[Hipsec] The Evolution of HIP
Robert Moskowitz <rgm@htt-consult.com> Tue, 03 August 2010 15:42 UTC
Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4FB5F3A6AB4 for <hipsec@core3.amsl.com>; Tue, 3 Aug 2010 08:42:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.241
X-Spam-Level:
X-Spam-Status: No, score=-0.241 tagged_above=-999 required=5 tests=[AWL=-0.242, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S2ZLt+qJyM-W for <hipsec@core3.amsl.com>; Tue, 3 Aug 2010 08:42:56 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 471463A6A07 for <hipsec@ietf.org>; Tue, 3 Aug 2010 08:42:45 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 0EE6268A87; Tue, 3 Aug 2010 15:33:47 +0000 (UTC)
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJXz6aQZ+-Tu; Tue, 3 Aug 2010 11:33:37 -0400 (EDT)
Received: from nc2400.htt-consult.com (h155.home.htt [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id BD55D68B43; Tue, 3 Aug 2010 11:33:37 -0400 (EDT)
Message-ID: <4C583904.4020205@htt-consult.com>
Date: Tue, 03 Aug 2010 11:43:00 -0400
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100720 Fedora/3.0.6-1.fc12 Thunderbird/3.0.6
MIME-Version: 1.0
To: HIP WG <hipsec@ietf.org>, hiprg@irtf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [Hipsec] The Evolution of HIP
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2010 15:42:58 -0000
I have been doing some deep thinking over the past few weeks as I look at the 3 HIP exchanges and what we are doing with them and what other groups are doing with security. I started HIP with the intent to create a lightweight (in terms of packet and crypto cost) for lite protocols. It quickly evolved to an Identity protocol that enables secure communication. I was always careful NOT to claim that HIP was an alternative keying mechanism for IPsec. Rather it is an Identity Exchange mechinism that enables secure communications with protocols like ESP. To some that is twisting words to avoid confrontation, but HIP is not modeled with an SPD. HIP is first, and secure communications is a result of that. I have to work on the wording of this some more to be more concise.... If you look critically at HIP for RFID draft and open your world-view you can see HIP as an Identity-based secure signalling channel. This channel can simply pass a signal, as HIP for RFID does when all that is communicated is the devices ID. or it can establish a Security Association complete with keying material to enable secure communications. Viewing HIP as a signalling channel opens up possibilities for interesting use cases. Identity can be 'classic HIP' of self-asserted Identity that can be validated via an ACL, or X.509 certs can be transmitted per the cert doc. Think about it. I will be reviewing 4423-bis in this light and seeing what changes can be made to turn the model the rest of the way around. Took me long enough to see this.
- [Hipsec] The Evolution of HIP Robert Moskowitz