYWlgnMnUxcjJISFgIrFv1S3WLkYuDiGB dYwSJzceZYJwVjFKdO78AFYlLGAo0T6lnQ3EFhGQlOi5u5QFxBYSsJe4e+IbO4jNJmAhseXW fbA4L1D8/tFNYHEWARWJGXs7mUFsUYEYievPHrFB1AhKnJz5BKyeU8BB4s+jbUA2BwezgKbE +l36IGFmAXmJ7W/nMEOs0pZY/qyFZQIj/ywk3bMQOmYh6VjAyLyKUbQ4tbg4N93ISC+1KDO5 uDg/Ty8vtWQTIzDQDm75bbWD8eBzx0OMAhyMSjy8H9ZKRAixJpYVV+YeYpTgYFYS4X3xXjJC iDclsbIqtSg/vqg0J7X4EKM0B4uSOK/ZyvvhQgLpiSWp2ampBalFMFkmDk6pBsa+nNLTxedq uyRnO6f1LxGJnnS/2sz38E/m95+Y7Zl57xzwK5m24egG9bkTma22+CZEqD3+7Kl2QGnfAd97 jzUdFpcGmnX1HmXkLjsa8Vzxjk7HAfO/s/m46q+kBO3cZ396SeZvw4uffE8GVbIqGOuXOtgW b5BWKpARd1ybzWG1/vfnLUk7VimxFGckGmoxFxUnAgBD9yadMAIAAA== Archived-At: Subject: Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2016 14:07:35 -0000 All, please note this WGLC, review the draft, and send your comments to the list. Thanks! Cheers, Gonzalo On 27/10/2016 9:39 AM, Gonzalo Camarillo wrote: > Folks, > > I would like to start a WGLC on the following draft. This WGLC will > end on November 20th: > > https://tools.ietf.org/html/draft-ietf-hip-dex-04 > > Thanks, > > Gonzalo > From nobody Wed Nov 2 07:50:36 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42866129639 for ; Wed, 2 Nov 2016 07:50:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.698 X-Spam-Level: X-Spam-Status: No, score=-5.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_cj_iTZcjkW for ; Wed, 2 Nov 2016 07:50:33 -0700 (PDT) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DA8912944B for ; Wed, 2 Nov 2016 07:50:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 739F562330; Wed, 2 Nov 2016 10:50:32 -0400 (EDT) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id luiBUi9asdRT; Wed, 2 Nov 2016 10:50:26 -0400 (EDT) Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 1A13F6232A; Wed, 2 Nov 2016 10:50:25 -0400 (EDT) To: Gonzalo Camarillo , HIP References: <521c8747-2653-b1be-aa58-3c3e79410beb@htt-consult.com> <513d3eab-c0d5-de7f-2b01-be146f6aef25@ericsson.com> From: Robert Moskowitz Message-ID: <2262bbf0-2537-296a-2b5d-348e2d0f72c3@htt-consult.com> Date: Wed, 2 Nov 2016 10:50:18 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: <513d3eab-c0d5-de7f-2b01-be146f6aef25@ericsson.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Hipsec] Updated hip drafts X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2016 14:50:35 -0000 I know this. Sue Hares has been talking to the Transport area about the SSLS work and we will have more discussions at the meeting. SSLS is much more than HIP, HIP is one of the ways to manage it. The HIP 5gpp mobility work will be separate socialization effort. This is mostly HIP with some other pieces in the mix. Bob On 11/02/2016 10:06 AM, Gonzalo Camarillo wrote: > Hi Bob, > > as you know, this WG is scheduled to close down soon, per our charter: > > https://datatracker.ietf.org/wg/hip/charter/ > > The plan is to publish the native NAT traversal, HIP DEX, and > architecture specs and then close it down. > > So, at this point we would need to find a home for these new drafts. The > idea would be to socialize them, get some traction in the community, and > then talk with our AD. > > If there is energy behind them, our AD will for sure find or create a > home for them. If there is not enough energy... well... > > Cheers, > > Gonzalo > > On 28/10/2016 3:31 AM, Robert Moskowitz wrote: >> I just updated a a set of drafts: >> >> These define a Secure Session Layer Service. The last has how to manage >> it with HIP and defines some new HIP parameters to negotiate sse and >> gpcomp: >> >> https://www.ietf.org/internet-drafts/draft-moskowitz-sse-04.txt >> https://www.ietf.org/internet-drafts/draft-moskowitz-gpcomp-01.txt >> https://www.ietf.org/internet-drafts/draft-moskowitz-ssls-hip-01.txt >> >> These propose a hip-based mobility solution for 5gpp. IPnHIP can use >> gpcomp: >> >> https://www.ietf.org/internet-drafts/draft-moskowitz-hierarchical-hip-02.txt >> >> https://www.ietf.org/internet-drafts/draft-moskowitz-hip-ipnhip-01.txt >> https://www.ietf.org/internet-drafts/draft-moskowitz-hip-fast-mobility-01.txt >> >> https://www.ietf.org/internet-drafts/draft-moskowitz-hip-based-5gpp-ip-mobility-01.txt >> >> >> I welcome all comments. >> >> Thank you >> >> Robert Moskowitz >> From nobody Mon Nov 14 05:16:19 2016 Return-Path: X-Original-To: hipsec@ietf.org Delivered-To: hipsec@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 27062129418; Mon, 14 Nov 2016 05:16:18 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.37.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <147912937815.1004.10393073920231652956.idtracker@ietfa.amsl.com> Date: Mon, 14 Nov 2016 05:16:18 -0800 Archived-At: Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action: draft-ietf-hip-rfc4423-bis-15.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Nov 2016 13:16:18 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Host Identity Protocol Architecture Authors : Robert Moskowitz Miika Komu Filename : draft-ietf-hip-rfc4423-bis-15.txt Pages : 42 Date : 2016-11-14 Abstract: This memo describes a new namespace, the Host Identity namespace, and a new protocol layer, the Host Identity Protocol, between the internetworking and transport layers. Herein are presented the basics of the current namespaces, their strengths and weaknesses, and how a new namespace will add completeness to them. The roles of this new namespace in the protocols are defined. This document obsoletes RFC 4423 and addresses the concerns raised by the IESG, particularly that of crypto agility. It incorporates lessons learned from the implementations of RFC 5201 and goes further to explain how HIP works as a secure signaling channel. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-rfc4423-bis/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-hip-rfc4423-bis-15 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-rfc4423-bis-15 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Nov 14 05:20:30 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC3601296E4 for ; Mon, 14 Nov 2016 05:20:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.221 X-Spam-Level: X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j2b10HD5R9zH for ; Mon, 14 Nov 2016 05:20:26 -0800 (PST) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44CBE1296DF for ; Mon, 14 Nov 2016 05:20:25 -0800 (PST) X-AuditID: c1b4fb2d-5b107980000009f7-52-5829ba185094 Received: from ESESSHC005.ericsson.se (Unknown_Domain [153.88.183.33]) by (Symantec Mail Security) with SMTP id DC.D8.02551.81AB9285; Mon, 14 Nov 2016 14:20:24 +0100 (CET) Received: from [100.94.2.119] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.35) with Microsoft SMTP Server id 14.3.319.2; Mon, 14 Nov 2016 14:17:56 +0100 To: Gonzalo Camarillo References: <05261b68-ce2d-f6cc-7ce9-807b64151a4f@ericsson.com> <66ff7348-c953-9f76-af59-68e1fbac56db@ericsson.com> From: Miika Komu Organization: Ericsson AB Message-ID: Date: Mon, 14 Nov 2016 15:17:55 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <66ff7348-c953-9f76-af59-68e1fbac56db@ericsson.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms080903070605030306040606" X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrLLMWRmVeSWpSXmKPExsUyM2K7oq7ELs0Ig7N/eC2mLprMbNGw7jOj A5PH7klN7B5LlvxkCmCK4rJJSc3JLEst0rdL4MqYuoytYL1pRW9zcgPjWaMuRk4OCQETiSPL 57F2MXJxCAmsY5Tov/GFBcJZxShx8GUPK0iVsICKxKQbc8FsEQEziff/VjFBFK1mlHjxtIER JMEs4Cgx6f0jsCI2AS2JVXeuM4PY/AKSEhsadoPZvAL2Es+/N7OD2CwCqhKLt70Gi4sKREhs +jqHBaJGUOLkzCdgNqeAg8SyJ2vZQZYxC3QzSiw4/AHI4QDarCJx8VjwBEaBWUhaZiErmwV2 k5nEvM0PmSFsbYllC19D2dYSM34dZIOwFSWmdD+EqjeVeH30IyOEbSyxbN1ftgWMHKsYRYtT i4tz042M9VKLMpOLi/Pz9PJSSzYxAiPi4JbfujsYV792PMQowMGoxMP7oV4jQog1say4MvcQ owrQnEcbVl9glGLJy89LVRLhzV+nGSHEm5JYWZValB9fVJqTWnyIUZqDRUmc12zl/XAhgfTE ktTs1NSC1CKYLBMHp1QDYwT7n6ILrgVbXpbG1G2dL9u61drKMtN+TbZCu7/7h7fORi6rk8/8 8j33cK5NTdppxtBnz9NEjSbu4G78qn5xd0Ous1flE9d7i//8yFviHrZsg8Ce3JUFjrKW/+9s XPT/y6HO4FcbdwhushZhzi1bvu34veUrNNz7d3MfaJhs7Mmk8vdC53EzfyWW4oxEQy3mouJE AC3NN/yQAgAA Archived-At: Cc: HIP Subject: Re: [Hipsec] RFC 4423bis and hip-dex X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Nov 2016 13:20:28 -0000 --------------ms080903070605030306040606 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi, version 15 of RFC4423bis now references DEX. On 10/27/2016 02:07 PM, Gonzalo Camarillo wrote: > Hi Miika, > > the plan is to publish rfc4423bis last, after all other drafts in our > charter (including HIP DEX) have been published. So, this would not hav= e > any influence in the planned queue. > > Cheers, > > Gonzalo > > On 27/10/2016 1:57 PM, Miika Komu wrote: >> Hi Gonzalo, >> >> On 10/21/2016 10:28 AM, Gonzalo Camarillo wrote: >>> Bob, Miika, >>> >>> RFC 4423bis does not reference the hip-dex draft. Should it? >>> >>> https://tools.ietf.org/html/draft-ietf-hip-rfc4423-bis-14 >> >> we can add it if needed. The only problem is that we should push back >> the 4423bis draft in the IETF queue since dex creates an additional >> dependency. >> --------------ms080903070605030306040606 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC DKMwggXlMIIDzaADAgECAhAJdtiEOz4F3oNPssxObH7GMA0GCSqGSIb3DQEBBQUAMDoxETAP BgNVBAoMCEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYy MB4XDTE0MTIxNTEyNDQwMVoXDTE3MTIxNTEyNDQwMFowYjERMA8GA1UECgwIRXJpY3Nzb24x EzARBgNVBAMMCk1paWthIEtvbXUxJjAkBgkqhkiG9w0BCQEWF21paWthLmtvbXVAZXJpY3Nz b24uY29tMRAwDgYDVQQFEwdlbWlpa29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAsf2pgwYbVXxhx+wwvwrS5q56tLoEhnBUsb3JG3KHYATjfQryyJsDfn90YHMl49fXFORD tFO1PPA+QB22yusgCLhjgawckYn3XBzipClxTq1UHxNq01i/RzBotdrVWYMyP4KmsBzsg/vp 0Bu5KjltP6VBGpcOi8juVeXL10uNh4XpnBbaEq2uViZJOH9+mSr0IEgh4y/lEZKnlIGpcy3v lYL4S4Vhm8Ix9X8INveWuTMdo2od1j9fdEJgtv3cg5KN2+h+pI3oN8n5ikv1xs5kaDCYFunL UnMDglkcAT8k1ebqLV0jQUNSlvDCB2hrOzVFPyEycb0ZNbX1AkOTVnlrNwIDAQABo4IBvTCC AbkwSAYDVR0fBEEwPzA9oDugOYY3aHR0cDovL2NybC50cnVzdC50ZWxpYS5jb20vZXJpY3Nz b25ubGluZGl2aWR1YWxjYXYyLmNybDCBggYIKwYBBQUHAQEEdjB0MCgGCCsGAQUFBzABhhxo dHRwOi8vb2NzcDIudHJ1c3QudGVsaWEuY29tMEgGCCsGAQUFBzAChjxodHRwOi8vY2EudHJ1 c3QudGVsaWFzb25lcmEuY29tL2VyaWNzc29ubmxpbmRpdmlkdWFsY2F2Mi5jZXIwIgYDVR0R BBswGYEXbWlpa2Eua29tdUBlcmljc3Nvbi5jb20wVQYDVR0gBE4wTDBKBgwrBgEEAYIPAgMB ARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJh LmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMB0GA1UdDgQWBBQTnHDg 6XexOtdZ/qMkn3QHKZCVZDAfBgNVHSMEGDAWgBSxDcrURrevhgLDL28Gyg52cX9LNzAOBgNV HQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQEFBQADggIBALSVMD6C/sZZz43wJ2r/Hp8BtBigpKc6 CuX60vmkzQ8vGrxeNbPJmkC56FSeGtFo85DtF56xyBd704T18jr1tHTXra8cNP37qABYzgaL aLuGjtqcOnGQY//0ZQfLJBfKJnlJHX9ZB+QFPbhwpOFm9QM2oRYFse0Gjc8LV3WJ0jMUMvZD FyYoZeQ+sak+mObsTRfkR2vsuuB4Elo4MSudCmZqqFUU7gBmp36G2ySJLt/tJlJDld+egJJP 1gXnGkwW2n33Gkcy+SVLj0CSTyy76GibPp72AiuR/wz+GIaCgQ3APVbWXkB3ld4avno+Mq2u 6+2qYphYsmYwIs5SUsh6Zn1OQWNKUtbZbs2z4ALQbA3rHmndI8eLf4z7ZqML6UBzrQjukWi0 6D8yV7OXLz/TzBrp1sdPpNpDVSEWmuC0dJ3Ro8UJOLiO91KtLKwTYOPVlg+u62A5vYN6DVyT nBksz5CpUiVN7x3DDAcjarORQnteoIwBaOeZd/JZJbr900UEOmt9aLXnh8vFZOOx7db0Xccb WO473yOnt/Kr9XX5t2kvFQnNSEI3RkFqM06z+r5WiZd+BhGJPSU80QNOJzzoEXT69DihhWhF pSirFDV6CdUSxKoFD/8qIkB2QXuQUESN0WUBuGy2HOuIqnx+BIR5fGFsaiFEY5pXLHeSvByA b3yTMIIGtjCCBJ6gAwIBAgIRAKAMy8ybmZjs4jpw9HzBwFkwDQYJKoZIhvcNAQEFBQAwNzEU MBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEw HhcNMTQwNTI3MDc0NjIxWhcNMjQwNTI3MDc0NjIxWjA6MREwDwYDVQQKDAhFcmljc3NvbjEl MCMGA1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBDQSB2MjCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBANq6U+tfSJZTn4k46qN13HgaeXXsMmGSWShc6A5IEyFboXMZW3lF Hso+/6uO3ZilvB2ipZJhrhU+RL/va+5Chay/PZq9ZZeE9N03OsHfOzlwk7uwojJ34tHLiX/y QoriI+b5DXxfIYXTFO5zlZLdaIxJwlLEQp0g4/zF6EGtodlpusaH07FAcLiIEeTMPRgXcn+8 GoFOvtuVHNh/WHePlrupUgcI9/P54ITXvmZF6xcNBEjsu8yJm1VqqK0GXSgAmInJ4Ga8S6ME 2wgSBRDolxAUbmfLQRrMvLC/tyXBvuLO8uChdzpIWt3QPtMYm2R2V1Um0zANhenIUwYCKNPq 5/yHaS48jCsOBAU0TIhBnirnZmlEbC6ALqwzGAcQMaMD8LFf1oLlWLUQxEmI4YXqBXdP5XnI cMdIEF5BtUBebzBJMMF9dDB2uj8BeoRPSYbpGl7irYUYFpq4TyocQ7qpHdYASC+NV8VTaTrF nHWqa/CGRdp3GHpkgxfOBvpamOK8udHQYQo2uA3YNd2+j7p4C3jkGG+Z6RrZOskPEwtaIHLx BiA141dhCy5EScOyNajrAXQupsDnvr2ib2ef+4nObPFvedPWIe57lyj0n3e1rTqTGIBIe9wj NnAA6MqeaTS9HchPtBvOrah/cTWzXzGjwMz0P3UJqTQ2r5EAu12/W5kpAgMBAAGjggG4MIIB tDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVzdC50ZWxp YXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlh c29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVw b3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0 dHA6Ly9jcmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5j cmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNV HQ4EFgQUsQ3K1Ea3r4YCwy9vBsoOdnF/SzcwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7 qhfoExIwDQYJKoZIhvcNAQEFBQADggIBAG4HIGyvrHc9kEKyYZtxJn9cv7S2dUxuUiegmAvU GHc+JGJyB2jyX7py9an8CsHAxg3BI3Ku9j0h7DJpXyfrlzmg36XYkNS7Ot0A1UqdjGFrtnII SI+Zj3ywHZudmDF8ktdBihHAjuk47B/Kg/Z8JhUJ37GGx/KxiIiXg5HMTdOl6mlDbJaTIEGa gdRcmH3u57r5snZ+qdVSg5UxWdhgS2+zPru/vDbPd+91zLTj9GejKXFJ6fEAOLW1j2IjJ0cy DI67d1/OzFTwCK8wYbhopK2wJ9QTKDQuWRuGoyt2d6yzd7WoAS55JE0BIt+kXDJGbOaK42H2 ifO6ERHbJiEr/oh4KzgdAes+GRjwlSaG2Z0va4Ss5lY6zfwVCEZYdZcjSDpKB0M5tTQYQeO7 QyQPOI6Gb4FXA9ko3sHvAPs4+Pq+UtWjp3y8sYr1vLCER9ePEsgLdCG27mUk9OAijkG6n5oE GOIn+70F+qvKpmm52dZ8b7DELfbuuk0CrY4p0WxH3bBt6FJkPeZJIB6YNXAYHZi7RcdBjLJh +lawbIYTJFIcoWFHAl0g0/NYsjz3DLhZz4+CrJ6SQSYmp7qDhdJAWPiaq3C+qE/h2DZAJwoz 9uHrZHB8zsZ5JL8sUZ7zgqYmNMN+9PxzasrycTJn96Y63AIZdDq1kIHIw0vF4PBTVMZtMYID FDCCAxACAQEwTjA6MREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24gTkwg SW5kaXZpZHVhbCBDQSB2MgIQCXbYhDs+Bd6DT7LMTmx+xjANBglghkgBZQMEAgEFAKCCAZcw GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYxMTE0MTMxNzU1 WjAvBgkqhkiG9w0BCQQxIgQgK8D/s8i2ZXZmVHfC+Qluu06lQ8sSpSZpPa5mlxKwoG0wXQYJ KwYBBAGCNxAEMVAwTjA6MREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24g TkwgSW5kaXZpZHVhbCBDQSB2MgIQCXbYhDs+Bd6DT7LMTmx+xjBfBgsqhkiG9w0BCRACCzFQ oE4wOjERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1 YWwgQ0EgdjICEAl22IQ7PgXeg0+yzE5sfsYwbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQME ASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAxkMHnjn6/ 7ELQK2OL9SEIGJikia7udB78zr+KJDxWFff+2OY6WiLMpwT6JWgjywM5zooztPZgg8EMcNrp cfbE4GTr/ZFP/fKYR+Ssa6iinKYbvfMbUB7/f872QR0G1euzAPUZRSnwF4FyoHiHHWD5giVa nmXWrP0O2gE+pYbnXsrpqCBD+25hVffyeAgLRTdde5+NYiODrlyKxv1HQ632konEDWkMBWBv 4ZFE/EQe417BkK8Yc2Ot8tYYlTJS9ILzmUZVmMjhGinzD1n8QzYx5jbetSU8sQsdFdXbqfwS kJfuYhEUxdeUhz8Ke//C86EmRrW7mfbmuR77ZrdMU06JAAAAAAAA --------------ms080903070605030306040606-- From nobody Sat Nov 19 18:33:28 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E604129488 for ; Sat, 19 Nov 2016 18:33:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.697 X-Spam-Level: X-Spam-Status: No, score=-5.