[Hipsec] HIT Suites and algorithms used in RFC5201-bis

Tobias Heer <heer@cs.rwth-aachen.de> Thu, 09 December 2010 11:05 UTC

Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F4B23A6AE1 for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 03:05:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zk848+WpVn5U for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 03:05:28 -0800 (PST)
Received: from mta-2.ms.rz.rwth-aachen.de (mta-2.ms.rz.RWTH-Aachen.DE [134.130.7.73]) by core3.amsl.com (Postfix) with ESMTP id 9C23E3A6AE0 for <hipsec@ietf.org>; Thu, 9 Dec 2010 03:05:24 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0LD500HVCP0TNNF0@mta-2.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Thu, 09 Dec 2010 11:26:53 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.59,319,1288566000"; d="scan'208";a="84654949"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Thu, 09 Dec 2010 11:26:48 +0100
Received: from umic-i4-137-226-45-197.nn.rwth-aachen.de ([unknown] [137.226.45.197]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0LD500ILZP0OR440@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Thu, 09 Dec 2010 11:26:48 +0100 (CET)
From: Tobias Heer <heer@cs.rwth-aachen.de>
Date: Thu, 09 Dec 2010 11:26:53 +0100
Message-id: <42082FED-C009-4C35-813A-F55165A419BE@cs.rwth-aachen.de>
To: hipsec@ietf.org
X-Mailer: Apple Mail (2.1082)
Subject: [Hipsec] HIT Suites and algorithms used in RFC5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 11:05:29 -0000

Hello,

we have consolidated the set of algorithms to be used in RFC5201 and would like
to present it to the list and ask for feedback.

We have three HIT Suites.  The HIT Suites define the algorithms that are used
for generating a HIT/Orchid.  It also defines which HMAC flavor will be used in
HIP control packets.


     HIT Suite              ID
     RESERVED                0
     RSA,DSA/SHA-1           1    (REQUIRED)
     ECDSA/SHA-384           2    (RECOMMENDED)
     ECDSA_LOW/SHA-1         3    (RECOMMENDED)

RSA,DSA/SHA-1 represent the class of HITs we have today with HIP version 1.  All
contained Algorithms (RSA and DSA) must be supported by hosts that implement
this suite.

ECDSA/SHA-384 bundles two ECC curves (NIST P-256 and P-384) with SHA-384.  Both
curves must be implemented by hosts that implement HIT this HIT suite.

ECDSA_LOW/SHA-1 is meant for devices with limited computation capabilities.  It
uses the SECP160R curve from SECG.

If we want to make a bold move towards ECC cryptography (and make packet
fragmentation, etc.  less likely) we could change the REQUIRED and RECOMMENDED
tags so that we REQUIRE the ECDSA/SHA-384 HIT SUITE and make the other two
recommended.  Any comments on this?


The ECDH groups look similar:

 Group                Value
 Reserved             0
 DEPRECATED           1
 DEPRECATED           2
 1536-bit MODP group  3 [RFC3526]
 3072-bit MODP group  4 [RFC3526]
 DEPRECATED           5
 DEPRECATED           6
 NIST P-256           7 [RFC4753]
 NIST P-384           8 [RFC4753]
 NIST P-521           9 [RFC4753]
 SECP160R1           10 [SECG]

Groups 7 to 10 are new in RFC5201-bis.  Again, group 10 is meant for devices
with low computation capabilities and should be used only if long-term
confidentiality is not required.

The DEPRECATED values are groups present in RFC5201 but have been removed in
RFC5201-bis.  They have to be removed before we finish the document.

Are there any comments regarding the selection of algorithms?  With the selected
ECC curves, we tried to stay as close to other Internet standards IKE, TLS that
use ECC already.

Best regards,

Tobias

  



-- 
Dipl.-Inform. Tobias Heer, Ph.D. Student
Chair of Communication and Distributed Systems - comsys
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer
blog: http://dtobi.wordpress.com/
card: http://card.ly/dtobi