Re: [hiprg] New thoughts on HIT construction

Tobias Heer <heer@cs.rwth-aachen.de> Mon, 19 July 2010 13:40 UTC

Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 06B9E3A6813 for <hiprg@core3.amsl.com>; Mon, 19 Jul 2010 06:40:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.241
X-Spam-Level:
X-Spam-Status: No, score=-3.241 tagged_above=-999 required=5 tests=[AWL=-1.040, BAYES_50=0.001, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OTl0S7jpT-Ok for <hiprg@core3.amsl.com>; Mon, 19 Jul 2010 06:40:43 -0700 (PDT)
Received: from mta-2.ms.rz.rwth-aachen.de (mta-2.ms.rz.RWTH-Aachen.DE [134.130.7.73]) by core3.amsl.com (Postfix) with ESMTP id 306CB3A694A for <hiprg@irtf.org>; Mon, 19 Jul 2010 06:40:40 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=us-ascii
Received: from ironport-out-2.rz.rwth-aachen.de ([134.130.5.41]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0L5T004MW4O5P940@mta-2.ms.rz.RWTH-Aachen.de> for hiprg@irtf.org; Mon, 19 Jul 2010 15:40:53 +0200 (CEST)
X-IronPort-AV: E=Sophos;i="4.55,226,1278280800"; d="scan'208";a="35001996"
Received: from relay-auth-2.ms.rz.rwth-aachen.de (HELO relay-auth-2) ([134.130.7.79]) by ironport-in-2.rz.rwth-aachen.de with ESMTP; Mon, 19 Jul 2010 15:40:53 +0200
Received: from umic-i4-137-226-45-90.nn.rwth-aachen.de ([unknown] [137.226.45.90]) by relay-auth-2.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0L5T00BS54O51180@relay-auth-2.ms.rz.rwth-aachen.de> for hiprg@irtf.org; Mon, 19 Jul 2010 15:40:53 +0200 (CEST)
From: Tobias Heer <heer@cs.rwth-aachen.de>
In-reply-to: <AANLkTim57j35gWTdp_VQXaa8Pi74rkY2lwWTSgG47QaT@mail.gmail.com>
Date: Mon, 19 Jul 2010 15:41:08 +0200
Message-id: <F0CEE0CF-EC8C-4BE2-BC64-E31591F36F6D@cs.rwth-aachen.de>
References: <4C1775B5.80702@htt-consult.com> <AANLkTim57j35gWTdp_VQXaa8Pi74rkY2lwWTSgG47QaT@mail.gmail.com>
To: Pascal Urien <pascal.urien@gmail.com>
X-Mailer: Apple Mail (2.1081)
Cc: hiprg@irtf.org
Subject: Re: [hiprg] New thoughts on HIT construction
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2010 13:40:52 -0000

Hello Pascal, 

I briefly read draft-irtf-hiprg-rfid-00.txtand have some comments/questions in addition to Bob's comments:

A very minor issue: HIP-Tag may be easy to confuse with Host Identity Tag / HIT. I don't have a proposal for a better name but I believe a more different name could avoid some confusion.
Am 27.06.2010 um 18:50 schrieb Pascal Urien:

In section 1.4 you mention three entities but provide a list of five things, four of them being entities, one being a data structure implemented on one of the four. I think this list is a bit misleading and could be structured in a better way.

About the HAT: Is HIP Address translator really the right name for it? As far as I understood it, it is rather a protocol translator than an address translator.

Section 1.5 states that the HIT can be traced. Ephemeral HIs allow for some anonymity (equivalent to the one used in the RFID document) even in baseline HIP.

It would be good to state the security goals/services that the T-BEX offers in the beginning. Who authenticates to whom? What is the result of the T-BEX? One can derive these things from the technical description but explicitly stating these things might help comprehension.

What are the security assumptions? What is the attacker model? Is the reader trustworthy? Is an MITM attack by the reader an issue?

Do the new parameters use the same type space as baseline HIP? If yes, are they all non-critical? The critical bit seems not to be set in any of the parameters.

BR, 

Tobias


> Hi All,
> 
> The document draft-irtf-hiprg-rfid has been posted to ietf
> 
> See
> http://www.ietf.org/staging/draft-irtf-hiprg-rfid-00.txt
> 
> Following Thomas review
> (http://www.ietf.org/mail-archive/web/hiprg/current/msg00719.html) ,
> the document draft-urien-hip-tag-03 has been modified and reviewed by
> Pascal Urien,  Gyu Myoung Lee, and Guy Pujolle
> 
> Best Regards
> 
> Pascal
> _______________________________________________
> hiprg mailing list
> hiprg@irtf.org
> https://www.irtf.org/mailman/listinfo/hiprg




-- 
Dipl.-Inform. Tobias Heer, Ph.D. Student
Distributed Systems Group 
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer
blog: http://dtobi.wordpress.com/
card: http://card.ly/dtobi