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CuTt77Uyxe4J for ; Sat, 19 Nov 2016 18:33:26 -0800 (PST) Received: from mxout23.cac.washington.edu (mxout23.cac.washington.edu [140.142.32.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5EE3129400 for ; Sat, 19 Nov 2016 18:33:25 -0800 (PST) Received: from hymn03.u.washington.edu (hymn03.u.washington.edu [140.142.9.111]) by mxout23.cac.washington.edu (8.14.4+UW14.03/8.14.4+UW16.03) with ESMTP id uAK2X11P010455 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 19 Nov 2016 18:33:02 -0800 Received: from hymn03.u.washington.edu (localhost [127.0.0.1]) by hymn03.u.washington.edu (8.14.4+UW14.03/8.14.4+UW16.03) with ESMTP id uAK2WxOe027291; Sat, 19 Nov 2016 18:32:59 -0800 Received: from localhost (Unknown UID 24282@localhost) by hymn03.u.washington.edu (8.14.4+UW14.03/8.14.4+Submit-local) with ESMTP id uAK2WwK1027288; Sat, 19 Nov 2016 18:32:58 -0800 X-Auth-Received: from [73.140.18.44] by hymn03.u.washington.edu via HTTP; Sat, 19 Nov 2016 18:32:58 PST Date: Sat, 19 Nov 2016 18:32:58 -0800 (PST) From: Tom Henderson To: Gonzalo Camarillo In-Reply-To: Message-ID: User-Agent: Web Alpine 2.01 (LRH 1302 2010-07-20) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Content-Transfer-Encoding: 8BIT X-PMX-Version: 6.2.1.2493963, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.11.20.22427 X-PMX-Server: mxout23.cac.washington.edu X-Uwash-Spam: Gauge=IIIIIIII, Probability=8%, Report=' HTML_00_01 0.05, HTML_00_10 0.05, SUPERLONG_LINE 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_2000_2999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, DATE_TZ_NA 0, IN_REP_TO 0, LEGITIMATE_NEGATE 0, LEGITIMATE_SIGNS 0, MSG_THREAD 0, MULTIPLE_REAL_RCPTS 0, NO_CTA_URI_FOUND 0, NO_URI_FOUND 0, NO_URI_HTTPS 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CC_NAME 0, __CC_NAME_DIFF_FROM_ACC 0, __CC_REAL_NAMES 0, __CP_NOT_1 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_CC_HDR 0, __HAS_FROM 0, __HAS_MSGID 0, __IN_REP_TO 0, __MIME_TEXT_ONLY 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MIME_VERSION 0, __NO_HTML_TAG_RAW 0, __SANE_MSGID 0, __SUBJ_ALPHA_NEGATE 0, __TO_MALFORMED_2 0, __TO_NAME 0, __TO_NAME_DIFF_FROM_ACC 0, __TO_REAL_NAMES 0, __USER_AGENT 0' Archived-At: Cc: HIP Subject: Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Nov 2016 02:33:27 -0000 Gonzalo, I have reviewed HIP DEX again and believe it is ready to publish, although I spotted a few minor items below that can be handled in the next revision. - Tom Editorial/minor: Section 1: The numbered list is somewhat tersely written and may be hard to interpret by the newcomer to HIP specifications. Consider to elaborate more (using fuller sentences and not sentence fragments). e.g.: "Forfeit of Perfect Forward Secrecy with the dropping of an ephemeral Diffie-Hellman key agreement." could be "Forfeit of the HIPv2 Perfect Forward Secrecy property due to the removal of the HIPv2 ephemeral Diffie-Hellman key agreement." Section 1.1, spell out 'DoS' first time usage Section 4.1: "Note that x and y each constitute half the final session key material." (change to 'half of the') The figure in 4.1 does not have a caption, and also, why is 'mac' lowercased? Sec 4.1.3.1: "Since only little data is protected by this SA" (perhaps s/little/a small amount/) Sec. 5.2.4: "The following new HIT Suite IDs are defined..." (s/IDs are/ID is/ because there is only one defined) Sec. 6.3: "sort(HIT-I | HIT-R) is defined as the network byte order concatenation of the two HITs... comparison of the two HITs interpreted as positive (unsigned) 128-bit integers in network byte order" what does it mean to define a sort on a network byte order concatenation? It seems perhaps clearer to leave endian issues out (they are implicit everywhere in a protocol) and just define it as a comparison on HITs interpreted as unsigned 128-bit integers (and by the way, is the full 128 bits including prefix included or just the 96 bits)? Sec. 6.5 through 6.8: Unlike much of this draft, these sections do not just specifically call out the differences from the corresponding RFC 7401 sections, but instead restate the modified processing flow, and it is hard to spot what is different here. I wonder whether it would be clearer to just refer to those processing steps in RFC 7401 that are changed. Sec. 8: Can a MITM reply to I1 with ICMP parameter problem, causing the true response (coming later) to be ignored because the initiator already gave up? Maybe clarify here or in sec 5.4 to wait a little while before accepting the result of an ICMP. Sec. 10: Consider to update the IANA section in the style that RFC 8003 (and others) used, stating the history of the registry and what exactly is requested to be changed. For example, something like "RFC 5201 and later RFC 7401 established the following registry .... This document defines the following new codepoints for that registry ..." From nobody Sun Nov 20 00:27:13 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6CE9129413 for ; Sun, 20 Nov 2016 00:27:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.221 X-Spam-Level: X-Spam-Status: No, score=-104.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R1dkfDy96jPh for ; Sun, 20 Nov 2016 00:27:09 -0800 (PST) Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D983129410 for ; Sun, 20 Nov 2016 00:27:07 -0800 (PST) X-AuditID: c1b4fb30-57fff70000001942-3c-58315e598796 Received: from ESESSHC020.ericsson.se (Unknown_Domain [153.88.183.78]) by (Symantec Mail Security) with SMTP id BB.D8.06466.95E51385; Sun, 20 Nov 2016 09:27:06 +0100 (CET) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (153.88.183.145) by oa.msg.ericsson.com (153.88.183.78) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 20 Nov 2016 09:27:04 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.onmicrosoft.com; s=selector1-ericsson-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yoNgMt9sCef6HMtxY91gPaX/mYkgpOEnilkgmKKxM84=; b=GCux+AZd7GLCyDhjm4ozD5RLJoMFyJPK4h/wIlDsEVVC4SVEyzoDEck0WO3fNYy4jKqxoc1iMO4ZyOe2mzJP0d7+hn7tC/SyFeWCCa0TJDOsVPXGN1hC7zQXvR/cY0vCXPC4EV3e2nnocBNDZcmSb3P57HLdyalu3G2sJa/5dTE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=gonzalo.camarillo@ericsson.com; Received: from [172.19.248.163] (64.88.227.140) by DB4PR07MB0637.eurprd07.prod.outlook.com (10.141.43.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.2; Sun, 20 Nov 2016 08:26:58 +0000 To: Tom Henderson References: From: Gonzalo Camarillo Message-ID: <55b8c081-e99b-17bb-defe-54f4439e2ad8@ericsson.com> Date: Sun, 20 Nov 2016 10:26:36 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [64.88.227.140] X-ClientProxiedBy: DM5PR17CA0029.namprd17.prod.outlook.com (10.173.128.143) To DB4PR07MB0637.eurprd07.prod.outlook.com (10.141.43.152) X-Microsoft-Exchange-Diagnostics: 1; DB4PR07MB0637; 2:MQfso4Cq9N/eQPxYgLexP5Oj7FL00fHYrrSU/1RQR8haDUXlA1oMin9C/oYQRM7MVdi6VVs6GZyeZZC3NN58MlFFYZbH9a0dz6qBIr2A6FxWJCcSGelh8ii3F2NPMKp3Sb8qPCMr5y0z2y97hTLXy2Z0H7U7Z3YuYLHfDetJjDw=; 3:975uO3IUvwwCGY2LHmoSEacjyvENSdT4R5o7LZpWZ/Q0j3flGiZCZWonJhkG0sfcDcB8M5dS/tA9/KAAqoKqwiFBKiTl4P/gdU2s6I7KBGyt7CM9i1YAHSo9+g5p3LJkqCD7FWLAHNd46oPluCSFmB7P+YpwvXqIWeAPHHFpjGw= X-MS-Office365-Filtering-Correlation-Id: c461887b-6b44-4dd3-2901-08d4111f01d0 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:DB4PR07MB0637; X-Microsoft-Exchange-Diagnostics: 1; DB4PR07MB0637; 25:FmP7fJszj1oB70U53rDgScBFtX1+6893ndj6XcHiH8ceocQ2+dlrRYkg6V7g+J5nVCw4lpf9HXDs1LuW1Xpwqai98l0c6i2ERuJMH+WS3RwUnhQ0Bnh9DiIL4PtV0ErL45G1EPJ9F+1lVV+DWSkK4B7Er8wSqNexlJ0nTR4tmkkTF00J78lU8rHHuvXF+MUp8Wx6O9Sv6k6GDk7k+Oaowh7axIvayAtru0bOtMf5kueA37TLqT1NUHmAyJor4vR/0HFMFlM38IqGgxP3kU17//AjdvQ5hkq85DyIXUZLygv0DlWm3cav4GLdZvk8q3lHGyr5ELpVFYfDfNGHcK2JcGqL1w1WsqhhZ8/3DYXhGfN82UhRlNI3ixoB9SRWYKRH72DiVbx2d5EENb3u0xcm3gLNGopOVi2K789eBnmyKIxKu82jfnQ39rNTWEKdnghUN2whNQW+6swzucXY2iUk7eIH0k4Ps46G1Hd4YvRGe7R+C6EXaJnOW7PmhvjgQLoTR0svA62YzxUopeo/i2NrpMBm78tz7c7HFb57KPrbcGGZhd4FMh/MZJJL7jcvcPntTMNl+EFNYxnfrBs8HVbYcwdx7X6pzq6iItFenETO7L25ind5XIQn7I8+wjqIfxRXoWe81RZaL1V6mI/w9Nren6evPoyMR7mD243dhgq1Y+9hrS2Bgzg4JLkDIkDJFB/FEJPJqCfzt6yysZf3qHj5aXWHEynoDvRf2/tDJT9Ez/ieN0sbcS/PdDUrmSxTtenPx5WNAi+QMCR6oFJhD8xzcAeyhri4HLC3DA3WLhZ07Gw= X-Microsoft-Exchange-Diagnostics: 1; DB4PR07MB0637; 31:LsLGgUtJ7xJjY10WpnfHKQAtu9UPiUErmUhPw7OI+dBaTsA4I81s69dA0Z+se+2ixXRBPXH28SYkKr0PYe1UmItnbTHAhRksEtUM8ZYBW89/u0oEPEwnw7TYu+eSgkc/O+72pJ1tLPMyC3FpypcZ4sn/o7kENSWyqYcw+eSsU6doLQe0gx/L5DwFFzdEcUAxAqxd28tpqvCpcguT8uP9zJLoFxTXR/nlHxXSETr6l1YUFOcg4o+C/WsiKRkhYftAvqkAPnaYbdp+43jzoNtUHw==; 20:SHpzT8Th18PTSmcqFbNHkqqqvJHz57h9XS905Bbg8O087Bff9//yC0YcfRtSz6b5R4V3uBYq5lTIibhaLthkNyC1jBdJgleNQiSsuC4kj75CtNRbJurltxKvRUy9IP7giClebpcYpw3RqeDv3Ldm3b3S4xvjklhovNp7vdoQJ8nislj1MErN3SVpttS9ZQAz16h8mSUoCmAt3yFWLyinyY79BshpuqqH35KxhK3/sIs+hpzbdXxhujQoibvt80sZfM9cX8crEKUvyIzmpezm36Oa+5XLWax5eDWBJjKmd6kM9bwV7pi1k0VtgQ02GcmEkWwK8/QPCR1yVy/oYitHk7Pe9OLUM5/RGbO8Irc9D1J5aIRBbvr3tJEcGoy0okkptyGP58JrPlCwep8aKZwx6Pu6lNlVWQp13kA6mpPm4qSV2YRayy5VOD2F3KinsfaT+RZXn/L/G3NX04zBkxu7wrYyzbcAsuexmulu7ToVq30uiGNWgF5lB08/9CAMlNGr X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6060326)(6040307)(6045199)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6061324)(6041248); SRVR:DB4PR07MB0637; BCL:0; PCL:0; RULEID:; SRVR:DB4PR07MB0637; X-Microsoft-Exchange-Diagnostics: 1; DB4PR07MB0637; 4:WL5vpzC9rUogek1D3h/0tkKkSAbisv73csRUK4l/Ai9bI1qujGZYM1AhBMAMCKQDED2C9jb5ixZFUYFUv1E3c0zOjloPojC0p2G+IaTonayG/yE8CyRtMkhHNhkKvokt3O71QNk+plu9fV0bE3PD2StY+h4dzKMqbogmzFbkVhs4XmJ6QGzejHgMOFzYmZ03h4guHtxR5ukeDPKeKPa1Pq0OEvTf/OE5CaeDXwPTcD9sTE3k1yYaEwkHeC/2k9QNQ9jxTca+o+Yo3ZaLxQBpmnV7KOXg/ALNmYrPVVe1gE/sOilXWIkjbU3qfCkDv/5BxeNF7oZK04SGnNNns7sTKeVQZxiS7WlsE+GpiC+Jgp9tx/tKm/Y5VE4C/i4OkMavAeaLHSNn2YAIET0gaVTMkPQxfHJh6XtF7VxvoPTp6m8RRNMog/fd2SOuZSLhKHjrCMYStnmY7bbTe2ys/0YUmz/2t5+A2lsvi3BOjTk0oAY= X-Forefront-PRVS: 0132C558ED X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(199003)(24454002)(377454003)(189002)(50466002)(7846002)(68736007)(229853002)(8676002)(7736002)(81156014)(230783001)(81166006)(305945005)(2950100002)(230700001)(33646002)(23746002)(77096005)(92566002)(5660300001)(64126003)(38730400001)(8666005)(65826007)(110136003)(101416001)(6666003)(31696002)(6916009)(76176999)(4001350100001)(50986999)(65806001)(66066001)(97736004)(65956001)(42186005)(54356999)(31686004)(105586002)(47776003)(2906002)(2171001)(36756003)(3846002)(6116002)(4326007)(189998001)(83506001)(106356001)(86362001)(7099028)(7059030); DIR:OUT; SFP:1101; SCL:1; SRVR:DB4PR07MB0637; H:[172.19.248.163]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1; DB4PR07MB0637; 23:PHP+u864Jx0RBvFWTgN61FkF5lNaZY2euE9tF?= =?Windows-1252?Q?wWSt9Y+Vyna0X0SSE9jU6qZ1WgRgt9eIVJUxwN7uVqjATXjp9gio8km0?= =?Windows-1252?Q?7inbDy8yTE26rf0Ah4UAxJOolDmHnwn49qE/YlwV5sNdEnDmAXKk11HM?= =?Windows-1252?Q?EoDosqZFthOZNICnAfIq3ctM9BJMq0Jy5uzLeSa+JXw3dFXdjEkpQplE?= =?Windows-1252?Q?B/VScLsJ4ocuJ8f49K5UzRR5mbQDfpfFqglioaadXfhbioRfNJLghd+y?= =?Windows-1252?Q?g/E0IB9p97j/Y+aeAruST9jd67XRMzVU0h+aktTgmzd72eKFe//NKllG?= =?Windows-1252?Q?wgD9jl2SpnnTJ7p+IK2gHLisMfqIXwofUQLriOQAWkqXo7nw1HIWBFyD?= =?Windows-1252?Q?HA0uM5DdcLMLzhe15g8YiLRRrc1cBQR2VCrlKc6TL9Ko9o8AoMMIkt4j?= =?Windows-1252?Q?WujShcAb0qi/477ggKd/Whh2wbJr0RCOhP5ouUm3QBgLTISzhT11WQSL?= =?Windows-1252?Q?5fb3T1fS5+iDEquOkPhz9d8e73CGf7rnUkbykCeprEJOmm7rc/ATfZg0?= =?Windows-1252?Q?2XyQDfSq9EiBjsHLZsYpxY+3jhzOj926FiTogB+2t9ksPiUinwCm2jMI?= =?Windows-1252?Q?URGaJmXxOb8dhuGdvr4JJgwcLJoZsHkCMS2rlbexkk7NixIeqanGhcyr?= =?Windows-1252?Q?Vv61um5ZZ3fXcOUg6JT9UzkxntGagwNnKDZT1HD/UzLbNOdFPt1ZNEAI?= =?Windows-1252?Q?MpN8lKrtnzfM90OOKikTcDxqQ0jf6pRKtyNGpbiorqkmlyMY+X7qGicv?= =?Windows-1252?Q?zFPXzp70jJOUkrsqIOx4bOe24mVO/Wz2lI6KDfWKwcmzSZzS88unW0td?= =?Windows-1252?Q?CDJcc+ANggu531XPYQfTJm/o6WVaPVApNFaios9MXxWZZZd0ejfmWhAS?= =?Windows-1252?Q?RdMs7FoS7iqwS8DcKj2s9K0Nbg+BcuvLTWbNxemVPZyyg0ASMJmaA6lT?= =?Windows-1252?Q?L9HqInPfUF0jPyM0xPwpopHaMh7NhvZZQpEAFvEKisMN9rWU3ok5qGk1?= =?Windows-1252?Q?UlWKyRgXq3/3EGcm83rZ2XxbkrJwQ3tsI8+azo6+St51uogOyh1dyARG?= =?Windows-1252?Q?cNeFeFYiCGQ9wNneC+j408tHJ/c+GCOM1iSJNmYsaYUM6skufG/LWrh6?= =?Windows-1252?Q?n/RA3zO/4x0AuotR2c0jxOLKkRqwkz33/FnHVVPPi8MZquxA1H3DVsP/?= =?Windows-1252?Q?vZCVf2hSyGkxHqnI0j9B3MHuazm7YRCpCgiOqPCkBXbn46140pEPBWYl?= =?Windows-1252?Q?9NiSozu3LuHaUAR2kv/O1ZFPtHjPBhWEPWuMKd9/SdB8p7E7fyjlmkUl?= =?Windows-1252?Q?NG3dTbL1OmOO7rfhuG0lfIaNG/QNTcogrsWlYp64hYA2d8PfIafSb8N1?= =?Windows-1252?Q?IJjP0AaMPew4Mr0k9a64oFp2xfNsNI+b2hhZiYqZ9cCkIfWWIj22dGP8?= =?Windows-1252?Q?lDmFv1EYcVaQfc7YIzJsGeQPpDe?