HIPRG met on 28 July 2011 at IETF 81 in Quebec City. Tom Henderson chaired the meeting; co-chair Andrei Gurtov was not able to attend. Roughly 35 people attended. 1) Tom Henderson reviewed RG document status. Two documents (HIP DHT Interface and HIP Experiment Report) are in the IRSG review process. Three other RG documents (RFID, Proxies, and HI Revocation) have been recently updated and will be discussed at the meeting. There were two new drafts and six updated drafts targeted towards the RG since the last meeting. Four (public) implementations are known of HIP. Tobias Heer: There is another independent implementation of HIP from a German router vendor, but not public at this time. 2) HIP RFID presentation (Gyu Myoung Lee) -- http://www.ietf.org/id/draft-irtf-hiprg-rfid-03.txt Gyu Myoung Lee presented on behalf of Pascal Urien. Only one review since last meeting; draft reflects these comments. Main new result is to show Android platform development results. Tom Henderson: Planning to write new drafts to cover new topics? Gyu: Need to discuss with Pascal about future plans for any new drafts. Tom: We should use the issue tracker to progress these drafts. This is not traditional HIP and needs careful review. 3) HIP Proxy draft (Zhen Cao) -- http://www.ietf.org/id/draft-irtf-hiprg-proxies-03.txt Correct some typos in draft, integrated content of the draft presented last meeting concerning legacy hosts. Tobias: Slide 5, how can HIP host communicate with another HIP host if proxy intervenes? Zhen: No, DNS will check if other endpoint is HIP-enabled, will not return a record for proxy address. Tobias: So coordination between DNS and HIP proxy. Zhen: Yes. Bob Moskowitz: Last two exchanges on the slide, do you mean these are ESP, keyed by HIP? Technically, those are ESP packets, not HIP packets. Zhen: Yes Bob: Also, DNS is returning name of the host with IP of the proxy. In HIP proxy, that HIT must map to the IP address of the legacy host, right? Zhen: Yes Zhen: Would like to ask if we can go to RG last call? Bob: Agree to take it to last call; this can help with HIP deployment. Tobias: Are there implementations of these approaches? Zhen: Yes. Tom: All of the types and variations, or just some of them? Zhen: Just some of them; DNS interception is implemented. Tom: Proxy draft to RG last call soon, will post some additional comments. 4) HIP and femtocell technology (Suneth Namal) Research presentation focused on securing the backhaul for mobile and micro femtocells based on HIP. Slides have more detail, and there is a research publication. Alex Mayrhofer; Are you saying HIP handset is HIP aware, not just backhaul? Suneth: Yes. Bob: Do you have a paper? Suneth: Have one but not yet uploaded to IEEE. Bob: HIP-enabled phone requirement is non-deployable. Perhaps limiting to 4G, may be doable, but not for 3G networks. Tom: explain last red line, throughput under spoofing? Is it a tool to measure TCP or is it proposing TCP connections are spoofed? Suneth: Can look at throughput behavior under spoofing, can specify where it terminates. 5) Status update on HIP deployment research (Tapio Leva) Sharing some preliminary results on HIP deployment interviews. Looking at reasons (techno/economic) for why HIP has not been widely adopted, and what might be the catalysts for future adoption? Main concern reported has been that (perceived or real) cost exceeds anticipated benefit. Also that HIP is an architectural solution, but not as good as multiple smaller point solutions. Alex Mayrhofer: One reason is that it is hard to grasp with new concepts that need to be introduced to the market. Have been working on ENUM, had similar problem to adoption. No real immediate clear benefit for a user for whom everything works now; we have seen this in ENUM. Kerry Lynn: Have you done work to identify possible adjacencies where benefit would outweigh the costs. e.g. associating USB sticks with an OS. 6) HIP VPLS at Boeing (David Mattes) Discussion of the deployment of a VPLS within Boeing's manufacturing environment and integration to the company PKI and IF-MAP deployments. This was followed by a demonstration using Tofino HIP-based devices from Byres Security. Tobias: Looks similar to one of our projects with the German router vendor. Is there a spec? David: See the HIP VPLS draft. Bob: are you looking at high volume (10 Gb/s and such) data rates? David: not that high Bob: We'll need to look at GCM considerations, video, and SANs. Also, would be worthwhile to bring this presentation to the privacy community in homenets. Bob: Attacker would go attack the IF-MAP server; you've moved the attack point, but maybe that is more manageable. Steve Hanna: Interesting that this presentation came after HIP deployment talk. One point was that killer app needed, but what you are describing is just that situation. Actual PLCs and HMIs don't need upgraded, just these endboxes. Do you think this is unique to Boeing? David: Not unique; endemic to manufacturing and industrial environments. Steve Venema is leading efforts at ISA Fieldbus to incorporate, and has buy in from other manufacturers. Bob: Yes, my automotive background supports this. Ed Beroset: Definitely common scenario. Cases in which conn. to corporate network is unintentional; wires can be moved and bad things can happen without operators even knowing. How small could the implementation be made? David: Can make it small, especially with HIP DEX. Ed: Any characterization of that? David: None known. Kerry: Working on building control (backnet). Convergence of IT and building control infrastructure. Maps well onto that. Ed: Do you think a home network could use this? Bob: 6LowPAN may be relevant; PAN controller may be able to implement this. 7) Review of OpenHIP release (Tom Henderson) OpenHIP made 0.8 release on the day before. Three primary use cases supported: - traditional HIP - HIP mobile router - HIP VPLS as just demonstrated Now supporting OpenWrt. Near-term future work includes relicensing to MIT Expat license. 8) Rechartering discussion (Tom Henderson) Main charter item (HIP Experiment Report) is nearly completed. Need to determine what the research group does next. Criteria for new work: clear and relevant HIP research areas, expected outcomes, is having a RG important to foster work that wouldn't be done otherwise? Lars Eggert: another concern is if the academic work is going away and not funded well. HIP may also be in the same camp. We need to find the topics to get new energy and people to come to the RG, or it may be fine to say that we do not see a need to continue forward. Bob: In past 3 days, importance of HITs has been raised several ways; Sean Turner has taken responsibility in Security area to progress ORCHIDs. HIT use may be implemented in IKEv2, TLS, and other areas. Lars: Yes, but that is IETF work. Are you saying that we need to do work in the RG, and if so, what is that work? Bob: Need to resolve the importance and values of hierarchies. Does it stay research or is it so current in discussions? I think it goes to IETF though. Kerry: Internet of Things could go on topics list. Tom: Has been proposal for separate RG on IoT; not sure where this stands. Lars: Two groups have been noodling around on this, but no concrete proposal yet. Gyu: Have discussed in this group before. Our conclusion was that this topic could be considered as new group instead of HIPRG. Would like to consider object identity protocol, however. Lars: Let's keep discussion on whether there is need for HIPRG, not for other RGs. What is the work for this group, and why here vs. the IETF WG? What are the researchy aspects, or is it all just early-stage IETF work. Alex: Regarding IoT, talk to CORE WG chairs. Problem for HIP is that they are fighting for every bit on wire and CPU cycle. Tobias: On middlebox support, starting it in RG is important because HIP leaves some open issues. Also, for last 6 meetings, RG was fairly booked; don't see shortage of people to contribute. Lars: No shortage of presentation slots, but don't want to turn into presentation-only forum. Haven't followed middlebox, but why a RG item? Tom: Yes, need to identify the research issues to collaborate on. Lars: Sizeable, diverse group of participants, that regularly meet and make progress on research problems of importance to the Internet... Tobias: Middleboxes excluded from WG initially. Bob: HIP RG was first one founded based on having technology and needing to research on how to implement the technology, not on finding the technology itself. Tom: Need to work this over the next meeting cycle or two. Lars: Yes, no hasty decision, but we are starting the clock on this. In absence of significant activity, we'll close the RG and declare success. Maybe we need joint meeting with the WG as well. Tobias: Middleboxes are quite researchy, they are application specific scenarios. I can understand why the WG does not work on this. Dacheng Zhang: Colleagues have described some work in China to work on experimental networks with Hierarchical HIT; I think there is enough interest on this. Bob: Yes, we need to decide on bit alignment, and this will go on in IETF (Sean and Tero Kivinen). ---------- Jani Pellikka: I would like to announce HIP DEX implementation, IPv4 and IPv6. Not yet public, but probably in next meeting, we will present some results. (meeting adjourned)