[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AD review of draft-ietf-shim6-proto -- sections 6 through 7.17

To: Jari Arkko <jari.arkko@piuha.net>
Subject: Re: AD review of draft-ietf-shim6-proto -- sections 6 through 7.17
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Sun, 16 Sep 2007 17:40:46 +0200
Cc: draft-ietf-shim6-proto@tools.ietf.org, shim6 <shim6@psg.com>, "W. Mark Townsley" <townsley@cisco.com>
In-reply-to: <46E7FEE7.3080700@piuha.net>
References: <46E7FEE7.3080700@piuha.net>

Hi Jari,


El 12/09/2007, a las 16:59, Jari Arkko escribió:


Continuing with the review:

Substantial:

o For each peer locator, a flag whether it has been verifiedusing
      HBA or CGA, and a bit whether the locator has been probed to
      verify that the ULID is present at that location.


Is there a need to remember *when* such probing has last
happened? If not, why not?


My view on this one is:

There are two perspectives for this test: the security perspectiveand the reachability perspective.

This document only deals with the security perspective, while thereachability perspective is detailed in the failure detectiondocument. For the reachability perspective, this info and other infomay be needed, but this is not covered by this document, since thefailure detection document describes this part in detail.

From the security perspective, this is covered in this document, andi don't think the time information is needed. I mean, if the test hasbeen successful once, then you have a sufficient protection againstflooding attacks imho (we do not need to protect against time shiftedflooding attacks imho)Please note that section 7.2. locator verification reccommends thatthe reachability verification is performed just before the locator isto be used, which seems to me the appropriate time to do this.


So, to proceed i would ask:

do you think we need to include additional information that is usedfor reachability status or is it ok that this is not covered by thisdocument and covered by the failure detection document?do you agree that the proper level of security is achieved withoutkeeping track about when the test was performed or do you think thisinfo is needed?

   o  The preferred peer locator - used as destination; Lp(peer)


First, this sentence was hard to parse. Second, preferred != the
one we are using as a destination. Please explain or
modify. Did you mean the current locator that we are using?


yes, the preferred peer locator is the one we are using as destination

The failure-detection draft uses the term "current address
pair", so it would be good to align with that.


ok, i have changed it to current peer locator

and i have rephrased it to make it clearer as:

o The current peer locator, is the locator used as destinationaddress when sending packets; Lp(peer)


similarly to the source one:

o The current local locator, is the locator used as sourceaddress when sending packets; Lp(local)



regards, marcelo

I'm reading
on...

   o  The preferred local locator - used as source; Lp(local)


As above.

Jari

References:
- AD review of draft-ietf-shim6-proto -- sections 6 through 7.17
  - From: Jari Arkko <jari.arkko@piuha.net>

Prev by Date: Re: AD review of draft-ietf-shim6-proto -- section 5
Next by Date: Re: AD review of draft-ietf-shim6-proto -- section 5
Previous by thread: AD review of draft-ietf-shim6-proto -- sections 6 through 7.17
Next by thread: AD review of draft-ietf-shim6-proto -- sections 7.18 through 14
Index(es):
- Date
- Thread