On 02/23/2018 03:23 AM, Qin Wu wrote:
Reviewer: Qin Wu
Review result: Ready
Summary:
This document defines the Host Identity Protocol Diet EXchange (HIP
DEX) protocol for constrained devices. The draft is well written. I believe
it is ready for publication.
Major issue: None
Minor issue: Editorial
1.It is not clear how fine-grained policy control defined in IKEv2 is different
from policy control defined in HIP DEX protocol?
There is a long-standing difference in HIP to IKE policy. I am
"shooting from the hip" a bit here, as it has been years since having
this sort of discussion. For starters, HIP does not have policyu bound
to an interface IP address. Then there is the nature of parameters in
HIP DEX like the size of the cookie puzzle and how in some IOT cases,
this can actually be used as an attack so policy may be used to manage
this. Much is left to the implementer, it is true.
In the draft, local policies
are mentioned many times, however it is not clear what local policy for HIP DEX
Protocol looks like?
To this I have to defer to Rene, who has implemented DEX...
Is it possbile to carry policy control parameters(e.g.,
ACL parameter) in the HIP DEX protocol message?
HIP has avoided negotiating policies, and thus carrying them in
messages. I am working some drafts that does provide for limited policy
control parameters.
Would it be great to provide
example to clarify this. 2. Is Nonce I same as radom value #I? 3. Is puzzle
difficulty K same as #K used in the HIP R1 described in section 7? 4. Is puzzle
difficulty K same as low-order #K bits of the RHASH? If the answer is yes,
please make the term and symbol used in the draft consistent.
Good catch on this. I will check this over.
Bob
