Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Includinghieararchy in HIT generation

Tobias Heer <> Mon, 10 August 2009 16:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B5ADA3A68CE for <>; Mon, 10 Aug 2009 09:50:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[AWL=-0.600, BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, J_CHICKENPOX_16=0.6, J_CHICKENPOX_19=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SiWYlErXigFH for <>; Mon, 10 Aug 2009 09:50:04 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 767F63A6D45 for <>; Mon, 10 Aug 2009 09:50:04 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Received: from ([]) by (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <> for; Mon, 10 Aug 2009 18:50:05 +0200 (CEST)
X-IronPort-AV: E=Sophos;i="4.43,354,1246831200"; d="scan'208";a="22049673"
Received: from (HELO relay-auth-1) ([]) by with ESMTP; Mon, 10 Aug 2009 18:50:05 +0200
Received: from ([unknown] []) by (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <> for; Mon, 10 Aug 2009 18:50:05 +0200 (CEST)
Message-id: <>
From: Tobias Heer <>
To: "Henderson, Thomas R" <>
In-reply-to: <>
Date: Mon, 10 Aug 2009 19:50:02 +0300
References: <> <>
X-Mailer: Apple Mail (2.935.3)
Subject: Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Includinghieararchy in HIT generation
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 10 Aug 2009 16:50:05 -0000

Hi Tom,

I was just picking up an idea that was described in another  
hierarchical HIT draft (draft-jiang-hiprg-hhit-arch-02.txt). I did  
like the touch that the "HIT" is determined by the hierarchy because  
it binds the hierarchy to the HIT and it becomes more difficult to  
spoof the hierarchy information for a given HIT because with a  
different hierarchy you end up with a different HIT. Hence, the  
hierarchy information would be self certifying in the sense that if I  
give a HIT to someone, the hierarchy would be bound to it and it would  
stay like that unless I changed my HIT. I have not really considered  
the practical benefits, I just wanted to tell the authors about the  
other approach. Maybe the authors of draft-jiang-hiprg-hhit- 
arch-02.txt can give some reasoning.

Dacheng was worried that putting the hierarchy information into the  
HITs would reveal the hierarchy (even in cases where this is not  
wanted). Hence my suggestion to secure the hierarchy information with  
an additional hash. However, since the number of hierarchies is  
probably too small to make a full search through all hierarchies  
infeasible (one could just hash each hierarchy information and see  
whether a given hash matches), I introduced X, which is supposed to  
protect against this simple search. This was only meant as a quick  
reply to Dacheng's privacy concerns.

The proposed solution was not meant to replace the hierarchy  
information in an additional parameter it was only intended to have a  
stronger binding between hierarchy information and HIT. I already  
stated this in a reply to Dancheng's e-mail on the list (28th of July,  
17:29 GMT+3).

You are perfectly right that the resulting hash is not a HIT in the  
original sense, and yes you must supply the Htag to allow  
verification. Hence, it must also be transmitted with the HI. And yes,  
it breaks backwards compatibility with hosts that don't know what to  
do with it. However, since it seems that more hash functions will be  
introduced in the process of adding crypto agility to HIP, one could  
consider this as an additional "hash function" or way of hashing.

Don't get me wrong: I'm not saying we should do this. I just wanted to  
make people aware of the way it is handled in the other draft.

BR and greetings from Helsinki,


Am 10.08.2009 um 19:12 schrieb Henderson, Thomas R:

>> -----Original Message-----
>> From: Tobias Heer []
>> Sent: Tuesday, July 28, 2009 6:02 AM
>> To:; Xu Xiaohu
>> Cc:
>> Subject: [hiprg] draft-zhang-hip-hierarchical-parameter-00:
>> Includinghieararchy in HIT generation
>> Hi!
>> I just wanted to clarify my comment in the HIPRG meeting on
>> including
>> the hierarchy in the HIT creation process. I think it would
>> be good to
>> have the hierarchy information in the HIT creation process
>> because the
>> hierarchy will be bound to the HIT itself.
>> Below I briefly sketched a possible way of including it without
>> revealing the hierarchy to all hosts.
>> HIT generation could work like this:
>> 1. Pick random secret X
>> 2. H(Hierarchy, X) => HTag
>> 3. H(PubKey, ..., HTag) => HIT (Orchid)
>> --> Only use LTag if you do not want to reveal hierarchy.
>> --> Use hierarchy and X if you want to reveal the hierarchy.
> Hi Tobias,
> I recently had a chance to listen to the audio archive of the meeting
> and I'm reviewing the mail now.  Can you explain in more detail what  
> is
> the use case for what you are proposing?  I thought that the draft was
> mainly concerned with having publicly revealed hierarchies so that
> reverse lookups could exploit hierarchy.  In your proposal above, for
> the observer who knows X, how does such observer retrieve hierarchy
> bits, given the HIT, HTag, and X?
> Also, I am not sure you can claim that the result from your above is a
> HIT, because according to RFC4843 and 5201, a HIT is formed without
> these HTags.  In particular, the HIT would no longer be able to be
> associated to the key, for an observer who does not know the magic  
> HTag
> to apply.
> Tom


Dipl.-Inform. Tobias Heer, Ph.D. Student
Distributed Systems Group
RWTH Aachen University, Germany
tel: +49 241 80 207 76