= X-Microsoft-Exchange-Diagnostics: 1; DB4PR07MB0637; 6:7KpwWGTu7TkaDDwvlm6BnRKsn791uIpxe6f2Ly6D5ZGAn2QErfjZgFtVeWS9CVHcFM3MEldZJu+zlopHZQqOX2G1XH0srEQnP6F9XbGhEolcirVaTyf8no/SsIdv2CxCeqqIUAoIko5F0XwaEphVx5+KxZ3W2WCz/TGU4dtzJQQYmf4312hhiWGdzVIOP9le9MafCTC2wNfxMDdPWG24LmOL4aZw1zAo99Ho+hjtTbQchbG04q2TOsntUoO1j2uniXTmSRF9OMdy3WBzJz3V8ApWNVHp9z2hkjtsSiv870i72zsHoWSqp4+v4nlOOW5wFl6SaL6+Jz+xReBvpo2GPtwvl6xi6oCPEld74L0skEs=; 5:IKWtisskWKdkBH5eB3+A5nn2364oxwvEYePPlRqSXHnmkwbJOxjuDptUj00kSXvewulwYELjIVrcMWKgrvO2PgIfXzSnxfYEI7ZFPCN88MJdri7y/LysURnDU/x6cz/lazvwMxbfF6TuwsS2k1dl6w==; 24:HvWmi5FoWqfVM4Yql3nyyVXUCCDUX2dqrNwZlz+yyqwOo4N/KJF55RwvMIaRB9Vq94AlXVydwsz6iO+B/UdIFY1l8e52JeIrssueiUwre24= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DB4PR07MB0637; 7:IpotbdINYpEIEQIQWYyKVFh200VcqXyPcSDitMcMVo4nSKWkbKaHfTnQQqQvt2UFnQKuak9QLu7OE49cYcn8PUGLiX1pUn3tvArSJ/MusXdNXWuVXaLJbsszA6XGvSzxJheDFtaob58jlMnpTsC7/QQCUMCr0TlZTYJgcsIWOK5OzAaXyrM9ReSHcEyNvcGaKQZJHX3H1HG3POQJDYgFrNZFKJMFQ9iDGUdfC1Io12n2B/ygFQx9+4bbL6BDd/Ado/JG3Yzq6MMq69x/qex/T1rCMHQqPzJbOFSZ8ulUJkfE62W7QpDerUbzYMuDvnEulpXsN+TGrnVIcLl3aMebOT28hPPfzXJ6CUZ09igd35M= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Nov 2016 08:26:58.2666 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR07MB0637 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFIsWRmVeSWpSXmKPExsUyM2K7n25UnGGEweoHzBZTF01mtph5/iCb A5PHkiU/mTxarscEMEVx2aSk5mSWpRbp2yVwZXReucpYcFm8YuqFduYGxitCXYycHBICJhLb v+5kB7GFBNYxSnxqT4CwTzBKLO9R6GLk4mAR6GWWmDljIRtIglEgUeLvvbdsIAkhgX+MEr0b tzKCJIQFDCXap7SDFYkI6EhcerGFFWKSp8S1F/uZQGxmAUmJ5Zt+gdWwCVhIbLl1nwXE5hWw l7j4oxeshkVAVWLSoTtgcVGBGInrzx6xQdQISpyc+QQszingJbHpKkQvs4CBxJFFc1ghbHmJ 7W/nMEN8pihx9E0zE8ihEgIdjBIXPv5jgThIW2L5sxYWiEQ/s0TP7A6oDl+JjfPnMsHYjx4c gip6yCax4lIPO4RzkU1i8rPDjBBV2RJLP7+B6taSWHf1I5R9h1Hi7k47iIYFLBK7W06yQiRk JE6t/wQ16TWrxKTNc5kmMGrNQvLgLCRPzULy1AJG5lWMosWpxUm56UZGeqlFmcnFxfl5enmp JZsYgSni4JbfBjsYXz53PMQowMGoxMNbcNMgQog1say4MvcQowQHs5IIr2mkYYQQb0piZVVq UX58UWlOavEhRmkOFiVxXrOV98OFBNITS1KzU1MLUotgskwcnFINjCqcOzdP7Mg6f+DvrO3O gleXH7/KFazowOJZ9tY4XKjTofX8nu4Yga9bg7ZWRony+EbPdp62SaTK6MHp5luzNLIMZX4w qq78fmNDvZzdwpK5JnllT34d11lgVeKY/WLjuY/MtS+9Wzeu6PjwweCHwPPGo+x7DvLse1Wn Z+ebd3GF7YUri3+r+CqxFGckGmoxFxUnAgDM59eYDQMAAA== Archived-At: Cc: HIP Subject: Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Nov 2016 08:27:12 -0000 Hi Tom, thanks. Your comments seem to be the only one we got on this draft during the WGLC. Authors, could you please revise the draft in order to address these comments? Thanks, Gonzalo On 20/11/2016 4:32 AM, Tom Henderson wrote: > Gonzalo, I have reviewed HIP DEX again and believe it is ready to > publish, although I spotted a few minor items below that can be handled > in the next revision. > > - Tom > > Editorial/minor: > > Section 1: The numbered list is somewhat tersely written and may be > hard to interpret by the newcomer to HIP specifications. Consider to > elaborate more (using fuller sentences and not sentence fragments). e.g.: > > "Forfeit of Perfect Forward Secrecy with the dropping of an ephemeral > Diffie-Hellman key agreement." could be > "Forfeit of the HIPv2 Perfect Forward Secrecy property due to the > removal of the HIPv2 ephemeral Diffie-Hellman key agreement." > > Section 1.1, spell out 'DoS' first time usage > > Section 4.1: "Note that x and y each constitute half the final session > key material." (change to 'half of the') > > The figure in 4.1 does not have a caption, and also, why is 'mac' > lowercased? > > Sec 4.1.3.1: "Since only little data is protected by this SA" (perhaps > s/little/a small amount/) > > Sec. 5.2.4: "The following new HIT Suite IDs are defined..." (s/IDs > are/ID is/ because there is only one defined) > > Sec. 6.3: "sort(HIT-I | HIT-R) is defined as the network byte order > concatenation of the two HITs... comparison of the two HITs interpreted > as positive (unsigned) 128-bit integers in network byte order" what > does it mean to define a sort on a network byte order concatenation? It > seems perhaps clearer to leave endian issues out (they are implicit > everywhere in a protocol) and just define it as a comparison on HITs > interpreted as unsigned 128-bit integers (and by the way, is the full > 128 bits including prefix included or just the 96 bits)? > > Sec. 6.5 through 6.8: Unlike much of this draft, these sections do not > just specifically call out the differences from the corresponding RFC > 7401 sections, but instead restate the modified processing flow, and it > is hard to spot what is different here. I wonder whether it would be > clearer to just refer to those processing steps in RFC 7401 that are > changed. > > Sec. 8: Can a MITM reply to I1 with ICMP parameter problem, causing the > true response (coming later) to be ignored because the initiator already > gave up? Maybe clarify here or in sec 5.4 to wait a little while before > accepting the result of an ICMP. > > Sec. 10: Consider to update the IANA section in the style that RFC 8003 > (and others) used, stating the history of the registry and what exactly > is requested to be changed. For example, something like "RFC 5201 and > later RFC 7401 established the following registry .... This document > defines the following new codepoints for that registry ..." > From nobody Mon Nov 21 21:34:36 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22716129471 for ; Mon, 21 Nov 2016 21:34:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.698 X-Spam-Level: X-Spam-Status: No, score=-5.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MeCxoXBVUd5N for ; Mon, 21 Nov 2016 21:34:32 -0800 (PST) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACA68129439 for ; Mon, 21 Nov 2016 21:34:32 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id F13246229E; Tue, 22 Nov 2016 00:34:30 -0500 (EST) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id eLYrO5JxmYtI; Tue, 22 Nov 2016 00:34:15 -0500 (EST) Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id DC87F62298; Tue, 22 Nov 2016 00:34:14 -0500 (EST) To: Gonzalo Camarillo , Tom Henderson References: <55b8c081-e99b-17bb-defe-54f4439e2ad8@ericsson.com> From: Robert Moskowitz Message-ID: Date: Tue, 22 Nov 2016 00:34:07 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <55b8c081-e99b-17bb-defe-54f4439e2ad8@ericsson.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Cc: HIP Subject: Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Nov 2016 05:34:35 -0000 I will start on it Tuesday. Bob On 11/20/2016 03:26 AM, Gonzalo Camarillo wrote: > Hi Tom, > > thanks. Your comments seem to be the only one we got on this draft > during the WGLC. Authors, could you please revise the draft in order to > address these comments? > > Thanks, > > Gonzalo > > On 20/11/2016 4:32 AM, Tom Henderson wrote: >> Gonzalo, I have reviewed HIP DEX again and believe it is ready to >> publish, although I spotted a few minor items below that can be handled >> in the next revision. >> >> - Tom >> >> Editorial/minor: >> >> Section 1: The numbered list is somewhat tersely written and may be >> hard to interpret by the newcomer to HIP specifications. Consider to >> elaborate more (using fuller sentences and not sentence fragments). e.g.: >> >> "Forfeit of Perfect Forward Secrecy with the dropping of an ephemeral >> Diffie-Hellman key agreement." could be >> "Forfeit of the HIPv2 Perfect Forward Secrecy property due to the >> removal of the HIPv2 ephemeral Diffie-Hellman key agreement." >> >> Section 1.1, spell out 'DoS' first time usage >> >> Section 4.1: "Note that x and y each constitute half the final session >> key material." (change to 'half of the') >> >> The figure in 4.1 does not have a caption, and also, why is 'mac' >> lowercased? >> >> Sec 4.1.3.1: "Since only little data is protected by this SA" (perhaps >> s/little/a small amount/) >> >> Sec. 5.2.4: "The following new HIT Suite IDs are defined..." (s/IDs >> are/ID is/ because there is only one defined) >> >> Sec. 6.3: "sort(HIT-I | HIT-R) is defined as the network byte order >> concatenation of the two HITs... comparison of the two HITs interpreted >> as positive (unsigned) 128-bit integers in network byte order" what >> does it mean to define a sort on a network byte order concatenation? It >> seems perhaps clearer to leave endian issues out (they are implicit >> everywhere in a protocol) and just define it as a comparison on HITs >> interpreted as unsigned 128-bit integers (and by the way, is the full >> 128 bits including prefix included or just the 96 bits)? >> >> Sec. 6.5 through 6.8: Unlike much of this draft, these sections do not >> just specifically call out the differences from the corresponding RFC >> 7401 sections, but instead restate the modified processing flow, and it >> is hard to spot what is different here. I wonder whether it would be >> clearer to just refer to those processing steps in RFC 7401 that are >> changed. >> >> Sec. 8: Can a MITM reply to I1 with ICMP parameter problem, causing the >> true response (coming later) to be ignored because the initiator already >> gave up? Maybe clarify here or in sec 5.4 to wait a little while before >> accepting the result of an ICMP. >> >> Sec. 10: Consider to update the IANA section in the style that RFC 8003 >> (and others) used, stating the history of the registry and what exactly >> is requested to be changed. For example, something like "RFC 5201 and >> later RFC 7401 established the following registry .... This document >> defines the following new codepoints for that registry ..." >> > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From nobody Mon Nov 21 21:34:56 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91C65129512 for ; Mon, 21 Nov 2016 21:34:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.698 X-Spam-Level: X-Spam-Status: No, score=-5.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HPkRj4oiIzHn for ; Mon, 21 Nov 2016 21:34:51 -0800 (PST) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58D6F129471 for ; Mon, 21 Nov 2016 21:34:51 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id D088662132; Tue, 22 Nov 2016 00:34:47 -0500 (EST) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 3E0HVxl8MuTf; Tue, 22 Nov 2016 00:34:43 -0500 (EST) Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 045BC60758; Tue, 22 Nov 2016 00:34:41 -0500 (EST) To: Tom Henderson , Gonzalo Camarillo References: From: Robert Moskowitz Message-ID: Date: Tue, 22 Nov 2016 00:34:41 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Cc: HIP Subject: Re: [Hipsec] WGLC: draft-ietf-hip-dex-04 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Nov 2016 05:34:55 -0000 Oh, And Tom, thanks for the solid review. Bob On 11/19/2016 09:32 PM, Tom Henderson wrote: > Gonzalo, I have reviewed HIP DEX again and believe it is ready to > publish, although I spotted a few minor items below that can be > handled in the next revision. > > - Tom > > Editorial/minor: > > Section 1: The numbered list is somewhat tersely written and may be > hard to interpret by the newcomer to HIP specifications. Consider to > elaborate more (using fuller sentences and not sentence fragments). > e.g.: > > "Forfeit of Perfect Forward Secrecy with the dropping of an ephemeral > Diffie-Hellman key agreement." could be > "Forfeit of the HIPv2 Perfect Forward Secrecy property due to the > removal of the HIPv2 ephemeral Diffie-Hellman key agreement." > > Section 1.1, spell out 'DoS' first time usage > > Section 4.1: "Note that x and y each constitute half the final > session key material." (change to 'half of the') > > The figure in 4.1 does not have a caption, and also, why is 'mac' > lowercased? > > Sec 4.1.3.1: "Since only little data is protected by this SA" > (perhaps s/little/a small amount/) > > Sec. 5.2.4: "The following new HIT Suite IDs are defined..." (s/IDs > are/ID is/ because there is only one defined) > > Sec. 6.3: "sort(HIT-I | HIT-R) is defined as the network byte order > concatenation of the two HITs... comparison of the two HITs > interpreted as positive (unsigned) 128-bit integers in network byte > order" what does it mean to define a sort on a network byte order > concatenation? It seems perhaps clearer to leave endian issues out > (they are implicit everywhere in a protocol) and just define it as a > comparison on HITs interpreted as unsigned 128-bit integers (and by > the way, is the full 128 bits including prefix included or just the 96 > bits)? > > Sec. 6.5 through 6.8: Unlike much of this draft, these sections do > not just specifically call out the differences from the corresponding > RFC 7401 sections, but instead restate the modified processing flow, > and it is hard to spot what is different here. I wonder whether it > would be clearer to just refer to those processing steps in RFC 7401 > that are changed. > > Sec. 8: Can a MITM reply to I1 with ICMP parameter problem, causing > the true response (coming later) to be ignored because the initiator > already gave up? Maybe clarify here or in sec 5.4 to wait a little > while before accepting the result of an ICMP. > > Sec. 10: Consider to update the IANA section in the style that RFC > 8003 (and others) used, stating the history of the registry and what > exactly is requested to be changed. For example, something like "RFC > 5201 and later RFC 7401 established the following registry .... This > document defines the following new codepoints for that registry ..." > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From nobody Thu Nov 24 00:32:20 2016 Return-Path: X-Original-To: hipsec@ietf.org Delivered-To: hipsec@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 20E6E1295BC; Thu, 24 Nov 2016 00:32:16 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.38.