[hiprg] Adding Identity privacy to HIP DEX

Robert Moskowitz <rgm@htt-consult.com> Wed, 06 April 2011 00:18 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id BC9B13A695A for <hiprg@core3.amsl.com>; Tue, 5 Apr 2011 17:18:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 8mTrlA+cYKsb for <hiprg@core3.amsl.com>; Tue, 5 Apr 2011 17:18:38 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com []) by core3.amsl.com (Postfix) with ESMTP id 086E63A69A0 for <hiprg@irtf.org>; Tue, 5 Apr 2011 17:18:38 -0700 (PDT)
Received: from localhost (unknown []) by klovia.htt-consult.com (Postfix) with ESMTP id 2747B62A96 for <hiprg@irtf.org>; Wed, 6 Apr 2011 00:19:55 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([]) by localhost (klovia.htt-consult.com []) (amavisd-new, port 10024) with ESMTP id WL8hi-wLiwUC for <hiprg@irtf.org>; Tue, 5 Apr 2011 20:19:35 -0400 (EDT)
Received: from nc2400.htt-consult.com (host-78-64-7-227.homerun.telia.com []) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 4338862AD6 for <hiprg@irtf.org>; Tue, 5 Apr 2011 20:19:14 -0400 (EDT)
Message-ID: <4D9BB180.6010007@htt-consult.com>
Date: Wed, 06 Apr 2011 02:19:12 +0200
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110307 Fedora/3.1.9-0.39.b3pre.fc14 Thunderbird/3.1.9
MIME-Version: 1.0
To: "hiprg@irtf.org" <hiprg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [hiprg] Adding Identity privacy to HIP DEX
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2011 00:18:39 -0000

I faded early this evening and woke up in the middle of the night (hey, 
I am in Stockholm right now, it is 2am) with perhaps a wild idea that 
may make some sense.

I forfeited Identity privacy and PFS in DEX with moving the HI to ECDH 
and that ECDH exchange as the extent of the public key crypto in DEX.

Here is my thought.  The Initiator has TWO ECDH key pairs.  One is the 
HI, the other is an identity privacy key (IPK?).  I2 uses the IPK on the 
'outside' with the HI encrypted for an 'inner' ECDH protected exchange.  
The responders HI is still exposed.  It is ASSUMED that this is 
acceptable and that the Initiator has some mechanism to validate this HI 
to avoid a DH MITM.

I don't know if this is worth the effort to flesh out.  I have lots of 
other work to do on HIP-bis, HIP-DEX, core, and some Verizon projects.  
So I am asking here if others see Identity privacy as important enough 
to persue it?