[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Hipsec] Building the first list of to Standards changes

To: Andrew McGregor <andrew at indranet.co.nz>
Subject: Re: [Hipsec] Building the first list of to Standards changes
From: Robert Moskowitz <rgm at htt-consult.com>
Date: Fri, 31 Jul 2009 11:33:53 +0200
Cc: hipsec at ietf.org
Delivered-to: hipsec at core3.amsl.com
In-reply-to: <8F346BB1-D5EF-419F-AED7-A0DE8DFEECE0 at indranet.co.nz>
List-archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-help: <mailto:hipsec-request@ietf.org?subject=help>
List-id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-post: <mailto:hipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
References: <4A72AF52.90603 at htt-consult.com>
References: <8F346BB1-D5EF-419F-AED7-A0DE8DFEECE0 at indranet.co.nz>
User-agent: Thunderbird 2.0.0.22 (X11/20090625)

Andrew McGregor wrote:

Whole lot of responses inline...

On 31/07/2009, at 10:46 AM, Robert Moskowitz wrote:
OK we have met and agreed to go out and succeed.
In light of that, lets get our work items in order and someone set upthe tracking of who is working on what and what it is its status.
Crypto Agility
Add HI PK algorithms
We use DNS formats for these, and so far the only RFCs published areRSA and DSA. There is a draft for ECC, there may be others. Codepoints are allocated by standards action. So this cannot progressuntil the DNS formats do.
Add HI hashes
5201 defines the RHASH which is used for all hash operations in theprotocol to be the same as the hash used for ORCHIDS, see below.

I would also want CBC-MAC, as hardware that implements CCM has CBC-MAC.There is lots of wireless hardware that implements CCM...


And there are those that will expect SHA-256.

Add ESP cipher suites


Straightforward, do you have a list of candidates?

CCM, as this is in wireless hardware. GCM as this is in highspeed wiredhardware. Or those are the claims...

HIT and LSI formats
Standardize on ORCHIDs
Context per HI Hash?
Yes, RFC 4843 specifies that we use CGA Extension Type Tags registeredby IANA for contexts, and 5201 specifies that it be one per hash. Theonly value allocated for hip is bound to SHA-1 by 5201. We canallocate more.


Exactly.

IP address range for LSIs
The v6 ORCHID range is currently reserved until 2014, this may bechanged by standards action. v4 needs thought and either standards orIANA action.


127.n.0.0/16 And what is n? Let IANA tell us or recommend something? e.g. 64

Multiple HIs per host
Multiple HITs per HI
I think these can be done already. Current implementations may notsupport multiple HIs per host, but I see no reason in the protocol whythis can not be done. Multiple HITs per HI can happen given that hashagility is per context; therefore the ORCHIDS corresponding todifferent hashes are astronomically unlikely to collide. Local policydictates if any particular HIT is acceptable.
However, the IESG note at the beginning of 5201 has this to say:

This document doesn't currently define support for parameterized
(randomized) hashing in signatures, support for negotiation of a key
derivation function, or support for combined encryption modes.
The first point will require a lot of thought, although the packetformats should be straightforward.

OK. This is an important one I left off. Would the hash used for makingthe HIT be the hash used in the HIP sigs? Or is this YAP to add tothings like HIP options and DNS RR?

The second point could be covered by redefining the DIFFIE_HELLMANgroup id parameter to be an (algorithm, group) suite ID... this wouldeven be backward compatible by reusing the existing values with thesame processing definition. The third is merely more suite-ids forthose modes.

So would we have a list of key derivations and this is just one moreparameter?

ESP operation with HIP
Explain Binding Transport Mode End to End without creating a new ESPmode
This amounts to a wording change in 5202, all the text is alreadythere. BEET is a recommended implementation detail for 5202 ESPprocessing and does not change the wire format or semantics, so thereshould be no problem here.
AH operation with HIP

Compressing Transport checksums
New HIP option?
I'm not sure what you're suggesting. Compressing suites could bedefined for ESP. Or are you suggesting compressing the HIP packetsthemselves?

If you are going to allow for removal of the TCP and UDP checksums, bothparties would need to agree they are going to do this.

HIP registries (DNS, DHT, LDAP, etc.)
What information is stored in each
For DNS
HIs, HITs, HI hashes, lifetime via TTL
ESP ciphers?
RR from IANA
I suggest updating 5205 along the lines ofdraft-ponomarev-hip-dns-locators and draft-ponomarev-hip-hit2ip. Thiswill require some DNS expert attention to get the details right. Ithink that's sufficient for DNS.
The Boeing SMA implementation in OpenHIP has an LDAP schema, I havenot looked at the detail.
OK. This is a start. Others should add/expand, and someone needs tobe the 'owner' of the list.


--


The Greatest Oak

Was once a little Nut

That held its ground.

Follow-Ups:
- Re: [Hipsec] Building the first list of to Standards changes
  - From: Andrew McGregor

References:
- [Hipsec] Building the first list of to Standards changes
  - From: Robert Moskowitz

Prev by Date: [Hipsec] Building the first list of to Standards changes
Next by Date: [Hipsec] Draft meeting minutes
Previous by thread: [Hipsec] Building the first list of to Standards changes
Next by thread: Re: [Hipsec] Building the first list of to Standards changes
Index(es):
- Date
- Thread