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <147997633613.2546.2113430680233289739.idtracker@ietfa.amsl.com> Date: Thu, 24 Nov 2016 00:32:16 -0800 Archived-At: Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Nov 2016 08:32:16 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename : draft-ietf-hip-native-nat-traversal-14.txt Pages : 51 Date : 2016-11-24 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Nov 24 02:37:44 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92FE0129A22 for ; Thu, 24 Nov 2016 02:37:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.221 X-Spam-Level: X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eR5cM_K9E4Lp for ; Thu, 24 Nov 2016 02:37:41 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55A001299E3 for ; Thu, 24 Nov 2016 02:37:41 -0800 (PST) X-AuditID: c1b4fb25-adbff70000007ee2-4f-5836c2f21b38 Received: from ESESSHC010.ericsson.se (Unknown_Domain [153.88.183.48]) by (Symantec Mail Security) with SMTP id ED.FC.32482.2F2C6385; Thu, 24 Nov 2016 11:37:39 +0100 (CET) Received: from [131.160.51.186] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.50) with Microsoft SMTP Server id 14.3.319.2; Thu, 24 Nov 2016 11:37:38 +0100 To: References: <147997633613.2546.2113430680233289739.idtracker@ietfa.amsl.com> From: Miika Komu Organization: Ericsson AB Message-ID: Date: Thu, 24 Nov 2016 12:37:38 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <147997633613.2546.2113430680233289739.idtracker@ietfa.amsl.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms090903010704070809060301" X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrGLMWRmVeSWpSXmKPExsUyM2K7ge7nQ2YRBpsPyllMXTSZ2YHRY8mS n0wBjFFcNimpOZllqUX6dglcGUs+TWYumOtW8WvGJJYGxgP2XYwcHBICJhLv98t3MXJxCAms Y5TYNXECI4SzhlHizdb1TCBFwgI+Er/6JbsYOTlEBEQlpnw4zQxiCwGF/895zg5iswloSay6 cx0szi8gKbGhYTeYzStgL3H9xUU2EJtFQFXi8tujYLaoQITEpq9zWCBqBCVOznwCZnMK+Er8 27iBCeQGZoFuoBveTmUEuUFIQEXi4rHgCYz8s5C0zEJWBpJgFjCTmLf5ITOErS2xbOFrKNta Ysavg2wQtqLElO6H7BC2qcTrox+heo0llq37y7aAkWMVo2hxanFSbrqRsV5qUWZycXF+nl5e askmRmCIH9zyW3UH4+U3jocYBTgYlXh4P6wzjRBiTSwrrsw9xKgCNOfRhtUXGKVY8vLzUpVE eP0OmkUI8aYkVlalFuXHF5XmpBYfYpTmYFES5zVbeT9cSCA9sSQ1OzW1ILUIJsvEwSnVwFj1 SLXJ2n7t03UuMaclBbL13gd3PM/j5N/Jd+1Z6XevGRu00kQ/Zv22rJwh+vinQ4pJidyP37Vu S1T5E+IWCIkUVUWdFZePPtGi5ud/mLNh74ebW2Xj7cXlXx2VszOwubXojlxpqGpS+JXtd+/b cajZc19+5nLugFvMfOm/LpHlimm+87hTlFiKMxINtZiLihMBFG9RJ3kCAAA= Archived-At: Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Nov 2016 10:37:43 -0000 --------------ms090903010704070809060301 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi, I read the latest version of the ICE specs. Based on this, I included=20 more details on ICE processing to the HIP NAT traversal draft. A quick=20 summary of the changes: * Introduced more details from ice-bis draft * New terminology * Aligned connectivity check procedure to match with ICE (3-way check = is now 4-way) * Ta minimum value is now 5 ms (according to ICE bis) * 4.9 Handoff: first update HIP relay to in order learn new server=20 reflexive locators * New sections: * 4.6.3. Rules for Concluding Connectivity Checks * 6.6. Amplification attacks (new section) * 6.7. Attacks against Connectivity Checks and Candidate Gathering= * Appendix C. Differences to ICE * Appendix D. Differences to Base Exchange and UPDATE procedures * 7. IANA Considerations: added UNSAF considerations (references ICE) * updated references (some drafts are now RFCs) Feedback is welcome! For people already familiar with HIP, I'd recommend = reading "the diff to normal HIP" in section=20 https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#append= ix-D On 11/24/2016 10:32 AM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts dire= ctories. > This draft is a work item of the Host Identity Protocol of the IETF. > > Title : Native NAT Traversal Mode for the Host Identi= ty Protocol > Authors : Ari Keranen > Jan Mel=C3=A9n > Miika Komu > Filename : draft-ietf-hip-native-nat-traversal-14.txt > Pages : 51 > Date : 2016-11-24 > > Abstract: > This document specifies a new Network Address Translator (NAT) > traversal mode for the Host Identity Protocol (HIP). The new mode i= s > based on the Interactive Connectivity Establishment (ICE) methodolog= y > and UDP encapsulation of data and signaling traffic. The main > difference from the previously specified modes is the use of HIP > messages for all NAT traversal procedures. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-native-nat-traversal= -14 > > > Please note that it may take a couple of minutes from the time of submi= ssion > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > --------------ms090903010704070809060301 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC DKMwggXlMIIDzaADAgECAhAJdtiEOz4F3oNPssxObH7GMA0GCSqGSIb3DQEBBQUAMDoxETAP BgNVBAoMCEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYy MB4XDTE0MTIxNTEyNDQwMVoXDTE3MTIxNTEyNDQwMFowYjERMA8GA1UECgwIRXJpY3Nzb24x EzARBgNVBAMMCk1paWthIEtvbXUxJjAkBgkqhkiG9w0BCQEWF21paWthLmtvbXVAZXJpY3Nz b24uY29tMRAwDgYDVQQFEwdlbWlpa29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAsf2pgwYbVXxhx+wwvwrS5q56tLoEhnBUsb3JG3KHYATjfQryyJsDfn90YHMl49fXFORD tFO1PPA+QB22yusgCLhjgawckYn3XBzipClxTq1UHxNq01i/RzBotdrVWYMyP4KmsBzsg/vp 0Bu5KjltP6VBGpcOi8juVeXL10uNh4XpnBbaEq2uViZJOH9+mSr0IEgh4y/lEZKnlIGpcy3v lYL4S4Vhm8Ix9X8INveWuTMdo2od1j9fdEJgtv3cg5KN2+h+pI3oN8n5ikv1xs5kaDCYFunL UnMDglkcAT8k1ebqLV0jQUNSlvDCB2hrOzVFPyEycb0ZNbX1AkOTVnlrNwIDAQABo4IBvTCC AbkwSAYDVR0fBEEwPzA9oDugOYY3aHR0cDovL2NybC50cnVzdC50ZWxpYS5jb20vZXJpY3Nz b25ubGluZGl2aWR1YWxjYXYyLmNybDCBggYIKwYBBQUHAQEEdjB0MCgGCCsGAQUFBzABhhxo dHRwOi8vb2NzcDIudHJ1c3QudGVsaWEuY29tMEgGCCsGAQUFBzAChjxodHRwOi8vY2EudHJ1 c3QudGVsaWFzb25lcmEuY29tL2VyaWNzc29ubmxpbmRpdmlkdWFsY2F2Mi5jZXIwIgYDVR0R BBswGYEXbWlpa2Eua29tdUBlcmljc3Nvbi5jb20wVQYDVR0gBE4wTDBKBgwrBgEEAYIPAgMB ARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJh LmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMB0GA1UdDgQWBBQTnHDg 6XexOtdZ/qMkn3QHKZCVZDAfBgNVHSMEGDAWgBSxDcrURrevhgLDL28Gyg52cX9LNzAOBgNV HQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQEFBQADggIBALSVMD6C/sZZz43wJ2r/Hp8BtBigpKc6 CuX60vmkzQ8vGrxeNbPJmkC56FSeGtFo85DtF56xyBd704T18jr1tHTXra8cNP37qABYzgaL aLuGjtqcOnGQY//0ZQfLJBfKJnlJHX9ZB+QFPbhwpOFm9QM2oRYFse0Gjc8LV3WJ0jMUMvZD FyYoZeQ+sak+mObsTRfkR2vsuuB4Elo4MSudCmZqqFUU7gBmp36G2ySJLt/tJlJDld+egJJP 1gXnGkwW2n33Gkcy+SVLj0CSTyy76GibPp72AiuR/wz+GIaCgQ3APVbWXkB3ld4avno+Mq2u 6+2qYphYsmYwIs5SUsh6Zn1OQWNKUtbZbs2z4ALQbA3rHmndI8eLf4z7ZqML6UBzrQjukWi0 6D8yV7OXLz/TzBrp1sdPpNpDVSEWmuC0dJ3Ro8UJOLiO91KtLKwTYOPVlg+u62A5vYN6DVyT nBksz5CpUiVN7x3DDAcjarORQnteoIwBaOeZd/JZJbr900UEOmt9aLXnh8vFZOOx7db0Xccb WO473yOnt/Kr9XX5t2kvFQnNSEI3RkFqM06z+r5WiZd+BhGJPSU80QNOJzzoEXT69DihhWhF pSirFDV6CdUSxKoFD/8qIkB2QXuQUESN0WUBuGy2HOuIqnx+BIR5fGFsaiFEY5pXLHeSvByA b3yTMIIGtjCCBJ6gAwIBAgIRAKAMy8ybmZjs4jpw9HzBwFkwDQYJKoZIhvcNAQEFBQAwNzEU MBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEw HhcNMTQwNTI3MDc0NjIxWhcNMjQwNTI3MDc0NjIxWjA6MREwDwYDVQQKDAhFcmljc3NvbjEl MCMGA1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBDQSB2MjCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBANq6U+tfSJZTn4k46qN13HgaeXXsMmGSWShc6A5IEyFboXMZW3lF Hso+/6uO3ZilvB2ipZJhrhU+RL/va+5Chay/PZq9ZZeE9N03OsHfOzlwk7uwojJ34tHLiX/y QoriI+b5DXxfIYXTFO5zlZLdaIxJwlLEQp0g4/zF6EGtodlpusaH07FAcLiIEeTMPRgXcn+8 GoFOvtuVHNh/WHePlrupUgcI9/P54ITXvmZF6xcNBEjsu8yJm1VqqK0GXSgAmInJ4Ga8S6ME 2wgSBRDolxAUbmfLQRrMvLC/tyXBvuLO8uChdzpIWt3QPtMYm2R2V1Um0zANhenIUwYCKNPq 5/yHaS48jCsOBAU0TIhBnirnZmlEbC6ALqwzGAcQMaMD8LFf1oLlWLUQxEmI4YXqBXdP5XnI cMdIEF5BtUBebzBJMMF9dDB2uj8BeoRPSYbpGl7irYUYFpq4TyocQ7qpHdYASC+NV8VTaTrF nHWqa/CGRdp3GHpkgxfOBvpamOK8udHQYQo2uA3YNd2+j7p4C3jkGG+Z6RrZOskPEwtaIHLx BiA141dhCy5EScOyNajrAXQupsDnvr2ib2ef+4nObPFvedPWIe57lyj0n3e1rTqTGIBIe9wj NnAA6MqeaTS9HchPtBvOrah/cTWzXzGjwMz0P3UJqTQ2r5EAu12/W5kpAgMBAAGjggG4MIIB tDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVzdC50ZWxp YXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlh c29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVw b3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0 dHA6Ly9jcmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5j cmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNV HQ4EFgQUsQ3K1Ea3r4YCwy9vBsoOdnF/SzcwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7 qhfoExIwDQYJKoZIhvcNAQEFBQADggIBAG4HIGyvrHc9kEKyYZtxJn9cv7S2dUxuUiegmAvU GHc+JGJyB2jyX7py9an8CsHAxg3BI3Ku9j0h7DJpXyfrlzmg36XYkNS7Ot0A1UqdjGFrtnII SI+Zj3ywHZudmDF8ktdBihHAjuk47B/Kg/Z8JhUJ37GGx/KxiIiXg5HMTdOl6mlDbJaTIEGa gdRcmH3u57r5snZ+qdVSg5UxWdhgS2+zPru/vDbPd+91zLTj9GejKXFJ6fEAOLW1j2IjJ0cy DI67d1/OzFTwCK8wYbhopK2wJ9QTKDQuWRuGoyt2d6yzd7WoAS55JE0BIt+kXDJGbOaK42H2 ifO6ERHbJiEr/oh4KzgdAes+GRjwlSaG2Z0va4Ss5lY6zfwVCEZYdZcjSDpKB0M5tTQYQeO7 QyQPOI6Gb4FXA9ko3sHvAPs4+Pq+UtWjp3y8sYr1vLCER9ePEsgLdCG27mUk9OAijkG6n5oE GOIn+70F+qvKpmm52dZ8b7DELfbuuk0CrY4p0WxH3bBt6FJkPeZJIB6YNXAYHZi7RcdBjLJh +lawbIYTJFIcoWFHAl0g0/NYsjz3DLhZz4+CrJ6SQSYmp7qDhdJAWPiaq3C+qE/h2DZAJwoz 9uHrZHB8zsZ5JL8sUZ7zgqYmNMN+9PxzasrycTJn96Y63AIZdDq1kIHIw0vF4PBTVMZtMYID FDCCAxACAQEwTjA6MREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24gTkwg SW5kaXZpZHVhbCBDQSB2MgIQCXbYhDs+Bd6DT7LMTmx+xjANBglghkgBZQMEAgEFAKCCAZcw GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYxMTI0MTAzNzM4 WjAvBgkqhkiG9w0BCQQxIgQgGj5+MnJMoYdT/j1W1+sMrtRLf9fGN0V+JsddCoGPaAIwXQYJ KwYBBAGCNxAEMVAwTjA6MREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24g TkwgSW5kaXZpZHVhbCBDQSB2MgIQCXbYhDs+Bd6DT7LMTmx+xjBfBgsqhkiG9w0BCRACCzFQ oE4wOjERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1 YWwgQ0EgdjICEAl22IQ7PgXeg0+yzE5sfsYwbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQME ASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAIgA/AelU6 V1XeOOq4iQz00nfJ9Xl9XdT4BGXR0NouI0JKr5Ogg3UsaTlNPm1Y5/lZv1BuY8M34nqZso4h nV0ulC+O1Ap2DDo8H7D+q/QrnGfNgPydxhMY+ZCj+qvlzaNrByTYQv0vVHoj282v88fnI7OS ruduN3V7VOpo9AZNj1636tMnwYXeIeN7RDp6TyKhd1eT79IOwwBgUKyYtP6dIfrOUh10+t1j NWl6hVtdj0UQVnc7dLb/87jNJ/Q1IQpqGgVMkCqnz0SNVItXc9Gd4az98j4GT1xbryxx+GaU awjWeVdtuINLzsCC0UeW7XZjlcNKUb7qaW4+ghN1gDmdAAAAAAAA --------------ms090903010704070809060301-- From nobody Thu Nov 24 16:32:01 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4BC412A0A8 for ; Thu, 24 Nov 2016 16:31:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.697 X-Spam-Level: X-Spam-Status: No, score=-5.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZby_abJohBU for ; Thu, 24 Nov 2016 16:31:58 -0800 (PST) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C14012A0AB for ; Thu, 24 Nov 2016 16:31:41 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id AB26862267; Thu, 24 Nov 2016 19:31:40 -0500 (EST) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id QPZDAwkUZw1v; Thu, 24 Nov 2016 19:31:22 -0500 (EST) Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 20F6F62264; Thu, 24 Nov 2016 19:31:19 -0500 (EST) To: Miika Komu , hipsec@ietf.org References: <147997633613.2546.2113430680233289739.idtracker@ietfa.amsl.com> From: Robert Moskowitz Message-ID: Date: Thu, 24 Nov 2016 19:31:12 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------81C2E7D83FAB42B62BC93D0A" Archived-At: Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Nov 2016 00:32:00 -0000 This is a multi-part message in MIME format. --------------81C2E7D83FAB42B62BC93D0A Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit What is 'co called' in this text: o In ICE, the conflict when two communicating end-points take the same controlling role is solved using random values (co called tie-breaker value). In this protocol, the conflict is solved by the standard HIP base exchange procedure, where the host with the "larger" HIT switches to Responder role, thus changing also to controlled role. Should it be 'so called'? I will continue reading... Bob On 11/24/2016 05:37 AM, Miika Komu wrote: > Hi, > > I read the latest version of the ICE specs. Based on this, I included > more details on ICE processing to the HIP NAT traversal draft. A quick > summary of the changes: > > * Introduced more details from ice-bis draft > * New terminology > * Aligned connectivity check procedure to match with ICE (3-way > check is now 4-way) > * Ta minimum value is now 5 ms (according to ICE bis) > * 4.9 Handoff: first update HIP relay to in order learn new server > reflexive locators > * New sections: > * 4.6.3. Rules for Concluding Connectivity Checks > * 6.6. Amplification attacks (new section) > * 6.7. Attacks against Connectivity Checks and Candidate Gathering > * Appendix C. Differences to ICE > * Appendix D. Differences to Base Exchange and UPDATE procedures > * 7. IANA Considerations: added UNSAF considerations (references ICE) > * updated references (some drafts are now RFCs) > > Feedback is welcome! For people already familiar with HIP, I'd > recommend reading "the diff to normal HIP" in section > https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D > > On 11/24/2016 10:32 AM, internet-drafts@ietf.org wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Host Identity Protocol of the IETF. >> >> Title : Native NAT Traversal Mode for the Host >> Identity Protocol >> Authors : Ari Keranen >> Jan Melén >> Miika Komu >> Filename : draft-ietf-hip-native-nat-traversal-14.txt >> Pages : 51 >> Date : 2016-11-24 >> >> Abstract: >> This document specifies a new Network Address Translator (NAT) >> traversal mode for the Host Identity Protocol (HIP). The new mode is >> based on the Interactive Connectivity Establishment (ICE) methodology >> and UDP encapsulation of data and signaling traffic. The main >> difference from the previously specified modes is the use of HIP >> messages for all NAT traversal procedures. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec >> > > > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec --------------81C2E7D83FAB42B62BC93D0A Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit What is 'co called' in this text:

o  In ICE, the conflict when two communicating end-points take the
      same controlling role is solved using random values (co called
      tie-breaker value).  In this protocol, the conflict is solved by
      the standard HIP base exchange procedure, where the host with the
      "larger" HIT switches to Responder role, thus changing also to
      controlled role.

Should it be 'so called'?

I will continue reading...

Bob

On 11/24/2016 05:37 AM, Miika Komu wrote:
Hi,

I read the latest version of the ICE specs. Based on this, I included more details on ICE processing to the HIP NAT traversal draft. A quick summary of the changes:

* Introduced more details from ice-bis draft
  * New terminology
  * Aligned connectivity check procedure to match with ICE (3-way check is now 4-way)
  * Ta minimum value is now 5 ms (according to ICE bis)
  * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators
  * New sections:
     * 4.6.3.  Rules for Concluding Connectivity Checks
     * 6.6.  Amplification attacks (new section)
     * 6.7.  Attacks against Connectivity Checks and Candidate Gathering
     * Appendix C.  Differences to ICE
     * Appendix D.  Differences to Base Exchange and UPDATE procedures
  * 7. IANA Considerations: added UNSAF considerations (references ICE)
* updated references (some drafts are now RFCs)

Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D

On 11/24/2016 10:32 AM, internet-drafts@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Host Identity Protocol of the IETF.

        Title           : Native NAT Traversal Mode for the Host Identity Protocol
        Authors         : Ari Keranen
                          Jan Melén
                          Miika Komu
    Filename        : draft-ietf-hip-native-nat-traversal-14.txt
    Pages           : 51
    Date            : 2016-11-24

Abstract:
   This document specifies a new Network Address Translator (NAT)
   traversal mode for the Host Identity Protocol (HIP).  The new mode is
   based on the Interactive Connectivity Establishment (ICE) methodology
   and UDP encapsulation of data and signaling traffic.  The main
   difference from the previously specified modes is the use of HIP
   messages for all NAT traversal procedures.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec 




_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec

--------------81C2E7D83FAB42B62BC93D0A-- From nobody Thu Nov 24 20:33:42 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215A1129681 for ; Thu, 24 Nov 2016 20:33:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.697 X-Spam-Level: X-Spam-Status: No, score=-5.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zSiTBMA9wTrL for ; Thu, 24 Nov 2016 20:33:36 -0800 (PST) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE485129648 for ; Thu, 24 Nov 2016 20:33:36 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 1A11262275; Thu, 24 Nov 2016 23:33:34 -0500 (EST) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id OR6VBepRPars; Thu, 24 Nov 2016 23:33:27 -0500 (EST) Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 3E17F62264; Thu, 24 Nov 2016 23:33:27 -0500 (EST) To: Miika Komu , hipsec@ietf.org References: <147997633613.2546.2113430680233289739.idtracker@ietfa.amsl.com> From: Robert Moskowitz Message-ID: <763b6fc6-f66f-b24f-d168-ab26678d8265@htt-consult.com> Date: Thu, 24 Nov 2016 23:33:18 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------EFDDD48687EAD2E97089F62F" Archived-At: Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Nov 2016 04:33:41 -0000 This is a multi-part message in MIME format. --------------EFDDD48687EAD2E97089F62F Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Miika, Does this draft cover the use case where the mobile HIP device moves from one NATed network to another. Consider you are in Starbucks and move next door to Dunkin Donuts. Your device did this augmented BEX exchange in Starbucks. You walk into DD and your interface decides the signal from SB is too weak, but it has the saved SSID for DD and switches (Gee I wonder if it could be the same 1918 address! oh boy.). Would this work as a mobility update or a new BEX? On 11/24/2016 05:37 AM, Miika Komu wrote: > Hi, > > I read the latest version of the ICE specs. Based on this, I included > more details on ICE processing to the HIP NAT traversal draft. A quick > summary of the changes: > > * Introduced more details from ice-bis draft > * New terminology > * Aligned connectivity check procedure to match with ICE (3-way > check is now 4-way) > * Ta minimum value is now 5 ms (according to ICE bis) > * 4.9 Handoff: first update HIP relay to in order learn new server > reflexive locators > * New sections: > * 4.6.3. Rules for Concluding Connectivity Checks > * 6.6. Amplification attacks (new section) > * 6.7. Attacks against Connectivity Checks and Candidate Gathering > * Appendix C. Differences to ICE > * Appendix D. Differences to Base Exchange and UPDATE procedures > * 7. IANA Considerations: added UNSAF considerations (references ICE) > * updated references (some drafts are now RFCs) > > Feedback is welcome! For people already familiar with HIP, I'd > recommend reading "the diff to normal HIP" in section > https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D > > On 11/24/2016 10:32 AM, internet-drafts@ietf.org wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Host Identity Protocol of the IETF. >> >> Title : Native NAT Traversal Mode for the Host >> Identity Protocol >> Authors : Ari Keranen >> Jan Melén >> Miika Komu >> Filename : draft-ietf-hip-native-nat-traversal-14.txt >> Pages : 51 >> Date : 2016-11-24 >> >> Abstract: >> This document specifies a new Network Address Translator (NAT) >> traversal mode for the Host Identity Protocol (HIP). The new mode is >> based on the Interactive Connectivity Establishment (ICE) methodology >> and UDP encapsulation of data and signaling traffic. The main >> difference from the previously specified modes is the use of HIP >> messages for all NAT traversal procedures. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec >> > > > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec --------------EFDDD48687EAD2E97089F62F Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit Miika,

Does this draft cover the use case where the mobile HIP device moves from one NATed network to another.  Consider you are in Starbucks and move next door to Dunkin Donuts.

Your device did this augmented BEX exchange in Starbucks.  You walk into DD and your interface decides the signal from SB is too weak, but it has the saved SSID for DD and switches (Gee I wonder if it could be the same 1918 address! oh boy.).  Would this work as a mobility update or a new BEX?

On 11/24/2016 05:37 AM, Miika Komu wrote:
Hi,

I read the latest version of the ICE specs. Based on this, I included more details on ICE processing to the HIP NAT traversal draft. A quick summary of the changes:

* Introduced more details from ice-bis draft
  * New terminology
  * Aligned connectivity check procedure to match with ICE (3-way check is now 4-way)
  * Ta minimum value is now 5 ms (according to ICE bis)
  * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators
  * New sections:
     * 4.6.3.  Rules for Concluding Connectivity Checks
     * 6.6.  Amplification attacks (new section)
     * 6.7.  Attacks against Connectivity Checks and Candidate Gathering
     * Appendix C.  Differences to ICE
     * Appendix D.  Differences to Base Exchange and UPDATE procedures
  * 7. IANA Considerations: added UNSAF considerations (references ICE)
* updated references (some drafts are now RFCs)

Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D

On 11/24/2016 10:32 AM, internet-drafts@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Host Identity Protocol of the IETF.

        Title           : Native NAT Traversal Mode for the Host Identity Protocol
        Authors         : Ari Keranen
                          Jan Melén
                          Miika Komu
    Filename        : draft-ietf-hip-native-nat-traversal-14.txt
    Pages           : 51
    Date            : 2016-11-24

Abstract:
   This document specifies a new Network Address Translator (NAT)
   traversal mode for the Host Identity Protocol (HIP).  The new mode is
   based on the Interactive Connectivity Establishment (ICE) methodology
   and UDP encapsulation of data and signaling traffic.  The main
   difference from the previously specified modes is the use of HIP
   messages for all NAT traversal procedures.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec 




