Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-20.txt
Hi, so in addition to Christer's comments... https://mailarchive.ietf.org/arch/msg/hipsec/iPSdqgR6e2lK7LZqUfCBnkLxZn8 https://mailarchive.ietf.org/arch/msg/hipsec/LLsY1BqJdmc5foSk9QhYzUWRDvE ...I took the liberty of improving the draft editorially while reviewing it (+ one paragraph was removed): 1. Introduction * Added a note that legacy ICE-HIP refers to HIPv1 and this is one refers HIPv2 explicitly 2. Terminology: * HIP connectivity checks, Controlling host, Controlled host (minor editorial improvements) 3. Overview: * Data Relay Server is not mandatory * What the Data Relay Server actually does (translates source address) * Strictly speaking only Responder requires the Data Relay Server 4.2. Transport Address Candidate Gathering at the Relay Client * CANDIDATE_DISCOVERY parameter requires multihoming capabilities which is out of scope, so I removed it 4.5. Base Exchange via Control Relay Server * "It is RECOMMENDED to use the same Control Relay Server throughout the lifetime of the host association that was used for forwarding the base exchange if the Responder includes it in the locator parameter of the R2 message." 4.6.1. Connectivity Check Procedure * Added this section: "It should be noted that in the case both Initiator and Responder both advertising their own relayed address candidates [..]" to clarify what happens in this case of both ends advertise their own TURN servers and that asymmetric paths are possible 4.12.3. Handling Conflicting SPI Values * Editorial fixes to make the two cases more understandable If you want to see the diff in detail, please check from here: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-20 On 04/25/2017 02:47 PM, Miika Komu wrote: Hi, this version addresses Christer's earliers comments and fixes some other issues I discovered while reviewing the draft. I'll send a summary of the comments a bit later. On 04/25/2017 02:05 PM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename: draft-ietf-hip-native-nat-traversal-20.txt Pages : 56 Date: 2017-04-25 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-20 https://datatracker.ietf.org/doc/html/draft-ietf-hip-native-nat-traversal-20 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-20 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-19.txt
Hi, I have commented out the section numbers. On 03/28/2017 07:16 PM, Christer Holmberg wrote: Hi, Another comment: The draft references specific sections in draft-ice-5245bis. Note that there is some ongoing re-structuring of 5245bis, which means the section numbers may change. Regards, Christer -Original Message- From: Hipsec [mailto:hipsec-boun...@ietf.org] On Behalf Of Miika Komu Sent: 27 March 2017 10:41 To: hipsec@ietf.org Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-19.txt Hi, the preliminary version is now published as it is (except I had to change publication the date). The suggestions from Christer are not yet here and will require some time to be fixed. On 03/27/2017 10:37 AM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename: draft-ietf-hip-native-nat-traversal-19.txt Pages : 53 Date: 2017-03-27 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-19 https://datatracker.ietf.org/doc/html/draft-ietf-hip-native-nat-traver sal-19 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal- 19 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
Re: [Hipsec] Comments on draft-hip-native-nat-traversal-19
Hi Christer, On 03/26/2017 02:34 AM, Christer Holmberg wrote: Hi, As co-author for the ICEbis draft, I was asked to review draft-hip-native-nat-traversal-19. I have not had time to review the whole document. However, many of my comments are generic, and apply to the whole document. thanks for the feedback! Your (editorial) comments should be addressed in this version: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-20 The diff is here: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-20 I have no knowledge of HIP, so I will not comment on HIP issues like messages, parameters etc used. If one implements this, some digging into the HIP documents is needed. From a design perspective, the document should be readable as it is (I hope). General: === QG0: Throughout the document, you use RFC 2119 terminology (SHOULD, MUST etc with capital letters) when you refer to procedures and rules defined elsewhere. I think that is wrong, and it also makes it very difficult what exactly is defined in this document, and what is defined in some other specification. I am keeping the SHOULD/MUST/etc for HIP documents (since this is an extension of HIP) but ICE references are now with small letters (there actually weren't too many). QG1: You say that the mechanism in the draft is based on ICE. I think it would be good to give a name to the mechanism. "HIP-ICE", or something similar. Done: ICE: Interactive Connectivity Establishment (ICE) protocol as specified in [I-D.ietf-ice-rfc5245bis] Legacy ICE-HIP: Refers to the "Basic Host Identity Protocol (HIP) Extensions for Traversal of Network Address Translators" as specified in [RFC5770]. The protocol specified in this document offers an alternative to Legacy ICE-HIP. Native ICE-HIP: The protocol specified in this document (Native NAT Traversal Mode for HIP). QG2: I would also like to have a dedicated section which on a high-level describes the differences/restrictions between legacy ICE and HIP-ICE. It helps very much when later reading the details in section 4. That section should at least list the different types of functions (HIP relays etc) are used for gathering candidates, what protocol (HIP messages) is used instead of STUN, what types of candidates are used and how they are retrieved. The ICE comparison has been already in the previous version in Appendix B ("Differences with respect to ICE") and now the intro also references this section ("Appendix B explains the differences to ICE."). I think it's not good to start the document with a diff to ICE. We have to assume that the reader is familiar with HIP since this is an extension to it. It would also be good to give a short overview of the HIP messages used for the connectivity checks. It is very useful when later reading the details. The intro now includes a really short intro to HIP, but I don't think we should introduce the messaging formats here again. This is an extension to HIP, so some familiarity with HIP is required. (Btw, the ICE specification does not describe STUN/TURN messaging formats either, so the situation is the same for that document) QG3: You should use consistent terminology when you talk about endpoints and relays. Sometimes the text says "host", sometimes "HIP relay server client", sometimes "relay client", sometimes "end-host". Sometimes you say "HIP relay", sometimes "HIP server relay", etc. Sometimes you say "non-relay host", which suggests that the relay is also a host. the document has over 300 occurrences of host, could you be a bit more specific where this is a problem? "End-host" means "non-relay host", and yes, a relay is a host too. I agree the client/server relay terminology was a bit sloppily used. In general, I think the terms were a bit asymmetrical: * HIP vs. data relay, why not just "control" and "data" * HIP relay vs HIP relay client (why not HIP relay *server*) So I came up with a better relay terminology that is now applied consistently throughout the document: Control Relay Client: A requester host that registers to a Control Relay Server requesting it to forward control-plane traffic (i.e. HIP control messages). In the Legacy ICE-HIP specification, this is denoted as "HIP Relay Client". Data Relay Server: A registrar host that forwards HIP related data plane packets, such as Encapsulating Security Payload (ESP) [RFC7402], between two hosts. This host implements similar functionality as TURN servers. Data Relay Client: A requester host that registers to a Data Relay Server requesting it to forward data-plane traffic (e.g. ESP traffic). Section 3: Q30: The text says: "The hosts may use HIP relay servers (or even STUN or TURN servers) for gathering the candidates." This is confusing, as you have earlier said that HIP-ICE doesn't
Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-20.txt
Hi, this version addresses Christer's earliers comments and fixes some other issues I discovered while reviewing the draft. I'll send a summary of the comments a bit later. On 04/25/2017 02:05 PM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename: draft-ietf-hip-native-nat-traversal-20.txt Pages : 56 Date: 2017-04-25 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-20 https://datatracker.ietf.org/doc/html/draft-ietf-hip-native-nat-traversal-20 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-20 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
[Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-20.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename: draft-ietf-hip-native-nat-traversal-20.txt Pages : 56 Date: 2017-04-25 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-20 https://datatracker.ietf.org/doc/html/draft-ietf-hip-native-nat-traversal-20 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-20 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec