Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Including hieararchy in HIT generation
Tobias Heer <heer@cs.rwth-aachen.de> Tue, 28 July 2009 14:29 UTC
Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 69FA93A6FCF for <hiprg@core3.amsl.com>; Tue, 28 Jul 2009 07:29:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.808
X-Spam-Level:
X-Spam-Status: No, score=-1.808 tagged_above=-999 required=5 tests=[AWL=-2.392, BAYES_00=-2.599, CN_BODY_35=0.339, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, J_CHICKENPOX_16=0.6, J_CHICKENPOX_19=0.6, MIME_CHARSET_FARAWAY=2.45, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 87dUBncYjBVp for <hiprg@core3.amsl.com>; Tue, 28 Jul 2009 07:29:42 -0700 (PDT)
Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by core3.amsl.com (Postfix) with ESMTP id 75F6A3A6FB6 for <hiprg@irtf.org>; Tue, 28 Jul 2009 07:29:42 -0700 (PDT)
MIME-version: 1.0
Content-type: text/plain; charset="GB2312"; format="flowed"; delsp="yes"
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0KNH005G5XLIJJ50@mta-1.ms.rz.RWTH-Aachen.de> for hiprg@irtf.org; Tue, 28 Jul 2009 16:29:42 +0200 (CEST)
X-IronPort-AV: E=Sophos;i="4.43,283,1246831200"; d="scan'208";a="20656426"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Tue, 28 Jul 2009 16:29:42 +0200
Received: from dhcp-11f5.meeting.ietf.org ([unknown] [130.129.17.245]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0KNH0053KXLI4B80@relay-auth-1.ms.rz.rwth-aachen.de> for hiprg@irtf.org; Tue, 28 Jul 2009 16:29:42 +0200 (CEST)
Message-id: <59A80D41-60DA-4C54-8C4F-020FC26762E4@cs.rwth-aachen.de>
From: Tobias Heer <heer@cs.rwth-aachen.de>
To: hiprg@irtf.org
In-reply-to: <f96ac8d1255a3.255a3f96ac8d1@huawei.com>
Content-transfer-encoding: quoted-printable
Date: Tue, 28 Jul 2009 16:29:39 +0200
References: <C1CCBFC6-D133-4CCE-8ABF-3B7A88EC9B0B@cs.rwth-aachen.de> <f96ac8d1255a3.255a3f96ac8d1@huawei.com>
X-Mailer: Apple Mail (2.935.3)
Subject: Re: [hiprg] draft-zhang-hip-hierarchical-parameter-00: Including hieararchy in HIT generation
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 14:29:43 -0000
Hi Dacheng, Am 28.07.2009 um 16:14 schrieb zhangdacheng 00133208: > Hi, Tobias: > > I think you propose a very interesting solution. But, we still have > to face the problem, i.e., how to transfer the hierarchy information > and X in case they are needed in HIP header, do we? Of course. In my opinion you still need an additional parameter to express the hierarchy if you want to reveal the hierarchy to the peer. Additionally you need to transmit the "cloaked" or "hidden" hierarchy (Parameter X - the randomly picked value) whenever you want to conceal the hierarchy. > In addtion, transporting hierarchical information in parameters can > be more flexible. Hierarchical information can be formated in many > different ways, e.g., fqdn, nai.. Yes, I agree. I think can also work with the proposed HIT creation. I am posting this reply to the list to let other people participate as well. BR, Tobias > > looking forward to have further discussions. > > BR > > Dacheng > > ****************************************************************************************** > This email and its attachments contain confidential information from > HUAWEI, which is intended only for the person or entity whose > address is listed above. Any use of the information contained here > in any way (including, but not limited to, total or partial > disclosure, reproduction, or dissemination) by persons other than > the intended recipient(s) is prohibited. If you receive this email > in error, please notify the sender by phone or email > immediately and delete it! > ***************************************************************************************** > > ----- 原邮件 ----- > 发件人: Tobias Heer <heer@cs.rwth-aachen.de> > 日期: 星期二, 七月 28日, 2009 下午3:02 > 主题: draft-zhang-hip-hierarchical-parameter-00: Including hieararchy > in HIT generation > 收件人: zhangdacheng@huawei.com, Xu Xiaohu <xuxh@huawei.com> > 抄送: hiprg@irtf.org > >> Hi! >> >> I just wanted to clarify my comment in the HIPRG meeting on >> including >> the hierarchy in the HIT creation process. I think it would be >> good to >> have the hierarchy information in the HIT creation process because >> the >> hierarchy will be bound to the HIT itself. >> >> Below I briefly sketched a possible way of including it without >> revealing the hierarchy to all hosts. >> >> HIT generation could work like this: >> >> 1. Pick random secret X >> >> 2. H(Hierarchy, X) => HTag >> >> 3. H(PubKey, ..., HTag) => HIT (Orchid) >> >> --> Only use LTag if you do not want to reveal hierarchy. >> --> Use hierarchy and X if you want to reveal the hierarchy. >> >> The random secret X prevents dictionary attacks on a limited >> number of >> hierarchies. H is a hash function. Of course, you should not only >> use >> H for generating the HIT (step 3) but use the regular way defined >> in >> the RFCs. If you want to avoid that people can try many instances >> of X >> for creating many different HITs you can also make X depend on the >> >> public key, which will make creating many different HITs notably >> more >> complex. >> >> Best regards, >> >> Tobias >> >> >> >> -- >> Dipl.-Inform. Tobias Heer, Ph.D. Student >> Distributed Systems Group >> RWTH Aachen University, Germany >> tel: +49 241 80 207 76 >> web: http://ds.cs.rwth-aachen.de/members/heer >> >> >> >> >> >> >> >> -- Dipl.-Inform. Tobias Heer, Ph.D. Student Distributed Systems Group RWTH Aachen University, Germany tel: +49 241 80 207 76 web: http://ds.cs.rwth-aachen.de/members/heer
- [hiprg] draft-zhang-hip-hierarchical-parameter-00… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Henderson, Thomas R
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Henderson, Thomas R
- Re: [hiprg] draft-zhang-hip-hierarchical-paramete… Tobias Heer