[Top] [All Lists]

Operations Directorate Review of draft-ietf-hip-hiccups-02

2010-06-09 06:56:00

I reviewed the document draft-ietf-hip-hiccups-02.txt in general
and for its operational impact.
Operations directorate reviews are solicited primarily to help the area
directors improve their efficiency, particularly when preparing for IESG
telechats, and allowing them to focus on documents requiring their attention
and spend less time on the trouble-free ones.

Improving the documents is important, but clearly a secondary purpose.
A third purpose is to broaden the OpsDir reviewers' exposure to work going
on in other parts of the IETF.
Reviews from OpsDir members do not in and of themselves cause the IESG to
raise issue with a document. The reviews may, however, convince individual
IESG members to raise concern over a particular document requiring further
discussion. The reviews, particularly those conducted in last call and
earlier, may also help the document editors improve their documents.
Review Summary: 
Intended status:  Experimental
   This document defines a new HIP (Host Identity Protocol) packet type
   called DATA.  HIP DATA packets are used to securely and reliably
   convey arbitrary protocol messages over the Internet and various
   overlay networks, without running the HIP base exchange beforehand.
   This results in the HIP DATA packet requiring less overhead but
   without the DoS protection afforded by the base exchange.
Is the document readable?

Does it contain nits?
idnits 2.12.04 


  Checking boilerplate required by RFC 5378 and the IETF Trust (see

  == You're using the IETF Trust Provisions' Section 6.b License Notice from
     12 Sep 2009 rather than the newer Notice from 28 Dec 2009.  (See

  Checking nits according to

     No issues found here.

  Checking nits according to :

     No issues found here.

  Miscellaneous warnings:

  -- The document date (March 4, 2010) is 97 days in the past.  Is this

  Checking references for intended status: Experimental

     No issues found here.

     Summary: 0 errors (**), 1 warning (==), 1 comment (--).

Is the document class appropriate?


Is the problem well stated?

Section 6 describes the rationale for use of the HIP DATA packet:

   HIP currently requires always that the four-message base exchange is
   executed at the first encounter of hosts that have not communicated
   before.  This may add additional RTTs (Round Trip Time) to protocols
   based on a single message exchange.  However, the four-message
   exchange is essential to preserve the half-stateless DoS protection
   nature of the base exchange.  The use of the HIP DATA packet defined
   in this document reduces the initial overhead in the communications
   between two hosts at the expense of decreasing DoS protection.
   Therefore, applications SHOULD NOT use HIP DATA packets in
   environments where DoS attacks are believed to be an issue.  For
   example, a HIP-based overlay may have policies in place to control
   which nodes can join the overlay.  Any particular node in the overlay
   may want to accept HIP DATA packets from other nodes in the overlay
   given that those other were authorized to join the overlay.  However,
   the same node may not want to accept HIP DATA packets from random
   nodes that are not part of the overlay.

   The type of data to be sent is also relevant to whether the use of a
   HIP DATA packet is appropriate.  HIP itself does not support
   fragmentation but relies on underlying IP-layer fragmentation.  This
   may lead to reliability problems in the case where a message cannot
   be easily split over multiple HIP messages.  Therefore, applications
   in environments where fragmentation could be an issue SHOULD NOT
   generate too large HIP DATA packets that may lead to fragmentation.
   The implementation SHOULD check the MTU of the link before sending
   the packet and if the packet size is larger than MTU it SHOULD signal
   to the upper-layer protocol if the packet results in to a ICMP error
   message.  Note that there are environments where fragmentation is not
   an issue.  For example, in some HIP-based overlays, nodes can
   exchange HIP DATA packets on top of TCP connections that provide
   transport-level fragmentation and, thus, avoid IP-level

Is the problem really a problem?

Yes.  In situations where a host will be intiating transactions with 
hosts it has not communicated with before on a frequent basis, the
existing HIP base exchange will have unacceptable overhead.  

Is the solution really a solution?
No.  We know from experience that the kind of use restrictions referred
to above are difficult to maintain in practice, because it is difficult
to determine the situations in which a DoS attack will not be an issue. 
For example, even though HIP DATA might be designed to be used in a
closed network not connected to the Internet, something unexpected
could happen (e.g. one or more hosts become infected, the "closed"
network gets connected unexpectedly, etc.). 

Also with respect to MTU/fragmentation issues, a request might not
cause fragmentation, but a response might.  The classic case 
is a DNS response carrying DNSSEC information.  In such a situation,
it seems that the HIP DATA packet could cause failures that would
be difficult to diagnose.  

Does the document consider existing solutions?

Yes.  The document has analyzed the issues with the HIP base exchange. 
Does the solution break existing technology?
Possibly.  As noted above, it seems possible that HIP DATA will not
work reliably in some situations. 

Also, implementations which rely on the HIP DATA packet for essential
functionality will not interoperate with existing implementations which
rely on the HIP base exchange.  To prevent this, it's necessary for the
document to state that an implementation must use the HIP base exchange
in situations where the other peer doesn't support HIP DATA.  
Does the solution preclude future activity?

In theory, no.  However, in practice, I'm concerned that the HIP DATA
packet will be extensively used in situations not envisaged by this
specification, and this will complicate future standardization efforts. 
Is the solution sufficiently configurable?

Possibly not. The document doesn't describe how an implementation would 
determine what traffic will be sent using HIP DATA packets.  For example,
I might expect a filter model to be used, similar to that in use for
Can performance be measured? How?

Yes.  For example, the latency of a HIP DATA exchange can be compared against 
the HIP base exchange based on packet traces. 
Does the solution scale well?
Yes.  The HIP DATA packet is designed to perform well in situations 
where the HIP base exchange would have unacceptable overhead.   
Is Security Management discussed? 

Yes.  Section 6 describes the tradeoffs in usage of the HIP DATA

Date: Thu, 3 Jun 2010 10:03:43 +0800
From: tena(_at_)huawei(_dot_)com
Subject: Operations Directorate Review of draft-ietf-hip-hiccups-02 by 
To: bernard_aboba(_at_)hotmail(_dot_)com
CC: rbonica(_at_)juniper(_dot_)net; dromasca(_at_)avaya(_dot_)com

As a member of the Operations Directorate you 
are being asked to review
the following draft which is in IETF last call 
for it's operational impact.

IETF Last Call:
The file can be 
obtained via

discussion can be tracked via

Please provide comments and review to the Ops-dir mailing 
(ops-dir(_at_)ietf(_dot_)org) before 2010-06-11, and include the 
authors of the
draft as well.

For a list of questions to be answered in an OPS-DIR 
review see Appendix A
in RFC 5706. Note that not all questions may apply to 
all documents, and
some other items may be identified by the OPS-DIR 

The status of Operations Directorate Review could be 

You could update the wiki page when you finish the 

Thank you,

Ietf mailing list
<Prev in Thread] Current Thread [Next in Thread>
  • Operations Directorate Review of draft-ietf-hip-hiccups-02, Bernard Aboba <=