_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec

--------------EFDDD48687EAD2E97089F62F-- From nobody Thu Nov 24 23:00:12 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C95D129A3F for ; Thu, 24 Nov 2016 23:00:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TcwMWRr4Hwbe for ; Thu, 24 Nov 2016 23:00:06 -0800 (PST) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47C9E129898 for ; Thu, 24 Nov 2016 23:00:06 -0800 (PST) X-AuditID: c1b4fb3a-d644398000007918-c4-5837e1748603 Received: from ESESSHC022.ericsson.se (Unknown_Domain [153.88.183.84]) by (Symantec Mail Security) with SMTP id 36.EC.31000.471E7385; Fri, 25 Nov 2016 08:00:04 +0100 (CET) Received: from ESESSMB301.ericsson.se ([169.254.1.211]) by ESESSHC022.ericsson.se ([153.88.183.84]) with mapi id 14.03.0319.002; Fri, 25 Nov 2016 07:59:59 +0100 From: Miika Komu To: Robert Moskowitz , "hipsec@ietf.org" Thread-Topic: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt Thread-Index: AQHSRi1W80dwUSF+TkuPjmRl48EGoqDoAfUAgAELAwCAADmLwA== Date: Fri, 25 Nov 2016 06:59:59 +0000 Message-ID: <7110ABD9BA66454293AEE83D6D370166170C40FC@ESESSMB301.ericsson.se> References: <147997633613.2546.2113430680233289739.idtracker@ietfa.amsl.com> <763b6fc6-f66f-b24f-d168-ab26678d8265@htt-consult.com> In-Reply-To: <763b6fc6-f66f-b24f-d168-ab26678d8265@htt-consult.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [153.88.183.16] Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0004_01D246FA.4C373320" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrKIsWRmVeSWpSXmKPExsUyM2J7iG7JQ/MIg4Z2EYupiyYzWzSs+8zo wOSxe1ITu8eSJT+ZApiiuGxSUnMyy1KL9O0SuDL+TXnGXLB5C2PFq9ePmRoYOxYzdjFyckgI mEg833WBuYuRi0NIYB2jxOl17awQzhJGiZsd/5hBqtgEtCRW3bkOZHNwiAgESjw5UQdiCgv4 SPxdZgZSISLgK7Fh7xMWiAoniea2JJAwi4CqxNnJD1lAbF6gkiu/H7FATN/NKNHx9SIrSIJT wFni3MGdTCA2o4CsxMrNEFuZBcQlbj2ZzwRxp4jEw4un2SBsUYmXj/+xQtiKEjvPtkPV9zJK zGgrhVgmKHFy5hOWCYzCs5CMmoWkbBaSMoh4tMSXF5fYIGwDifuHOlghbG2JZQtfM0PY+hJt x1YzY4pbS8z4dRCqV1FiSvdDdgjbVOL10Y+MCxi5VzGKFqcWF+emGxnppRZlJhcX5+fp5aWW bGIERujBLb+tdjAefO54iFGAg1GJh3eDhXmEEGtiWXFl7iFGFaA5jzasvsAoxZKXn5eqJML7 +BpQmjclsbIqtSg/vqg0J7X4EKM0B4uSOK/ZyvvhQgLpiSWp2ampBalFMFkmDk6pBkaWL2nK W++kb/xk7lJhfDfnTO0PpSl3F/TPYOMU2LE57ufpP7U8PcUyO46fEE2eq1i67ElU2QtZrmpN 7clHalSvbMtkMp01yfK5mo6v8pYjpza2vc8z/l/xKEPAIKbr6JSHIYbZnqt3uHxxXxh87Wpz TcBNjpuLs59XNjj0/r5w2eSumUq813ElluKMREMt5qLiRAAvvNCu2AIAAA== Archived-At: Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Nov 2016 07:00:11 -0000 ------=_NextPart_000_0004_01D246FA.4C373320 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0005_01D246FA.4C373320" ------=_NextPart_001_0005_01D246FA.4C373320 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Robert, =20 yes, mobility support is specified in the draft. =20 From: Robert Moskowitz [mailto:rgm@htt-consult.com]=20 Sent: Friday, November 25, 2016 6:33 AM To: Miika Komu ; hipsec@ietf.org Subject: Re: [Hipsec] I-D Action: = draft-ietf-hip-native-nat-traversal-14.txt =20 Miika, Does this draft cover the use case where the mobile HIP device moves = from one NATed network to another. Consider you are in Starbucks and move = next door to Dunkin Donuts. Your device did this augmented BEX exchange in Starbucks. You walk into = DD and your interface decides the signal from SB is too weak, but it has = the saved SSID for DD and switches (Gee I wonder if it could be the same = 1918 address! oh boy.). Would this work as a mobility update or a new BEX?=20 On 11/24/2016 05:37 AM, Miika Komu wrote: Hi,=20 I read the latest version of the ICE specs. Based on this, I included = more details on ICE processing to the HIP NAT traversal draft. A quick = summary of the changes:=20 * Introduced more details from ice-bis draft=20 * New terminology=20 * Aligned connectivity check procedure to match with ICE (3-way check = is now 4-way)=20 * Ta minimum value is now 5 ms (according to ICE bis)=20 * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators=20 * New sections:=20 * 4.6.3. Rules for Concluding Connectivity Checks=20 * 6.6. Amplification attacks (new section)=20 * 6.7. Attacks against Connectivity Checks and Candidate Gathering = * Appendix C. Differences to ICE=20 * Appendix D. Differences to Base Exchange and UPDATE procedures=20 * 7. IANA Considerations: added UNSAF considerations (references ICE)=20 * updated references (some drafts are now RFCs)=20 Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#append= ix- D On 11/24/2016 10:32 AM, internet-drafts@ietf.org wrote:=20 A New Internet-Draft is available from the on-line Internet-Drafts directories.=20 This draft is a work item of the Host Identity Protocol of the IETF.=20 Title : Native NAT Traversal Mode for the Host = Identity Protocol=20 Authors : Ari Keranen=20 Jan Mel=E9n=20 Miika Komu=20 Filename : draft-ietf-hip-native-nat-traversal-14.txt=20 Pages : 51=20 Date : 2016-11-24=20 Abstract:=20 This document specifies a new Network Address Translator (NAT)=20 traversal mode for the Host Identity Protocol (HIP). The new mode is = based on the Interactive Connectivity Establishment (ICE) methodology = and UDP encapsulation of data and signaling traffic. The main=20 difference from the previously specified modes is the use of HIP=20 messages for all NAT traversal procedures.=20 The IETF datatracker status page for this draft is:=20 https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/=20 There's also a htmlized version available at:=20 https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14=20 A diff from the previous version is available at:=20 https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-native-nat-traversal-1= 4=20 Please note that it may take a couple of minutes from the time of = submission until the htmlized version and diff are available at tools.ietf.org.=20 Internet-Drafts are also available by anonymous FTP at:=20 ftp://ftp.ietf.org/internet-drafts/=20 _______________________________________________=20 Hipsec mailing list=20 Hipsec@ietf.org =20 https://www.ietf.org/mailman/listinfo/hipsec=20 _______________________________________________ Hipsec mailing list Hipsec@ietf.org =20 https://www.ietf.org/mailman/listinfo/hipsec =20 ------=_NextPart_001_0005_01D246FA.4C373320 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi Robert,

 

yes, mobility support is specified in the = draft.

 

From: Robert Moskowitz [mailto:rgm@htt-consult.com]
Sent: = Friday, November 25, 2016 6:33 AM
To: Miika Komu = <miika.komu@ericsson.com>; hipsec@ietf.org
Subject: Re: = [Hipsec] I-D Action: = draft-ietf-hip-native-nat-traversal-14.txt

 

Miika,

Does this draft cover the = use case where the mobile HIP device moves from one NATed network to = another.  Consider you are in Starbucks and move next door to = Dunkin Donuts.

Your device did this augmented BEX exchange in = Starbucks.  You walk into DD and your interface decides the signal = from SB is too weak, but it has the saved SSID for DD and switches (Gee = I wonder if it could be the same 1918 address! oh boy.).  Would = this work as a mobility update or a new BEX?

On 11/24/2016 05:37 AM, Miika Komu = wrote:

Hi, =

I read the latest version of the ICE specs. Based on this, I = included more details on ICE processing to the HIP NAT traversal draft. = A quick summary of the changes:

* Introduced more details from = ice-bis draft
  * New terminology
  * Aligned = connectivity check procedure to match with ICE (3-way check is now = 4-way)
  * Ta minimum value is now 5 ms (according to ICE bis) =
  * 4.9 Handoff: first update HIP relay to in order learn new = server reflexive locators
  * New sections: =
     * 4.6.3.  Rules for Concluding = Connectivity Checks
     * 6.6.  = Amplification attacks (new section)
     * = 6.7.  Attacks against Connectivity Checks and Candidate Gathering =
     * Appendix C.  Differences to ICE =
     * Appendix D.  Differences to Base = Exchange and UPDATE procedures
  * 7. IANA Considerations: = added UNSAF considerations (references ICE)
* updated references = (some drafts are now RFCs)

Feedback is welcome! For people = already familiar with HIP, I'd recommend reading "the diff to = normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-trave= rsal-14#appendix-D

On 11/24/2016 10:32 AM, internet-drafts@ietf.org = wrote:


A New Internet-Draft is available = from the on-line Internet-Drafts directories.
This draft is a work = item of the Host Identity Protocol of the IETF. =

        = Title           : = Native NAT Traversal Mode for the Host Identity Protocol =
        = Authors         : Ari Keranen =
           &nb= sp;           &nbs= p;  Jan Mel=E9n =
           &nb= sp;           &nbs= p;  Miika Komu =
    Filename      &= nbsp; : draft-ietf-hip-native-nat-traversal-14.txt =
    Pages      &nbs= p;    : 51 =
    Date       = ;     : 2016-11-24

Abstract: =
   This document specifies a new Network Address = Translator (NAT)
   traversal mode for the Host Identity = Protocol (HIP).  The new mode is
   based on the = Interactive Connectivity Establishment (ICE) methodology =
   and UDP encapsulation of data and signaling = traffic.  The main
   difference from the previously = specified modes is the use of HIP
   messages for all NAT = traversal procedures.


The IETF datatracker status page for = this draft is:
https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversa= l/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14=

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-native-nat-= traversal-14


Please note that it may take a couple of = minutes from the time of submission
until the htmlized version and = diff are available at tools.ietf.org.

Internet-Drafts are also = available by anonymous FTP at:
ftp://ftp.ietf.org/internet-= drafts/

_______________________________________________ =
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.or= g/mailman/listinfo/hipsec 





___________________=
____________________________
Hipsec mailing =
list
Hipsec@ietf.org
=
https://www.ietf.or=
g/mailman/listinfo/hipsec

 

