[Hipsec-rg] meeting minutes posted

[thomas.r.henderson at boeing.com (Henderson, Thomas R)]

 

> -----Original Message-----
> From: Oleg Ponomarev [mailto:oleg.ponomarev at hiit.fi] 
> Sent: Wednesday, January 07, 2009 6:58 AM
> To: hipsec-rg at listserv.cybertrust.com
> Subject: Re: [Hipsec-rg] meeting minutes posted
> 
> Greetings!
> 
> > BM: Bob is working on moving HIP onto the standards track.  ADs are 
> > looking at the HIPWG charter to address RFC5201 IESG 
> concerns, and to 
> > advance BEET. The big concern in 5201 is crypto agility, 
> there are some 
> > issues there. There will be a call for proposals on 
> addressing crypto 
> > agility concerns without making the protocol too heavy.  
> Please look at 
> > those issues.
> 
> SHA1 is used now as a hash function to get HITSs, but are 
> there any plans 
> to phase out its use in favor of the SHA-2 variants? I was 
> just wondering 
> what happens in case of a HIT collision, since the complexity of an 
> existing attack[1] is only 2**63.

Oleg,
There was some discussion of this about two years ago, when the HIP
drafts went through secdir review.  See, for instance, this thread:
http://www.ietf.org/mail-archive/web/hipsec/current/msg01743.html
and this:
http://www.ietf.org/mail-archive/web/hipsec/current/msg01756.html

To address these concerns, we agreed with the IESG to place a note in
RFC5201 to state that this issue needs to be handled before HIP could be
considered for standards track.  But, to my knowledge, there hasn't been
further work on this point since then.


> 
> Actually it would be useful to have IPv6 address space 
> reserved for HIP 
> only, then we could have ip6.arpa pointers etc

In some sense, we have some address space reserved in 2001:10::/28
(RFC4843).  But how do you view that delegation might work in this
space, using HITs?

Tom