side-channel attack with I1 through firewall

From question #194991:

Changyou: the HIP standard specifies that the I1 packet should be minimal (i.e., no additional parameters). The hipfw checks for this minimality in order to prevent an I1-based side channel for unauthorized payload data.
From your description, it seems that the RVS functionality adds additional parameters to the I1 packet, which is in conflict with the requirement of minimality.

Rene: The HIP standard specifies that the I1 packet should be minimal (i.e., no additional parameters). The hipfw checks for this minimality in order to prevent an I1-based side channel for unauthorized payload data.

Miika: The mentioned patch also conflicts with RFC 5770 relay extensions (in addition to HIPv2 and RVS). Btw, the RVS part is especially tricky to fix by checking extra parameters because it has to work both when the firewall is between initiator and RVS and also between RVS and responder.

The reasoning for the security issue is also unclear. I assume that the attack scenarios is two malign hosts trying to communicate through a firewall that have somehow learned the HITs of two other hosts that can communicate through the firewall. The question then is that if they learned the HITs through snooping of the traffic, then they can also replay a valid base exchange that bypasses the proposed security measure. Also, it should be noted that in a real scenario one of the hosts has probably infiltrated the (physical) security measures to get access to the LAN.

The patch breaks working code for the sake of not-so-well argument security scenario, so I am going to suggest removing the offending code and opening discussion on a separate bug report or mailing list.