------=_NextPart_001_0005_01D246FA.4C373320-- ------=_NextPart_000_0004_01D246FA.4C373320 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVSDCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQDR4D5bSO3Hngk/QN7hYcOLMA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMDcx MDE4MTI1MjAxWhcNMTkxMDE3MDUwNDExWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBBQUAA4IBAQB7L2bVGhb4q6FZUtsGVNbneHh+Q5OmrXeyTfAHxWAg90PVlDgAY0+cBk4o PxOL9ZVGnhec070CdiGWHwrqqKER1uDC2H97BTr3jBzGl9mf/43MxbY7NJB9LHMONfDeF+V+8bMK ziBdedr0HocKuKtBbzbvChOkDOaAKZkqCVXEC4+x1AUwqx4++t6D3aSnC3+1CWt2+AXfXrIzjE6p AKqZcnJfrI2mqIatmAtaXvW12I8TyZR+ERIMcOVGIa4MYfxxSpz0TSSz94DWfLK3DlKiXaxT+Tqo k3yH1wZhC+6q/11vPLL52cPWk2HciFDaylK2u3watcxmk8kaxNEt6K5zMIIF5TCCA82gAwIBAgIQ CXbYhDs+Bd6DT7LMTmx+xjANBgkqhkiG9w0BAQUFADA6MREwDwYDVQQKDAhFcmljc3NvbjElMCMG A1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBDQSB2MjAeFw0xNDEyMTUxMjQ0MDFaFw0xNzEy MTUxMjQ0MDBaMGIxETAPBgNVBAoMCEVyaWNzc29uMRMwEQYDVQQDDApNaWlrYSBLb211MSYwJAYJ KoZIhvcNAQkBFhdtaWlrYS5rb211QGVyaWNzc29uLmNvbTEQMA4GA1UEBRMHZW1paWtvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALH9qYMGG1V8YcfsML8K0uauerS6BIZwVLG9yRty h2AE430K8sibA35/dGBzJePX1xTkQ7RTtTzwPkAdtsrrIAi4Y4GsHJGJ91wc4qQpcU6tVB8TatNY v0cwaLXa1VmDMj+CprAc7IP76dAbuSo5bT+lQRqXDovI7lXly9dLjYeF6ZwW2hKtrlYmSTh/fpkq 9CBIIeMv5RGSp5SBqXMt75WC+EuFYZvCMfV/CDb3lrkzHaNqHdY/X3RCYLb93IOSjdvofqSN6DfJ +YpL9cbOZGgwmBbpy1JzA4JZHAE/JNXm6i1dI0FDUpbwwgdoazs1RT8hMnG9GTW19QJDk1Z5azcC AwEAAaOCAb0wggG5MEgGA1UdHwRBMD8wPaA7oDmGN2h0dHA6Ly9jcmwudHJ1c3QudGVsaWEuY29t L2VyaWNzc29ubmxpbmRpdmlkdWFsY2F2Mi5jcmwwgYIGCCsGAQUFBwEBBHYwdDAoBggrBgEFBQcw AYYcaHR0cDovL29jc3AyLnRydXN0LnRlbGlhLmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhLnRy dXN0LnRlbGlhc29uZXJhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjIuY2VyMCIGA1UdEQQb MBmBF21paWthLmtvbXVAZXJpY3Nzb24uY29tMFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQESMDow OAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BT MB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNVHQ4EFgQUE5xw4Ol3sTrXWf6jJJ90 BymQlWQwHwYDVR0jBBgwFoAUsQ3K1Ea3r4YCwy9vBsoOdnF/SzcwDgYDVR0PAQH/BAQDAgWgMA0G CSqGSIb3DQEBBQUAA4ICAQC0lTA+gv7GWc+N8Cdq/x6fAbQYoKSnOgrl+tL5pM0PLxq8XjWzyZpA uehUnhrRaPOQ7ReescgXe9OE9fI69bR0162vHDT9+6gAWM4Gi2i7ho7anDpxkGP/9GUHyyQXyiZ5 SR1/WQfkBT24cKThZvUDNqEWBbHtBo3PC1d1idIzFDL2QxcmKGXkPrGpPpjm7E0X5Edr7LrgeBJa ODErnQpmaqhVFO4AZqd+htskiS7f7SZSQ5XfnoCST9YF5xpMFtp99xpHMvklS49Akk8su+homz6e 9gIrkf8M/hiGgoENwD1W1l5Ad5XeGr56PjKtruvtqmKYWLJmMCLOUlLIemZ9TkFjSlLW2W7Ns+AC 0GwN6x5p3SPHi3+M+2ajC+lAc60I7pFotOg/Mlezly8/08wa6dbHT6TaQ1UhFprgtHSd0aPFCTi4 jvdSrSysE2Dj1ZYPrutgOb2Deg1ck5wZLM+QqVIlTe8dwwwHI2qzkUJ7XqCMAWjnmXfyWSW6/dNF BDprfWi154fLxWTjse3W9F3HG1juO98jp7fyq/V1+bdpLxUJzUhCN0ZBajNOs/q+VomXfgYRiT0l PNEDTic86BF0+vQ4oYVoRaUoqxQ1egnVEsSqBQ//KiJAdkF7kFBEjdFlAbhsthzriKp8fgSEeXxh bGohRGOaVyx3krwcgG98kzCCBrYwggSeoAMCAQICEQCgDMvMm5mY7OI6cPR8wcBZMA0GCSqGSIb3 DQEBBQUAMDcxFDASBgNVBAoMC1RlbGlhU29uZXJhMR8wHQYDVQQDDBZUZWxpYVNvbmVyYSBSb290 IENBIHYxMB4XDTE0MDUyNzA3NDYyMVoXDTI0MDUyNzA3NDYyMVowOjERMA8GA1UECgwIRXJpY3Nz b24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjIwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQDaulPrX0iWU5+JOOqjddx4Gnl17DJhklkoXOgOSBMhW6FzGVt5RR7K Pv+rjt2YpbwdoqWSYa4VPkS/72vuQoWsvz2avWWXhPTdNzrB3zs5cJO7sKIyd+LRy4l/8kKK4iPm +Q18XyGF0xTuc5WS3WiMScJSxEKdIOP8xehBraHZabrGh9OxQHC4iBHkzD0YF3J/vBqBTr7blRzY f1h3j5a7qVIHCPfz+eCE175mResXDQRI7LvMiZtVaqitBl0oAJiJyeBmvEujBNsIEgUQ6JcQFG5n y0EazLywv7clwb7izvLgoXc6SFrd0D7TGJtkdldVJtMwDYXpyFMGAijT6uf8h2kuPIwrDgQFNEyI QZ4q52ZpRGwugC6sMxgHEDGjA/CxX9aC5Vi1EMRJiOGF6gV3T+V5yHDHSBBeQbVAXm8wSTDBfXQw dro/AXqET0mG6Rpe4q2FGBaauE8qHEO6qR3WAEgvjVfFU2k6xZx1qmvwhkXadxh6ZIMXzgb6Wpji vLnR0GEKNrgN2DXdvo+6eAt45Bhvmeka2TrJDxMLWiBy8QYgNeNXYQsuREnDsjWo6wF0LqbA5769 om9nn/uJzmzxb3nT1iHue5co9J93ta06kxiASHvcIzZwAOjKnmk0vR3IT7Qbzq2of3E1s18xo8DM 9D91Cak0Nq+RALtdv1uZKQIDAQABo4IBuDCCAbQwgYoGCCsGAQUFBwEBBH4wfDAtBggrBgEFBQcw AYYhaHR0cDovL29jc3AudHJ1c3QudGVsaWFzb25lcmEuY29tMEsGCCsGAQUFBzAChj9odHRwOi8v cmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jZXIw EgYDVR0TAQH/BAgwBgEB/wIBADBVBgNVHSAETjBMMEoGDCsGAQQBgg8CAwEBAjA6MDgGCCsGAQUF BwIBFixodHRwczovL3JlcG9zaXRvcnkudHJ1c3QudGVsaWFzb25lcmEuY29tL0NQUzBLBgNVHR8E RDBCMECgPqA8hjpodHRwOi8vY3JsLTMudHJ1c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJh cm9vdGNhdjEuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFLENytRGt6+GAsMvbwbKDnZxf0s3MB8GA1UdIwQYMBaAFPCPWTgAs/WPmpYM 1ev6e6oX6BMSMA0GCSqGSIb3DQEBBQUAA4ICAQBuByBsr6x3PZBCsmGbcSZ/XL+0tnVMblInoJgL 1Bh3PiRicgdo8l+6cvWp/ArBwMYNwSNyrvY9IewyaV8n65c5oN+l2JDUuzrdANVKnYxha7ZyCEiP mY98sB2bnZgxfJLXQYoRwI7pOOwfyoP2fCYVCd+xhsfysYiIl4ORzE3TpeppQ2yWkyBBmoHUXJh9 7ue6+bJ2fqnVUoOVMVnYYEtvsz67v7w2z3fvdcy04/RnoylxSenxADi1tY9iIydHMgyOu3dfzsxU 8AivMGG4aKStsCfUEyg0LlkbhqMrdness3e1qAEueSRNASLfpFwyRmzmiuNh9onzuhER2yYhK/6I eCs4HQHrPhkY8JUmhtmdL2uErOZWOs38FQhGWHWXI0g6SgdDObU0GEHju0MkDziOhm+BVwPZKN7B 7wD7OPj6vlLVo6d8vLGK9bywhEfXjxLIC3Qhtu5lJPTgIo5Bup+aBBjiJ/u9BfqryqZpudnWfG+w xC327rpNAq2OKdFsR92wbehSZD3mSSAemDVwGB2Yu0XHQYyyYfpWsGyGEyRSHKFhRwJdINPzWLI8 9wy4Wc+PgqyekkEmJqe6g4XSQFj4mqtwvqhP4dg2QCcKM/bh62RwfM7GeSS/LFGe84KmJjTDfvT8 c2rK8nEyZ/emOtwCGXQ6tZCByMNLxeDwU1TGbTGCAtswggLXAgEBME4wOjERMA8GA1UECgwIRXJp Y3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjICEAl22IQ7PgXeg0+y zE5sfsYwCQYFKw4DAhoFAKCCAWIwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTYxMTI1MDY1OTU4WjAjBgkqhkiG9w0BCQQxFgQU0vo4tNJeKUTNopZOSSKodWGuMy4w QwYJKoZIhvcNAQkPMTYwNDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC AUAwBwYFKw4DAhowXQYJKwYBBAGCNxAEMVAwTjA6MREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UE AwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBDQSB2MgIQCXbYhDs+Bd6DT7LMTmx+xjBfBgsqhkiG 9w0BCRACCzFQoE4wOjERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIElu ZGl2aWR1YWwgQ0EgdjICEAl22IQ7PgXeg0+yzE5sfsYwDQYJKoZIhvcNAQEBBQAEggEAKZgTCR/Z iDTWXEkBAemt4CyX6owJ0LCy9W0l3QRkxiOxjATADGfTUk99e7YmECIE1k70SR+4eEFRdSptL2mT Z81DwGCgI9F2v6Tqaka3dAPfPEYq8zdKLrfQFfBmrowyEkRNAYVbphTYrsn0r5B/Sru3y1S2Y3Q2 yN/YAvQLtAiwobo3e8FhNjc5+F5gl7xiRd3NdHpMloPrckvtYCsTPHnHFk8+IzzMWpuaGztOdaEI NOc8+hXb2ecMR5tSFer3Rib2oXXOcUgKdfFajyTohn4QPPnLCOzBrotaVVOjXboPtFpkIaQCY5B8 qsMM824ZdfJRTQkkLORSuURDjZVvhQAAAAAAAA== ------=_NextPart_000_0004_01D246FA.4C373320-- From nobody Thu Nov 24 23:25:04 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B63C812A228 for ; Thu, 24 Nov 2016 23:25:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zafO_GWKL41a for ; Thu, 24 Nov 2016 23:24:58 -0800 (PST) Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCB1D12A227 for ; Thu, 24 Nov 2016 23:24:57 -0800 (PST) X-AuditID: c1b4fb30-c294498000000c18-7a-5837e74717e4 Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.183.69]) by (Symantec Mail Security) with SMTP id 8B.61.03096.747E7385; Fri, 25 Nov 2016 08:24:55 +0100 (CET) Received: from ESESSMB301.ericsson.se ([169.254.1.211]) by ESESSHC017.ericsson.se ([153.88.183.69]) with mapi id 14.03.0319.002; Fri, 25 Nov 2016 08:23:42 +0100 From: Miika Komu To: Robert Moskowitz , "hipsec@ietf.org" Thread-Topic: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt Thread-Index: AQHSRi1W80dwUSF+TkuPjmRl48EGoqDoAfUAgADHXwCAAIN70A== Date: Fri, 25 Nov 2016 07:23:41 +0000 Message-ID: <7110ABD9BA66454293AEE83D6D370166170C415C@ESESSMB301.ericsson.se> References: <147997633613.2546.2113430680233289739.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [153.88.183.16] Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0021_01D246FD.9BD8E9C0" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrGIsWRmVeSWpSXmKPExsUyM2K7q677c/MIg8Xz9S2mLprMbNGw7jOj A5PH7klN7B5LlvxkCmCK4rJJSc3JLEst0rdL4MrYvP4IU8GKXYwVPTc+sDQwbl3B2MXIySEh YCLx/v1kti5GLg4hgXWMEo8/X2aHcJYwShzedpAJpIpNQEti1Z3rzF2MHBwiAoEST07UgZjC Aj4Sf5eZgVSICPhKbNj7hAXCdpJY8GAlO4jNIqAqcfvmHXaQcl6gmnXffCGm72aU+HCghRUk zingLLFiZRxIOaOArMTKzf+YQWxmAXGJW0/mM0GcKSLx8OJpNghbVOLl43+sELaixM6z7cwg M5kFehkl2l8tAmvgFRCUODnzCcsERuFZSGbNQlY3C0kdRFG0xI27pxghbAOJ+4c6WCFsbYll C18zQ9j6Em3HVjNjiltLzPh1kA3CVpSY0v2QHcI2lXh99CPjAkbuVYyixanFSbnpRkZ6qUWZ ycXF+Xl6eaklmxiBMXpwy2+DHYwvnzseYhTgYFTi4d1gYR4hxJpYVlyZe4hRBWjOow2rLzBK seTl56UqifAyPAVK86YkVlalFuXHF5XmpBYfYpTmYFES5zVbeT9cSCA9sSQ1OzW1ILUIJsvE wSnVwKiywSvFyrpbMcljfoNXXYbvuoW76659lVu0yaHMWkpj050dV+q91i4vTEzh0J12bIK3 ztmnNz5WSW2YuL3oaW77jt3RQROKjirNiUzxnt/RvFMyNje8Z2657JQ2q6gXSToHKqfuSV5q 2Hl4qsS3x32TE02Cz1x8sjtwjdK7vMZ5611/xxi++6jEUpyRaKjFXFScCAD3K9aA2QIAAA== Archived-At: Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Nov 2016 07:25:03 -0000 ------=_NextPart_000_0021_01D246FD.9BD8E9C0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0022_01D246FD.9BD8E9C0" ------=_NextPart_001_0022_01D246FD.9BD8E9C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Robert, =20 yes, it is a typo. All nits are welcome! I will fix this in the next version. =20 P.S. I plan to redundantly include the missing ICE prioritization = formulas in the next version. =20 From: Robert Moskowitz [mailto:rgm@htt-consult.com]=20 Sent: Friday, November 25, 2016 2:31 AM To: Miika Komu ; hipsec@ietf.org Subject: Re: [Hipsec] I-D Action: = draft-ietf-hip-native-nat-traversal-14.txt =20 What is 'co called' in this text: o In ICE, the conflict when two communicating end-points take the same controlling role is solved using random values (co called tie-breaker value). In this protocol, the conflict is solved by the standard HIP base exchange procedure, where the host with the "larger" HIT switches to Responder role, thus changing also to controlled role. Should it be 'so called'? I will continue reading... Bob On 11/24/2016 05:37 AM, Miika Komu wrote: Hi,=20 I read the latest version of the ICE specs. Based on this, I included = more details on ICE processing to the HIP NAT traversal draft. A quick = summary of the changes:=20 * Introduced more details from ice-bis draft=20 * New terminology=20 * Aligned connectivity check procedure to match with ICE (3-way check = is now 4-way)=20 * Ta minimum value is now 5 ms (according to ICE bis)=20 * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators=20 * New sections:=20 * 4.6.3. Rules for Concluding Connectivity Checks=20 * 6.6. Amplification attacks (new section)=20 * 6.7. Attacks against Connectivity Checks and Candidate Gathering = * Appendix C. Differences to ICE=20 * Appendix D. Differences to Base Exchange and UPDATE procedures=20 * 7. IANA Considerations: added UNSAF considerations (references ICE)=20 * updated references (some drafts are now RFCs)=20 Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#append= ix- D On 11/24/2016 10:32 AM, internet-drafts@ietf.org wrote:=20 A New Internet-Draft is available from the on-line Internet-Drafts directories.=20 This draft is a work item of the Host Identity Protocol of the IETF.=20 Title : Native NAT Traversal Mode for the Host = Identity Protocol=20 Authors : Ari Keranen=20 Jan Mel=E9n=20 Miika Komu=20 Filename : draft-ietf-hip-native-nat-traversal-14.txt=20 Pages : 51=20 Date : 2016-11-24=20 Abstract:=20 This document specifies a new Network Address Translator (NAT)=20 traversal mode for the Host Identity Protocol (HIP). The new mode is = based on the Interactive Connectivity Establishment (ICE) methodology = and UDP encapsulation of data and signaling traffic. The main=20 difference from the previously specified modes is the use of HIP=20 messages for all NAT traversal procedures.=20 The IETF datatracker status page for this draft is:=20 https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/=20 There's also a htmlized version available at:=20 https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14=20 A diff from the previous version is available at:=20 https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-native-nat-traversal-1= 4=20 Please note that it may take a couple of minutes from the time of = submission until the htmlized version and diff are available at tools.ietf.org.=20 Internet-Drafts are also available by anonymous FTP at:=20 ftp://ftp.ietf.org/internet-drafts/=20 _______________________________________________=20 Hipsec mailing list=20 Hipsec@ietf.org =20 https://www.ietf.org/mailman/listinfo/hipsec=20 _______________________________________________ Hipsec mailing list Hipsec@ietf.org =20 https://www.ietf.org/mailman/listinfo/hipsec =20 ------=_NextPart_001_0022_01D246FD.9BD8E9C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi Robert,

 

yes, it is a typo. All nits are welcome! I will fix this in the next = version.

 

P.S. I plan to redundantly include the missing ICE prioritization = formulas in the next version.

 

From: Robert Moskowitz [mailto:rgm@htt-consult.com]
Sent: = Friday, November 25, 2016 2:31 AM
To: Miika Komu = <miika.komu@ericsson.com>; hipsec@ietf.org
Subject: Re: = [Hipsec] I-D Action: = draft-ietf-hip-native-nat-traversal-14.txt

 

What is 'co called' in this = text:

o=A0 In ICE, the conflict when two =
communicating end-points take the
=A0=A0=A0=A0=A0 =
same controlling role is solved using random values (co =
called
=A0=A0=A0=A0=A0 tie-breaker value).=A0 In =
this protocol, the conflict is solved =
by
=A0=A0=A0=A0=A0 the standard HIP base exchange =
procedure, where the host with the
=A0=A0=A0=A0=A0 =
"larger" HIT switches to Responder role, thus changing also =
to
=A0=A0=A0=A0=A0 controlled =
role.


Should it be 'so called'?

I = will continue reading...

Bob

On 11/24/2016 05:37 AM, Miika Komu = wrote:

Hi, =

I read the latest version of the ICE specs. Based on this, I = included more details on ICE processing to the HIP NAT traversal draft. = A quick summary of the changes:

* Introduced more details from = ice-bis draft
  * New terminology
  * Aligned = connectivity check procedure to match with ICE (3-way check is now = 4-way)
  * Ta minimum value is now 5 ms (according to ICE bis) =
  * 4.9 Handoff: first update HIP relay to in order learn new = server reflexive locators
  * New sections: =
     * 4.6.3.  Rules for Concluding = Connectivity Checks
     * 6.6.  = Amplification attacks (new section)
     * = 6.7.  Attacks against Connectivity Checks and Candidate Gathering =
     * Appendix C.  Differences to ICE =
     * Appendix D.  Differences to Base = Exchange and UPDATE procedures
  * 7. IANA Considerations: = added UNSAF considerations (references ICE)
* updated references = (some drafts are now RFCs)

Feedback is welcome! For people = already familiar with HIP, I'd recommend reading "the diff to = normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-trave= rsal-14#appendix-D

On 11/24/2016 10:32 AM, internet-drafts@ietf.org = wrote:


A New Internet-Draft is available = from the on-line Internet-Drafts directories.
This draft is a work = item of the Host Identity Protocol of the IETF. =

        = Title           : = Native NAT Traversal Mode for the Host Identity Protocol =
        = Authors         : Ari Keranen =
           &nb= sp;           &nbs= p;  Jan Mel=E9n =
           &nb= sp;           &nbs= p;  Miika Komu =
    Filename      &= nbsp; : draft-ietf-hip-native-nat-traversal-14.txt =
    Pages      &nbs= p;    : 51 =
    Date       = ;     : 2016-11-24

Abstract: =
   This document specifies a new Network Address = Translator (NAT)
   traversal mode for the Host Identity = Protocol (HIP).  The new mode is
   based on the = Interactive Connectivity Establishment (ICE) methodology =
   and UDP encapsulation of data and signaling = traffic.  The main
   difference from the previously = specified modes is the use of HIP
   messages for all NAT = traversal procedures.


The IETF datatracker status page for = this draft is:
https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversa= l/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14=

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-native-nat-= traversal-14


Please note that it may take a couple of = minutes from the time of submission
until the htmlized version and = diff are available at tools.ietf.org.

Internet-Drafts are also = available by anonymous FTP at:
ftp://ftp.ietf.org/internet-= drafts/

_______________________________________________ =
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.or= g/mailman/listinfo/hipsec 





___________________=
____________________________
Hipsec mailing =
list
Hipsec@ietf.org
=
https://www.ietf.or=
g/mailman/listinfo/hipsec

 

------=_NextPart_001_0022_01D246FD.9BD8E9C0-- ------=_NextPart_000_0021_01D246FD.9BD8E9C0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVSDCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQDR4D5bSO3Hngk/QN7hYcOLMA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMDcx MDE4MTI1MjAxWhcNMTkxMDE3MDUwNDExWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBBQUAA4IBAQB7L2bVGhb4q6FZUtsGVNbneHh+Q5OmrXeyTfAHxWAg90PVlDgAY0+cBk4o PxOL9ZVGnhec070CdiGWHwrqqKER1uDC2H97BTr3jBzGl9mf/43MxbY7NJB9LHMONfDeF+V+8bMK ziBdedr0HocKuKtBbzbvChOkDOaAKZkqCVXEC4+x1AUwqx4++t6D3aSnC3+1CWt2+AXfXrIzjE6p AKqZcnJfrI2mqIatmAtaXvW12I8TyZR+ERIMcOVGIa4MYfxxSpz0TSSz94DWfLK3DlKiXaxT+Tqo k3yH1wZhC+6q/11vPLL52cPWk2HciFDaylK2u3watcxmk8kaxNEt6K5zMIIF5TCCA82gAwIBAgIQ CXbYhDs+Bd6DT7LMTmx+xjANBgkqhkiG9w0BAQUFADA6MREwDwYDVQQKDAhFcmljc3NvbjElMCMG A1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBDQSB2MjAeFw0xNDEyMTUxMjQ0MDFaFw0xNzEy MTUxMjQ0MDBaMGIxETAPBgNVBAoMCEVyaWNzc29uMRMwEQYDVQQDDApNaWlrYSBLb211MSYwJAYJ KoZIhvcNAQkBFhdtaWlrYS5rb211QGVyaWNzc29uLmNvbTEQMA4GA1UEBRMHZW1paWtvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALH9qYMGG1V8YcfsML8K0uauerS6BIZwVLG9yRty h2AE430K8sibA35/dGBzJePX1xTkQ7RTtTzwPkAdtsrrIAi4Y4GsHJGJ91wc4qQpcU6tVB8TatNY v0cwaLXa1VmDMj+CprAc7IP76dAbuSo5bT+lQRqXDovI7lXly9dLjYeF6ZwW2hKtrlYmSTh/fpkq 9CBIIeMv5RGSp5SBqXMt75WC+EuFYZvCMfV/CDb3lrkzHaNqHdY/X3RCYLb93IOSjdvofqSN6DfJ +YpL9cbOZGgwmBbpy1JzA4JZHAE/JNXm6i1dI0FDUpbwwgdoazs1RT8hMnG9GTW19QJDk1Z5azcC AwEAAaOCAb0wggG5MEgGA1UdHwRBMD8wPaA7oDmGN2h0dHA6Ly9jcmwudHJ1c3QudGVsaWEuY29t L2VyaWNzc29ubmxpbmRpdmlkdWFsY2F2Mi5jcmwwgYIGCCsGAQUFBwEBBHYwdDAoBggrBgEFBQcw AYYcaHR0cDovL29jc3AyLnRydXN0LnRlbGlhLmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhLnRy dXN0LnRlbGlhc29uZXJhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjIuY2VyMCIGA1UdEQQb MBmBF21paWthLmtvbXVAZXJpY3Nzb24uY29tMFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQESMDow OAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BT MB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNVHQ4EFgQUE5xw4Ol3sTrXWf6jJJ90 BymQlWQwHwYDVR0jBBgwFoAUsQ3K1Ea3r4YCwy9vBsoOdnF/SzcwDgYDVR0PAQH/BAQDAgWgMA0G CSqGSIb3DQEBBQUAA4ICAQC0lTA+gv7GWc+N8Cdq/x6fAbQYoKSnOgrl+tL5pM0PLxq8XjWzyZpA uehUnhrRaPOQ7ReescgXe9OE9fI69bR0162vHDT9+6gAWM4Gi2i7ho7anDpxkGP/9GUHyyQXyiZ5 SR1/WQfkBT24cKThZvUDNqEWBbHtBo3PC1d1idIzFDL2QxcmKGXkPrGpPpjm7E0X5Edr7LrgeBJa ODErnQpmaqhVFO4AZqd+htskiS7f7SZSQ5XfnoCST9YF5xpMFtp99xpHMvklS49Akk8su+homz6e 9gIrkf8M/hiGgoENwD1W1l5Ad5XeGr56PjKtruvtqmKYWLJmMCLOUlLIemZ9TkFjSlLW2W7Ns+AC 0GwN6x5p3SPHi3+M+2ajC+lAc60I7pFotOg/Mlezly8/08wa6dbHT6TaQ1UhFprgtHSd0aPFCTi4 jvdSrSysE2Dj1ZYPrutgOb2Deg1ck5wZLM+QqVIlTe8dwwwHI2qzkUJ7XqCMAWjnmXfyWSW6/dNF BDprfWi154fLxWTjse3W9F3HG1juO98jp7fyq/V1+bdpLxUJzUhCN0ZBajNOs/q+VomXfgYRiT0l PNEDTic86BF0+vQ4oYVoRaUoqxQ1egnVEsSqBQ//KiJAdkF7kFBEjdFlAbhsthzriKp8fgSEeXxh bGohRGOaVyx3krwcgG98kzCCBrYwggSeoAMCAQICEQCgDMvMm5mY7OI6cPR8wcBZMA0GCSqGSIb3 DQEBBQUAMDcxFDASBgNVBAoMC1RlbGlhU29uZXJhMR8wHQYDVQQDDBZUZWxpYVNvbmVyYSBSb290 IENBIHYxMB4XDTE0MDUyNzA3NDYyMVoXDTI0MDUyNzA3NDYyMVowOjERMA8GA1UECgwIRXJpY3Nz b24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjIwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQDaulPrX0iWU5+JOOqjddx4Gnl17DJhklkoXOgOSBMhW6FzGVt5RR7K Pv+rjt2YpbwdoqWSYa4VPkS/72vuQoWsvz2avWWXhPTdNzrB3zs5cJO7sKIyd+LRy4l/8kKK4iPm +Q18XyGF0xTuc5WS3WiMScJSxEKdIOP8xehBraHZabrGh9OxQHC4iBHkzD0YF3J/vBqBTr7blRzY f1h3j5a7qVIHCPfz+eCE175mResXDQRI7LvMiZtVaqitBl0oAJiJyeBmvEujBNsIEgUQ6JcQFG5n y0EazLywv7clwb7izvLgoXc6SFrd0D7TGJtkdldVJtMwDYXpyFMGAijT6uf8h2kuPIwrDgQFNEyI QZ4q52ZpRGwugC6sMxgHEDGjA/CxX9aC5Vi1EMRJiOGF6gV3T+V5yHDHSBBeQbVAXm8wSTDBfXQw dro/AXqET0mG6Rpe4q2FGBaauE8qHEO6qR3WAEgvjVfFU2k6xZx1qmvwhkXadxh6ZIMXzgb6Wpji vLnR0GEKNrgN2DXdvo+6eAt45Bhvmeka2TrJDxMLWiBy8QYgNeNXYQsuREnDsjWo6wF0LqbA5769 om9nn/uJzmzxb3nT1iHue5co9J93ta06kxiASHvcIzZwAOjKnmk0vR3IT7Qbzq2of3E1s18xo8DM 9D91Cak0Nq+RALtdv1uZKQIDAQABo4IBuDCCAbQwgYoGCCsGAQUFBwEBBH4wfDAtBggrBgEFBQcw AYYhaHR0cDovL29jc3AudHJ1c3QudGVsaWFzb25lcmEuY29tMEsGCCsGAQUFBzAChj9odHRwOi8v cmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jZXIw EgYDVR0TAQH/BAgwBgEB/wIBADBVBgNVHSAETjBMMEoGDCsGAQQBgg8CAwEBAjA6MDgGCCsGAQUF BwIBFixodHRwczovL3JlcG9zaXRvcnkudHJ1c3QudGVsaWFzb25lcmEuY29tL0NQUzBLBgNVHR8E RDBCMECgPqA8hjpodHRwOi8vY3JsLTMudHJ1c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJh cm9vdGNhdjEuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFLENytRGt6+GAsMvbwbKDnZxf0s3MB8GA1UdIwQYMBaAFPCPWTgAs/WPmpYM 1ev6e6oX6BMSMA0GCSqGSIb3DQEBBQUAA4ICAQBuByBsr6x3PZBCsmGbcSZ/XL+0tnVMblInoJgL 1Bh3PiRicgdo8l+6cvWp/ArBwMYNwSNyrvY9IewyaV8n65c5oN+l2JDUuzrdANVKnYxha7ZyCEiP mY98sB2bnZgxfJLXQYoRwI7pOOwfyoP2fCYVCd+xhsfysYiIl4ORzE3TpeppQ2yWkyBBmoHUXJh9 7ue6+bJ2fqnVUoOVMVnYYEtvsz67v7w2z3fvdcy04/RnoylxSenxADi1tY9iIydHMgyOu3dfzsxU 8AivMGG4aKStsCfUEyg0LlkbhqMrdness3e1qAEueSRNASLfpFwyRmzmiuNh9onzuhER2yYhK/6I eCs4HQHrPhkY8JUmhtmdL2uErOZWOs38FQhGWHWXI0g6SgdDObU0GEHju0MkDziOhm+BVwPZKN7B 7wD7OPj6vlLVo6d8vLGK9bywhEfXjxLIC3Qhtu5lJPTgIo5Bup+aBBjiJ/u9BfqryqZpudnWfG+w xC327rpNAq2OKdFsR92wbehSZD3mSSAemDVwGB2Yu0XHQYyyYfpWsGyGEyRSHKFhRwJdINPzWLI8 9wy4Wc+PgqyekkEmJqe6g4XSQFj4mqtwvqhP4dg2QCcKM/bh62RwfM7GeSS/LFGe84KmJjTDfvT8 c2rK8nEyZ/emOtwCGXQ6tZCByMNLxeDwU1TGbTGCAtswggLXAgEBME4wOjERMA8GA1UECgwIRXJp Y3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjICEAl22IQ7PgXeg0+y zE5sfsYwCQYFKw4DAhoFAKCCAWIwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTYxMTI1MDcyMzQwWjAjBgkqhkiG9w0BCQQxFgQUsvw16kkGgrMFSckKaJIqQfVmOPww QwYJKoZIhvcNAQkPMTYwNDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC AUAwBwYFKw4DAhowXQYJKwYBBAGCNxAEMVAwTjA6MREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UE AwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBDQSB2MgIQCXbYhDs+Bd6DT7LMTmx+xjBfBgsqhkiG 9w0BCRACCzFQoE4wOjERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIElu ZGl2aWR1YWwgQ0EgdjICEAl22IQ7PgXeg0+yzE5sfsYwDQYJKoZIhvcNAQEBBQAEggEAWY92SQ74 qr6bYtY7X57IE+dNFObos8pnRHcL9RGJBa7dZESu0p2SvPOnibGUQZQsUlDmgUSAxkX+mWxnr3qE TztJRu0/lnO2tUdjRSnhzCKudliRxmLzwCIcnLHVqSBlB+hlT2Djb0waOr9ICot4MIivI93vHQii 9/vH75iU13UOsk4MbkAkB9NHjrpfCV4DgIC1Huqr+iw7n2HjffOgO/FM2Wtk4XMVoqJIRmUAy2iQ lK3PMqoogswn3dKwo2Mr92JJtMOWFXJy3l0u5Q3sJ5wHk1D1Lo9VPHeixHEiFBOPTexdAoPACwRK 8hP/t0G9e007pJOviua9E5fEch6+gQAAAAAAAA== ------=_NextPart_000_0021_01D246FD.9BD8E9C0-- From nobody Fri Nov 25 05:47:26 2016 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CABE12A62F for ; Fri, 25 Nov 2016 05:47:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.687 X-Spam-Level: X-Spam-Status: No, score=-5.687 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LQR055F1k7no for ; Fri, 25 Nov 2016 05:47:20 -0800 (PST) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8E5C12A4D2 for ; Fri, 25 Nov 2016 05:24:57 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id EF436615E8; Fri, 25 Nov 2016 08:24:55 -0500 (EST) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id cs5ddEwg9JdK; Fri, 25 Nov 2016 08:24:49 -0500 (EST) Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 8E597607FD; Fri, 25 Nov 2016 08:24:45 -0500 (EST) To: Miika Komu , "hipsec@ietf.org" References: <147997633613.2546.2113430680233289739.idtracker@ietfa.amsl.com> <763b6fc6-f66f-b24f-d168-ab26678d8265@htt-consult.com> <7110ABD9BA66454293AEE83D6D370166170C40FC@ESESSMB301.ericsson.se> From: Robert Moskowitz Message-ID: <3c143277-0d1b-e5ff-a14d-9d65b0423eca@htt-consult.com> Date: Fri, 25 Nov 2016 08:24:37 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <7110ABD9BA66454293AEE83D6D370166170C40FC@ESESSMB301.ericsson.se> Content-Type: multipart/alternative; boundary="------------C0D6176A5E4F8809571A5BC9" Archived-At: Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Nov 2016 13:47:25 -0000 This is a multi-part message in MIME format. --------------C0D6176A5E4F8809571A5BC9 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Miika, It is not clear from reading the draft, that the mobility described is moving to a different NATed network. It just as well only be talking about mobility within the one NATed network. Or I am just a little too tired right now to see it. But I don't think so. Bob On 11/25/2016 01:59 AM, Miika Komu wrote: > > Hi Robert, > > yes, mobility support is specified in the draft. > > *From:*Robert Moskowitz [mailto:rgm@htt-consult.com] > *Sent:* Friday, November 25, 2016 6:33 AM > *To:* Miika Komu ; hipsec@ietf.org > *Subject:* Re: [Hipsec] I-D Action: > draft-ietf-hip-native-nat-traversal-14.txt > > Miika, > > Does this draft cover the use case where the mobile HIP device moves > from one NATed network to another. Consider you are in Starbucks and > move next door to Dunkin Donuts. > > Your device did this augmented BEX exchange in Starbucks. You walk > into DD and your interface decides the signal from SB is too weak, but > it has the saved SSID for DD and switches (Gee I wonder if it could be > the same 1918 address! oh boy.). Would this work as a mobility update > or a new BEX? > > On 11/24/2016 05:37 AM, Miika Komu wrote: > > Hi, > > I read the latest version of the ICE specs. Based on this, I > included more details on ICE processing to the HIP NAT traversal > draft. A quick summary of the changes: > > * Introduced more details from ice-bis draft > * New terminology > * Aligned connectivity check procedure to match with ICE (3-way > check is now 4-way) > * Ta minimum value is now 5 ms (according to ICE bis) > * 4.9 Handoff: first update HIP relay to in order learn new > server reflexive locators > * New sections: > * 4.6.3. Rules for Concluding Connectivity Checks > * 6.6. Amplification attacks (new section) > * 6.7. Attacks against Connectivity Checks and Candidate > Gathering > * Appendix C. Differences to ICE > * Appendix D. Differences to Base Exchange and UPDATE > procedures > * 7. IANA Considerations: added UNSAF considerations (references > ICE) > * updated references (some drafts are now RFCs) > > Feedback is welcome! For people already familiar with HIP, I'd > recommend reading "the diff to normal HIP" in section > https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D > > On 11/24/2016 10:32 AM, internet-drafts@ietf.org > wrote: > > > A New Internet-Draft is available from the on-line > Internet-Drafts directories. > This draft is a work item of the Host Identity Protocol of the > IETF. > > Title : Native NAT Traversal Mode for the > Host Identity Protocol > Authors : Ari Keranen > Jan Melén > Miika Komu > Filename : draft-ietf-hip-native-nat-traversal-14.txt > Pages : 51 > Date : 2016-11-24 > > Abstract: > This document specifies a new Network Address Translator (NAT) > traversal mode for the Host Identity Protocol (HIP). The > new mode is > based on the Interactive Connectivity Establishment (ICE) > methodology > and UDP encapsulation of data and signaling traffic. The main > difference from the previously specified modes is the use > of HIP > messages for all NAT traversal procedures. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ > > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 > > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14 > > > > Please note that it may take a couple of minutes from the time > of submission > until the htmlized version and diff are available at > tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > > > > > > _______________________________________________ > > Hipsec mailing list > > Hipsec@ietf.org > > https://www.ietf.org/mailman/listinfo/hipsec > --------------C0D6176A5E4F8809571A5BC9 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit Miika,

It is not clear from reading the draft, that the mobility described is moving to a different NATed network.  It just as well only be talking about mobility within the one NATed network.

Or I am just a little too tired right now to see it.  But I don't think so.

Bob


On 11/25/2016 01:59 AM, Miika Komu wrote:

Hi Robert,

 

yes, mobility support is specified in the draft.

 

From: Robert Moskowitz [mailto:rgm@htt-consult.com]
Sent: Friday, November 25, 2016 6:33 AM
To: Miika Komu <miika.komu@ericsson.com>; hipsec@ietf.org
Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt

 

Miika,

Does this draft cover the use case where the mobile HIP device moves from one NATed network to another.  Consider you are in Starbucks and move next door to Dunkin Donuts.

Your device did this augmented BEX exchange in Starbucks.  You walk into DD and your interface decides the signal from SB is too weak, but it has the saved SSID for DD and switches (Gee I wonder if it could be the same 1918 address! oh boy.).  Would this work as a mobility update or a new BEX?

On 11/24/2016 05:37 AM, Miika Komu wrote:

Hi,

I read the latest version of the ICE specs. Based on this, I included more details on ICE processing to the HIP NAT traversal draft. A quick summary of the changes:

* Introduced more details from ice-bis draft
  * New terminology
  * Aligned connectivity check procedure to match with ICE (3-way check is now 4-way)
  * Ta minimum value is now 5 ms (according to ICE bis)
  * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators
  * New sections:
     * 4.6.3.  Rules for Concluding Connectivity Checks
     * 6.6.  Amplification attacks (new section)
     * 6.7.  Attacks against Connectivity Checks and Candidate Gathering
     * Appendix C.  Differences to ICE
     * Appendix D.  Differences to Base Exchange and UPDATE procedures
  * 7. IANA Considerations: added UNSAF considerations (references ICE)
* updated references (some drafts are now RFCs)

Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D

On 11/24/2016 10:32 AM, internet-drafts@ietf.org wrote:


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Host Identity Protocol of the IETF.

        Title           : Native NAT Traversal Mode for the Host Identity Protocol
        Authors         : Ari Keranen
                          Jan Melén
                          Miika Komu
    Filename        : draft-ietf-hip-native-nat-traversal-14.txt
    Pages           : 51
    Date            : 2016-11-24

Abstract:
   This document specifies a new Network Address Translator (NAT)
   traversal mode for the Host Identity Protocol (HIP).  The new mode is
   based on the Interactive Connectivity Establishment (ICE) methodology
   and UDP encapsulation of data and signaling traffic.  The main
   difference from the previously specified modes is the use of HIP
   messages for all NAT traversal procedures.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec 





_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec

 


--------------C0D6176A5E4F8809571A5BC9--