Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt
Miika, It is not clear from reading the draft, that the mobility described is moving to a different NATed network. It just as well only be talking about mobility within the one NATed network. Or I am just a little too tired right now to see it. But I don't think so. Bob On 11/25/2016 01:59 AM, Miika Komu wrote: Hi Robert, yes, mobility support is specified in the draft. *From:*Robert Moskowitz [mailto:r...@htt-consult.com] *Sent:* Friday, November 25, 2016 6:33 AM *To:* Miika Komu <miika.k...@ericsson.com>; hipsec@ietf.org *Subject:* Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt Miika, Does this draft cover the use case where the mobile HIP device moves from one NATed network to another. Consider you are in Starbucks and move next door to Dunkin Donuts. Your device did this augmented BEX exchange in Starbucks. You walk into DD and your interface decides the signal from SB is too weak, but it has the saved SSID for DD and switches (Gee I wonder if it could be the same 1918 address! oh boy.). Would this work as a mobility update or a new BEX? On 11/24/2016 05:37 AM, Miika Komu wrote: Hi, I read the latest version of the ICE specs. Based on this, I included more details on ICE processing to the HIP NAT traversal draft. A quick summary of the changes: * Introduced more details from ice-bis draft * New terminology * Aligned connectivity check procedure to match with ICE (3-way check is now 4-way) * Ta minimum value is now 5 ms (according to ICE bis) * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators * New sections: * 4.6.3. Rules for Concluding Connectivity Checks * 6.6. Amplification attacks (new section) * 6.7. Attacks against Connectivity Checks and Candidate Gathering * Appendix C. Differences to ICE * Appendix D. Differences to Base Exchange and UPDATE procedures * 7. IANA Considerations: added UNSAF considerations (references ICE) * updated references (some drafts are now RFCs) Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D On 11/24/2016 10:32 AM, internet-dra...@ietf.org <mailto:internet-dra...@ietf.org> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename: draft-ietf-hip-native-nat-traversal-14.txt Pages : 51 Date: 2016-11-24 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org <mailto:Hipsec@ietf.org> https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org <mailto:Hipsec@ietf.org> https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt
Hi Robert, yes, mobility support is specified in the draft. From: Robert Moskowitz [mailto:r...@htt-consult.com] Sent: Friday, November 25, 2016 6:33 AM To: Miika Komu <miika.k...@ericsson.com>; hipsec@ietf.org Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt Miika, Does this draft cover the use case where the mobile HIP device moves from one NATed network to another. Consider you are in Starbucks and move next door to Dunkin Donuts. Your device did this augmented BEX exchange in Starbucks. You walk into DD and your interface decides the signal from SB is too weak, but it has the saved SSID for DD and switches (Gee I wonder if it could be the same 1918 address! oh boy.). Would this work as a mobility update or a new BEX? On 11/24/2016 05:37 AM, Miika Komu wrote: Hi, I read the latest version of the ICE specs. Based on this, I included more details on ICE processing to the HIP NAT traversal draft. A quick summary of the changes: * Introduced more details from ice-bis draft * New terminology * Aligned connectivity check procedure to match with ICE (3-way check is now 4-way) * Ta minimum value is now 5 ms (according to ICE bis) * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators * New sections: * 4.6.3. Rules for Concluding Connectivity Checks * 6.6. Amplification attacks (new section) * 6.7. Attacks against Connectivity Checks and Candidate Gathering * Appendix C. Differences to ICE * Appendix D. Differences to Base Exchange and UPDATE procedures * 7. IANA Considerations: added UNSAF considerations (references ICE) * updated references (some drafts are now RFCs) Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix- D On 11/24/2016 10:32 AM, internet-dra...@ietf.org <mailto:internet-dra...@ietf.org> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename: draft-ietf-hip-native-nat-traversal-14.txt Pages : 51 Date: 2016-11-24 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org <mailto:Hipsec@ietf.org> https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org <mailto:Hipsec@ietf.org> https://www.ietf.org/mailman/listinfo/hipsec smime.p7s Description: S/MIME cryptographic signature ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt
Miika, Does this draft cover the use case where the mobile HIP device moves from one NATed network to another. Consider you are in Starbucks and move next door to Dunkin Donuts. Your device did this augmented BEX exchange in Starbucks. You walk into DD and your interface decides the signal from SB is too weak, but it has the saved SSID for DD and switches (Gee I wonder if it could be the same 1918 address! oh boy.). Would this work as a mobility update or a new BEX? On 11/24/2016 05:37 AM, Miika Komu wrote: Hi, I read the latest version of the ICE specs. Based on this, I included more details on ICE processing to the HIP NAT traversal draft. A quick summary of the changes: * Introduced more details from ice-bis draft * New terminology * Aligned connectivity check procedure to match with ICE (3-way check is now 4-way) * Ta minimum value is now 5 ms (according to ICE bis) * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators * New sections: * 4.6.3. Rules for Concluding Connectivity Checks * 6.6. Amplification attacks (new section) * 6.7. Attacks against Connectivity Checks and Candidate Gathering * Appendix C. Differences to ICE * Appendix D. Differences to Base Exchange and UPDATE procedures * 7. IANA Considerations: added UNSAF considerations (references ICE) * updated references (some drafts are now RFCs) Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D On 11/24/2016 10:32 AM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename: draft-ietf-hip-native-nat-traversal-14.txt Pages : 51 Date: 2016-11-24 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt
What is 'co called' in this text: o In ICE, the conflict when two communicating end-points take the same controlling role is solved using random values (co called tie-breaker value). In this protocol, the conflict is solved by the standard HIP base exchange procedure, where the host with the "larger" HIT switches to Responder role, thus changing also to controlled role. Should it be 'so called'? I will continue reading... Bob On 11/24/2016 05:37 AM, Miika Komu wrote: Hi, I read the latest version of the ICE specs. Based on this, I included more details on ICE processing to the HIP NAT traversal draft. A quick summary of the changes: * Introduced more details from ice-bis draft * New terminology * Aligned connectivity check procedure to match with ICE (3-way check is now 4-way) * Ta minimum value is now 5 ms (according to ICE bis) * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators * New sections: * 4.6.3. Rules for Concluding Connectivity Checks * 6.6. Amplification attacks (new section) * 6.7. Attacks against Connectivity Checks and Candidate Gathering * Appendix C. Differences to ICE * Appendix D. Differences to Base Exchange and UPDATE procedures * 7. IANA Considerations: added UNSAF considerations (references ICE) * updated references (some drafts are now RFCs) Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D On 11/24/2016 10:32 AM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename: draft-ietf-hip-native-nat-traversal-14.txt Pages : 51 Date: 2016-11-24 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-14.txt
Hi, I read the latest version of the ICE specs. Based on this, I included more details on ICE processing to the HIP NAT traversal draft. A quick summary of the changes: * Introduced more details from ice-bis draft * New terminology * Aligned connectivity check procedure to match with ICE (3-way check is now 4-way) * Ta minimum value is now 5 ms (according to ICE bis) * 4.9 Handoff: first update HIP relay to in order learn new server reflexive locators * New sections: * 4.6.3. Rules for Concluding Connectivity Checks * 6.6. Amplification attacks (new section) * 6.7. Attacks against Connectivity Checks and Candidate Gathering * Appendix C. Differences to ICE * Appendix D. Differences to Base Exchange and UPDATE procedures * 7. IANA Considerations: added UNSAF considerations (references ICE) * updated references (some drafts are now RFCs) Feedback is welcome! For people already familiar with HIP, I'd recommend reading "the diff to normal HIP" in section https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14#appendix-D On 11/24/2016 10:32 AM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan Melén Miika Komu Filename: draft-ietf-hip-native-nat-traversal-14.txt Pages : 51 Date: 2016-11-24 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec smime.p7s Description: S/MIME Cryptographic Signature ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec