[hiprg] draft-irtf-hiprg-rfid-00.txt

Robert Moskowitz <rgm@htt-consult.com> Tue, 06 July 2010 18:18 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 1F0A83A685A for <hiprg@core3.amsl.com>; Tue, 6 Jul 2010 11:18:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.4
X-Spam-Level: *
X-Spam-Status: No, score=1.4 tagged_above=-999 required=5 tests=[BAYES_50=0.001, J_CHICKENPOX_21=0.6, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id CCAtOfTOoAvP for <hiprg@core3.amsl.com>; Tue, 6 Jul 2010 11:18:38 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com []) by core3.amsl.com (Postfix) with ESMTP id 281FA3A67D4 for <hiprg@irtf.org>; Tue, 6 Jul 2010 11:18:38 -0700 (PDT)
Received: from localhost (unknown []) by klovia.htt-consult.com (Postfix) with ESMTP id AB05468BD2; Tue, 6 Jul 2010 18:10:20 +0000 (UTC)
Received: from klovia.htt-consult.com ([]) by localhost (klovia.htt-consult.com []) (amavisd-new, port 10024) with ESMTP id dd9mbKY43vmn; Tue, 6 Jul 2010 14:10:11 -0400 (EDT)
Received: from nc2400.htt-consult.com (h155.home.htt []) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 7239568B20; Tue, 6 Jul 2010 14:10:11 -0400 (EDT)
Message-ID: <4C337373.6060006@htt-consult.com>
Date: Tue, 06 Jul 2010 14:18:27 -0400
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100430 Fedora/3.0.4-2.fc12 Thunderbird/3.0.4
MIME-Version: 1.0
To: Pascal Urien <pascal.urien@gmail.com>, hiprg@irtf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [hiprg] draft-irtf-hiprg-rfid-00.txt
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 18:18:39 -0000

In sec 1.5 you have "imitator", do you mean "initiator"?

In sec 2.3 you have "nul".  This is the only place with this spelling.

In sec 2.3:

each Hmac beeing assocaited to a particular key.

should be

each Hmac being associated to a particular key.

I have problems with the HIP parameter named  "Signature-T".  This is a 
MAC and should be labeled accordingly.  The lable "Signature" should be 
reserved for digital signiture algorithms like RSA, DSA, and ECDSA.

You use KI and ki seemingly to mean two different things.  You should 
separate your labeling to avoid potential confusion.  (unless I am 
confused and they ARE the same thing and just they should be the same case).

It looks like your Initiator HIT is a 128 bit random value.  I feel this 
is a BAD THING, as HITs in BEX and DEX are used as IPv6 addresses in 
applications and implementors might think that BEX-T HITs can be used 
thusly as well.  This MAY produce undesired routing behaviour if the 
'prefix' is that of a routable IPv6 address.  You can do it one of two 
ways.  Use the same /28 prefix as BEX and ask for a HIT Suite ID or get 
a different /28 prefix.  The first option limits your random value to 96 
bits and eats up a HIT Suite.  The later requires you to get your own 

I do not see what use the HIP_TRANSFORM is put to.  Your MACing is SHA-1 
and there is no encryption within BEX-T.

Speaking about SHA-1, in HIP-bis, we are moving away from a fixed hash.  
What is th3e current state of hash function implementation in RFID devices?

Finally what is the source of random numbers in RFID devices?  Do they 
have some hardware random generator, do the use a PRF with a seed from 
some source (and what is it), or some other approach?

Final thought before I hit the send key....  Consider making the name of 
this "the HIP Tag EXchange" or HIP TEX. :)