IETF Logo Mail Archive

Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Includinghieararchy in HIT generation

Xu Xiaohu <xuxh@huawei.com> Tue, 11 August 2009 07:21 UTC

Return-Path: <xuxh@huawei.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A133E3A67C0 for <hiprg@core3.amsl.com>; Tue, 11 Aug 2009 00:21:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.345
X-Spam-Level: **
X-Spam-Status: No, score=2.345 tagged_above=-999 required=5 tests=[AWL=0.955, BAYES_00=-2.599, CN_BODY_35=0.339, J_CHICKENPOX_16=0.6, J_CHICKENPOX_19=0.6, MIME_CHARSET_FARAWAY=2.45]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w-0mSa8K08pY for <hiprg@core3.amsl.com>; Tue, 11 Aug 2009 00:21:31 -0700 (PDT)
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [119.145.14.64]) by core3.amsl.com (Postfix) with ESMTP id 51CF23A69A4 for <hiprg@irtf.org>; Tue, 11 Aug 2009 00:21:31 -0700 (PDT)
Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KO700CBYB3X18@szxga01-in.huawei.com> for hiprg@irtf.org; Tue, 11 Aug 2009 15:21:33 +0800 (CST)
Received: from huawei.com ([172.24.1.33]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KO700ARYB3XAK@szxga01-in.huawei.com> for hiprg@irtf.org; Tue, 11 Aug 2009 15:21:33 +0800 (CST)
Received: from HUAWEIE75F8F11 ([10.111.12.212]) by szxml06-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KO70049OB3WUJ@szxml06-in.huawei.com> for hiprg@irtf.org; Tue, 11 Aug 2009 15:21:33 +0800 (CST)
Date: Tue, 11 Aug 2009 15:21:32 +0800
From: Xu Xiaohu <xuxh@huawei.com>
In-reply-to:
To: hiprg@irtf.org
Message-id: <002701ca1a54$5a734800$d40c6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="gb2312"
Content-transfer-encoding: quoted-printable
Thread-index: AcoPg6Bi2z0pX6p4SVy893mzy7yk7wKUE+bQABZHwNAACbGKEA==
Subject: Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Includinghieararchy in HIT generation
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2009 07:21:32 -0000

===It seems that my preview email is not posted to the HIPRG mailing-list
successfully, so I resend it.====

Hi all,

IMHO, one can directly use the CGA mechanism with small changes, rather than
a new algorithm as mentioned by Tobias, to generate hierarchical and
cryptographic host identifiers. In fact, we have already been using the CGA
mechanism to generate host identifiers in our RANGI proposal
(http://tools.ietf.org/html/draft-xu-rangi-01). The following is the quote
from that proposal. For more information, please read that draft.

"The approach of generating hierarchical host identifiers in RANGI is much
similar to the Cryptographically Generated Addresses (CGA) [RFC3972]. The
major difference is that the prefix of the RANGI host identifier is AD ID,
rather than ordinary IPv6 address prefix. In the CGA, the process of
generating a new CGA takes three input values: a 64-bit subnet prefix, the
public key of the address owner as a DER-encoded ASN.1 structure of the type
SubjectPublicKeyInfo and the security parameter Sec, which is an unsigned
three-bit integer. In RANGI, the process of generating a new host identifier
also takes three input values: the n-bit AD ID (the suitable value of ”n”
has not been determined), the public key of the host ID owner and the
security parameter Sec."

However, as stated in the CGA [RFC 3972], "...because CGAs themselves are
not certified, an attacker can create a new CGA from any subnet prefix and
its own (or anyone else's) public key.  However, the attacker cannot take a
CGA created by someone else and send signed messages that appear to come
from the owner of that address... ". Hence, in order to verify the
association between the prefix and the address owner, we need some other
means, e.g., a certification issued by a third-party authority, or resorting
to such an authority for verification if necessary.

For the privacy of identifier's organizational affiliation (i.e.,
Administrative Domain), maybe the two communicating parties could use the
hierarchical identifier to find the opposing party's locator in a
hierarchical id/locator mapping system, then use the self-certified flat HIT
instead for subsequent communication if the privacy is necessary.

Xiaohu

> -----邮件原件-----
> 发件人: Xu Xiaohu [mailto:xuxh@huawei.com]
> 发送时间: 2009年8月11日 12:02
> 收件人: 'Henderson, Thomas R'; 'Tobias Heer'; 'zhangdacheng@huawei.com'
> 抄送: 'hiprg@irtf.org'
> 主题: 答复: [hiprg] draft-zhang-hip-hierarchical-parameter-00:
> Includinghieararchy in HIT generation
> 
> Hi all,
> 
> IMHO, one can directly use the CGA mechanism with small changes, rather
than
> a new algorithm as mentioned by Tobias, to generate hierarchical and
> cryptographic host identifiers. In fact, we have already been using the
CGA
> mechanism to generate host identifiers in our RANGI proposal
> (http://tools.ietf.org/html/draft-xu-rangi-01). The following is the quote
> from that proposal. For more information, please read that draft.
> 
> "The approach of generating hierarchical host identifiers in RANGI is much
> similar to the Cryptographically Generated Addresses (CGA) [RFC3972]. The
> major difference is that the prefix of the RANGI host identifier is AD ID,
rather
> than ordinary IPv6 address prefix. In the CGA, the process of generating a
new
> CGA takes three input values: a 64-bit subnet prefix, the public key of
the
> address owner as a DER-encoded ASN.1 structure of the type
SubjectPublicKeyInfo
> and the security parameter Sec, which is an unsigned three-bit integer. In
RANGI,
> the process of generating a new host identifier also takes three input
values:
> the n-bit AD ID (the suitable value of ”n” has not been determined), the
public
> key of the host ID owner and the security parameter Sec."
> 
> However, as stated in the CGA [RFC 3972], "...because CGAs themselves are
not
> certified, an attacker can create a new CGA from any subnet prefix and its
own
> (or anyone else's) public key.  However, the attacker cannot take a CGA
created
> by someone else and send signed messages that appear to come from the
owner
> of that address... ". Hence, in order to verify the association between
the
> prefix and the address owner, we need some other means, e.g., a
certification
> issued by a third-party authority, or resorting to such an authority for
> verification if necessary.
> 
> For the privacy of identifier's organizational affiliation (i.e.,
> Administrative Domain), maybe the two communicating parties could use the
> hierarchical identifier to find the opposing party's locator in a
hierarchical
> id/locator mapping system, then use the self-certified flat HIT instead
for
> subsequent communication if the privacy is necessary.
> 
> Xiaohu
> 
> > -----邮件原件-----
> > 发件人: Henderson, Thomas R [mailto:thomas.r.henderson@boeing.com]
> > 发送时间: 2009年8月11日 0:13
> > 收件人: Tobias Heer; zhangdacheng@huawei.com; Xu Xiaohu
> > 抄送: hiprg@irtf.org
> > 主题: RE: [hiprg] draft-zhang-hip-hierarchical-parameter-00:
> > Includinghieararchy in HIT generation
> >
> >
> >
> > > -----Original Message-----
> > > From: Tobias Heer [mailto:heer@cs.rwth-aachen.de]
> > > Sent: Tuesday, July 28, 2009 6:02 AM
> > > To: zhangdacheng@huawei.com; Xu Xiaohu
> > > Cc: hiprg@irtf.org
> > > Subject: [hiprg] draft-zhang-hip-hierarchical-parameter-00:
> > > Includinghieararchy in HIT generation
> > >
> > > Hi!
> > >
> > > I just wanted to clarify my comment in the HIPRG meeting on
> > > including
> > > the hierarchy in the HIT creation process. I think it would
> > > be good to
> > > have the hierarchy information in the HIT creation process
> > > because the
> > > hierarchy will be bound to the HIT itself.
> > >
> > > Below I briefly sketched a possible way of including it without
> > > revealing the hierarchy to all hosts.
> > >
> > > HIT generation could work like this:
> > >
> > > 1. Pick random secret X
> > >
> > > 2. H(Hierarchy, X) => HTag
> > >
> > > 3. H(PubKey, ..., HTag) => HIT (Orchid)
> > >
> > > --> Only use LTag if you do not want to reveal hierarchy.
> > > --> Use hierarchy and X if you want to reveal the hierarchy.
> >
> > Hi Tobias,
> >
> > I recently had a chance to listen to the audio archive of the meeting
> > and I'm reviewing the mail now.  Can you explain in more detail what is
> > the use case for what you are proposing?  I thought that the draft was
> > mainly concerned with having publicly revealed hierarchies so that
> > reverse lookups could exploit hierarchy.  In your proposal above, for
> > the observer who knows X, how does such observer retrieve hierarchy
> > bits, given the HIT, HTag, and X?
> >
> > Also, I am not sure you can claim that the result from your above is a
> > HIT, because according to RFC4843 and 5201, a HIT is formed without
> > these HTags.  In particular, the HIT would no longer be able to be
> > associated to the key, for an observer who does not know the magic HTag
> > to apply.
> >
> > Tom

v2.15.0 | Report a Bug | By Email