Re: [hiprg] Adding Identity privacy to HIP DEX

Robert Moskowitz <> Wed, 06 April 2011 08:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 786AD3A68D9 for <>; Wed, 6 Apr 2011 01:01:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id l7uVAfvgDG5E for <>; Wed, 6 Apr 2011 01:01:54 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D1FCF3A68CC for <>; Wed, 6 Apr 2011 01:01:54 -0700 (PDT)
Received: from localhost (unknown []) by (Postfix) with ESMTP id 7313662AB0; Wed, 6 Apr 2011 08:03:17 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KEvFK6aWezPD; Wed, 6 Apr 2011 04:02:57 -0400 (EDT)
Received: from ( []) (Authenticated sender: by (Postfix) with ESMTPSA id 530D362A32; Wed, 6 Apr 2011 04:02:57 -0400 (EDT)
Message-ID: <>
Date: Wed, 06 Apr 2011 10:02:55 +0200
From: Robert Moskowitz <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110307 Fedora/3.1.9-0.39.b3pre.fc14 Thunderbird/3.1.9
MIME-Version: 1.0
To: Tobias Heer <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [hiprg] Adding Identity privacy to HIP DEX
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 06 Apr 2011 08:01:55 -0000

On 04/06/2011 09:48 AM, Tobias Heer wrote:
> Hi Robert,
> Am 06.04.2011 um 02:19 schrieb Robert Moskowitz:
>> I faded early this evening and woke up in the middle of the night (hey, I am in Stockholm right now, it is 2am) with perhaps a wild idea that may make some sense.
>> I forfeited Identity privacy and PFS in DEX with moving the HI to ECDH and that ECDH exchange as the extent of the public key crypto in DEX.
>> Here is my thought.  The Initiator has TWO ECDH key pairs.  One is the HI, the other is an identity privacy key (IPK?).  I2 uses the IPK on the 'outside' with the HI encrypted for an 'inner' ECDH protected exchange.  The responders HI is still exposed.  It is ASSUMED that this is acceptable and that the Initiator has some mechanism to validate this HI to avoid a DH MITM.
>> I don't know if this is worth the effort to flesh out.  I have lots of other work to do on HIP-bis, HIP-DEX, core, and some Verizon projects.  So I am asking here if others see Identity privacy as important enough to persue it?
> Is your assumption that the outer DH exchange is not a static one? If it were static, you don't win much because the host can be identified by the outer DH key. If it is not a static DH, the host needs to generate a new DH key pair for each DEX. This can become quite costly.

Part of the issues that had my brain tied in knots and mis-firing for a 
while last night.

> Interesting idea, though!