Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Includinghieararchy in HIT generation
Tobias Heer <heer@cs.rwth-aachen.de> Mon, 10 August 2009 16:50 UTC
Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B5ADA3A68CE for <hiprg@core3.amsl.com>; Mon, 10 Aug 2009 09:50:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[AWL=-0.600, BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, J_CHICKENPOX_16=0.6, J_CHICKENPOX_19=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SiWYlErXigFH for <hiprg@core3.amsl.com>; Mon, 10 Aug 2009 09:50:04 -0700 (PDT)
Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by core3.amsl.com (Postfix) with ESMTP id 767F63A6D45 for <hiprg@irtf.org>; Mon, 10 Aug 2009 09:50:04 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0KO6000MW6RHPME0@mta-1.ms.rz.RWTH-Aachen.de> for hiprg@irtf.org; Mon, 10 Aug 2009 18:50:05 +0200 (CEST)
X-IronPort-AV: E=Sophos;i="4.43,354,1246831200"; d="scan'208";a="22049673"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Mon, 10 Aug 2009 18:50:05 +0200
Received: from ip67.infrahip.net ([unknown] [193.167.187.67]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0KO600I656RG9N30@relay-auth-1.ms.rz.rwth-aachen.de> for hiprg@irtf.org; Mon, 10 Aug 2009 18:50:05 +0200 (CEST)
Message-id: <A49729CD-84AF-49AF-93CE-2B5210E0C21D@cs.rwth-aachen.de>
From: Tobias Heer <heer@cs.rwth-aachen.de>
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
In-reply-to: <77F357662F8BFA4CA7074B0410171B6D0A8B7219@XCH-NW-5V1.nw.nos.boeing.com>
Date: Mon, 10 Aug 2009 19:50:02 +0300
References: <C1CCBFC6-D133-4CCE-8ABF-3B7A88EC9B0B@cs.rwth-aachen.de> <77F357662F8BFA4CA7074B0410171B6D0A8B7219@XCH-NW-5V1.nw.nos.boeing.com>
X-Mailer: Apple Mail (2.935.3)
Cc: hiprg@irtf.org
Subject: Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Includinghieararchy in HIT generation
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2009 16:50:05 -0000
Hi Tom, I was just picking up an idea that was described in another hierarchical HIT draft (draft-jiang-hiprg-hhit-arch-02.txt). I did like the touch that the "HIT" is determined by the hierarchy because it binds the hierarchy to the HIT and it becomes more difficult to spoof the hierarchy information for a given HIT because with a different hierarchy you end up with a different HIT. Hence, the hierarchy information would be self certifying in the sense that if I give a HIT to someone, the hierarchy would be bound to it and it would stay like that unless I changed my HIT. I have not really considered the practical benefits, I just wanted to tell the authors about the other approach. Maybe the authors of draft-jiang-hiprg-hhit- arch-02.txt can give some reasoning. Dacheng was worried that putting the hierarchy information into the HITs would reveal the hierarchy (even in cases where this is not wanted). Hence my suggestion to secure the hierarchy information with an additional hash. However, since the number of hierarchies is probably too small to make a full search through all hierarchies infeasible (one could just hash each hierarchy information and see whether a given hash matches), I introduced X, which is supposed to protect against this simple search. This was only meant as a quick reply to Dacheng's privacy concerns. The proposed solution was not meant to replace the hierarchy information in an additional parameter it was only intended to have a stronger binding between hierarchy information and HIT. I already stated this in a reply to Dancheng's e-mail on the list (28th of July, 17:29 GMT+3). You are perfectly right that the resulting hash is not a HIT in the original sense, and yes you must supply the Htag to allow verification. Hence, it must also be transmitted with the HI. And yes, it breaks backwards compatibility with hosts that don't know what to do with it. However, since it seems that more hash functions will be introduced in the process of adding crypto agility to HIP, one could consider this as an additional "hash function" or way of hashing. Don't get me wrong: I'm not saying we should do this. I just wanted to make people aware of the way it is handled in the other draft. BR and greetings from Helsinki, Tobi Am 10.08.2009 um 19:12 schrieb Henderson, Thomas R: > > >> -----Original Message----- >> From: Tobias Heer [mailto:heer@cs.rwth-aachen.de] >> Sent: Tuesday, July 28, 2009 6:02 AM >> To: zhangdacheng@huawei.com; Xu Xiaohu >> Cc: hiprg@irtf.org >> Subject: [hiprg] draft-zhang-hip-hierarchical-parameter-00: >> Includinghieararchy in HIT generation >> >> Hi! >> >> I just wanted to clarify my comment in the HIPRG meeting on >> including >> the hierarchy in the HIT creation process. I think it would >> be good to >> have the hierarchy information in the HIT creation process >> because the >> hierarchy will be bound to the HIT itself. >> >> Below I briefly sketched a possible way of including it without >> revealing the hierarchy to all hosts. >> >> HIT generation could work like this: >> >> 1. Pick random secret X >> >> 2. H(Hierarchy, X) => HTag >> >> 3. H(PubKey, ..., HTag) => HIT (Orchid) >> >> --> Only use LTag if you do not want to reveal hierarchy. >> --> Use hierarchy and X if you want to reveal the hierarchy. > > Hi Tobias, > > I recently had a chance to listen to the audio archive of the meeting > and I'm reviewing the mail now. Can you explain in more detail what > is > the use case for what you are proposing? I thought that the draft was > mainly concerned with having publicly revealed hierarchies so that > reverse lookups could exploit hierarchy. In your proposal above, for > the observer who knows X, how does such observer retrieve hierarchy > bits, given the HIT, HTag, and X? > > Also, I am not sure you can claim that the result from your above is a > HIT, because according to RFC4843 and 5201, a HIT is formed without > these HTags. In particular, the HIT would no longer be able to be > associated to the key, for an observer who does not know the magic > HTag > to apply. > > Tom -- Dipl.-Inform. Tobias Heer, Ph.D. Student Distributed Systems Group RWTH Aachen University, Germany tel: +49 241 80 207 76 web: http://ds.cs.rwth-aachen.de/members/heer
- [hiprg] draft-zhang-hip-hierarchical-parameter-00… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Henderson, Thomas R
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Henderson, Thomas R
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer