HIPRG meeting at IETF75
Notes by Tobias Heer 


0. Andrei Gurtov: Agenda bashing, pink sheets

 - No objections.  

1. Seng Kyun Jo: Object naming with HIP (Presentation)

 - Bob: The area of the object ID seems important. It maps to one host having multiple IDs. One should look into other solutions but introducing a non-cryptographic ID. One should rather look into technologies like ECC that are available for computationally weak devices.
 - Andrei: Seng, Pascal, and Bob should work together and present something at the next meeting.
 - Oleg: What would the mapping mechanism between object IDs and devices be like?
 - Seng: The mapping depends on the characteristics of the environment.
 - Oleg: What is the mechanism? Some protocol?
 - Seng: This is only a framework we did not think of a specific mechanism.
 - Bob: (Hartmann?) was suggesting a password and Elliptic curve combination. The password determines a point on the curve. Maybe such technology could be used as starting point for enabling devices to protect against duplicated IDs and stolen IDs.

2. Pascal Urien: hip-tag-draft-02. (Presentation)
 - Bob: Is HMAC-SHA1 available in these devices or is there a more processor-friendly option?
 - Pascal: We can use different things. There are multiple transforms possible (SHA-1, Tree). We can use whatever mechanism will be available in small devices in 5 years. For very small objects MAC may be sufficient? 
 - Bob: What is the threat mode? What can the attacker do? What is the attack space?
 - Pascal: We use a true random number. Second, you only see the equation. E.g., a MAC function is secure by itself. It depends on the function f you use.
 - Andrei: Did you use an existing HIP implementation for creating your implementation?
 - Pascal: We stated from scratch because this is a very different version of HIP. I think the main issue with HIP and objects is privacy. Today we only use one mechanism for authentication which is not good from a privacy point of view.
- Andrei: Other people have been working on privacy as well: e.g., Ericsson (BLIND)
- Pascal: The idea is to protect the object identity. Some entity needs to know the object identity because you derive all object properties from it. The goal of an attacker would be to retrieve the object identity. If you have a hard equation, it works.
  
3. Samu Varjonen. HIP and User Authentication: draft-varjonen-hip-eap-00 (Presentation)
 - Samu: How does this sound? Is there any interest in user authentication?
 - Yaron: I would like to see how this relates to IPsec EAP and MSK to channel bind the authentication into the HIP exchange.
 - Bob: If you look at Pascal’s approach, how can we bring together these different proposal whether it is a person or a system or other things in a general way?
 - Dan Harkins: Have you implemented this?
 - Samu: Not yet but we are planning to.

4. Dacheng Zhang
http://www.ietf.org/internet-drafts/draft-zhang-hip-hi-revocation-00.txt (Presentation)
 - Bob: If you have a DHT, a revoked HIT could be published? 
 - Tim: What does SSH do about this? The answer is: nothing.
 - Dacheng: HIP hosts can communicate to each other without additional security structures. I will think about this. I cannot answer this at the moment.
 - Andrei: Local management could work well. Do we need a global solution?
 - Andrew: Simple answer: destroy the public key.
 - Bob: Having a revocation mechanism can help the deployment of HIP. A mechanism where revocation is possible expands the usability of HIP. 
 - Oleg: What if we follow TLS example with lifetime and revocation server. Publishing a self-signed revocation could be an option.
 - Dacheng: But there is a problem if the key has been compromised. 
 - Bob: This works because the self-signed revocation is sufficient. It is a simple statement. If someone forged this statement the key was compromised anyway. Lifetime is also an option.
 

http://www.ietf.org/internet-drafts/draft-zhang-hip-hierarchical-parameter-00.txt

 - Tim: What are the uniqueness issues?
 - Dacheng: You cannot know if the HIT is unique. There is a possibility that there is a collision.
 - Tim: Is there actually a problem?
 - Bob: The full 128 bits had a very low collision probability. With fewer bits it becomes more probable. 
 - Tim: Birthday paradox.
 - Bob: I will look it up.
 - Tobias: Maybe including the hierarchy in the HIT would be good?
 - Dacheng: This may lead to privacy issues (Hierarchy is concealed). 
 - Tobias: You could only include the hash of the hierarchy in the HIT. The hierarchy could be revealed whenever necessary. If this is not wanted you can just reveal the hash. I'll send a sketched suggestion to the list. 

 

5. Bob Moskowitz: Update on HIP experiment (Presentation)
 - No questions. 

6. Oleg Ponomarev:
draft-ponomarev-hip-hit2ip-04.txt

 - No comments

draft-ponomarev-hip-dns-locators-00

 - Andrew: The combination of HIT, IP, and Port DNS seems to be a good and minimal thing which makes things easier.

7. Miika Komu. Demo of HIPL installation and use. (Presentation)

 - No questions.