IETF Logo Mail Archive

Re: [hiprg] clarification of identity privacy properties of HIPbase exchange

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Fri, 18 February 2011 02:20 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4ED3F3A6DE4 for <hiprg@core3.amsl.com>; Thu, 17 Feb 2011 18:20:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRJEVLCAvvGa for <hiprg@core3.amsl.com>; Thu, 17 Feb 2011 18:20:01 -0800 (PST)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 3D9F33A6D23 for <hiprg@irtf.org>; Thu, 17 Feb 2011 18:19:58 -0800 (PST)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id p1I2KMxL016182 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 17 Feb 2011 18:20:23 -0800 (PST)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id p1I2KLfq024624; Thu, 17 Feb 2011 20:20:21 -0600 (CST)
Received: from XCH-NWHT-06.nw.nos.boeing.com (xch-nwht-06.nw.nos.boeing.com [130.247.25.110]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id p1I2KJ6l024618 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Thu, 17 Feb 2011 20:20:20 -0600 (CST)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-06.nw.nos.boeing.com ([130.247.25.110]) with mapi; Thu, 17 Feb 2011 18:20:19 -0800
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: "'Tobias Heer'" <heer@cs.rwth-aachen.de>, "hiprg@irtf.org" <hiprg@irtf.org>
Date: Thu, 17 Feb 2011 18:20:18 -0800
Thread-Topic: [hiprg] clarification of identity privacy properties of HIPbase exchange
Thread-Index: AcvNuF4EAe2/CtLRRWiSlW3rIYyXZwBWVqzw
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CED25AE86@XCH-NW-10V.nw.nos.boeing.com>
References: <7CC566635CFE364D87DC5803D4712A6C4CED25AE6E@XCH-NW-10V.nw.nos.bo eing.com><4D5B8982.6040306@hiit.fi><A547342C-0202-4600-83AB-4F355E9B29C8@cs.rwth-aachen.de> <8E135455-32E3-4425-BF6D-09F4010F29DE@cs.rwth-aachen.de>
In-Reply-To: <8E135455-32E3-4425-BF6D-09F4010F29DE@cs.rwth-aachen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [hiprg] clarification of identity privacy properties of HIPbase exchange
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Feb 2011 02:20:05 -0000

Thanks for the attempted clarifications, but I am not sure that these types of attacks (binding between a host name and HI, as Andrei suggested, or different concepts of identity) are what is being referred to in this paragraph.  Does anyone have a reference to substantiate this statement?:
>
>    All two-round-trip variations of the Diffie Hellman key exchange
>    using public keys for authentication are vulnerable to identity
>    theft.  

If I understood more clearly the general attacks being referred to here, I could try to relate that to the existing base exchange and better describe the vulnerabilities.  

- Tom

v2.8.7 | Report a Bug | By Email