Re: [Hipsec] Proposed new list for HIP_TRANSFORM
Robert Moskowitz <rgm@htt-consult.com> Wed, 06 January 2010 18:19 UTC
Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 389033A6941 for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 10:19:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s5ARcdF4vW7n for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 10:19:26 -0800 (PST)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 3B6223A693F for <hipsec@ietf.org>; Wed, 6 Jan 2010 10:19:26 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 4494668A8E; Wed, 6 Jan 2010 19:16:56 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eSbD8JEs1qEK; Wed, 6 Jan 2010 14:16:47 -0500 (EST)
Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 7E57B68B55; Wed, 6 Jan 2010 14:16:47 -0500 (EST)
Message-ID: <4B44D414.4080501@htt-consult.com>
Date: Wed, 06 Jan 2010 13:19:00 -0500
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Thunderbird/3.0
MIME-Version: 1.0
To: miika.komu@hiit.fi
References: <4B440CA5.3010209@htt-consult.com> <4B44C35E.8090200@hiit.fi> <4B44CA15.2070905@htt-consult.com> <4B44D016.7050102@hiit.fi>
In-Reply-To: <4B44D016.7050102@hiit.fi>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] Proposed new list for HIP_TRANSFORM
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2010 18:19:27 -0000
On 01/06/2010 01:01 PM, Miika Komu wrote: > Robert Moskowitz wrote: > > Hi, > >> On 01/06/2010 12:07 PM, Miika Komu wrote: >>> Robert Moskowitz wrote: >>> >>> Hi, >>> >>>> Proposed new list for HIP_TRANSFORM: >>>> >>>> Suite ID Value >>>> >>>> RESERVED 0 >>>> AES-CBC with HMAC-SHA1 1 ([RFC3602], >>>> [RFC2404]) >>>> 3DES-CBC with HMAC-SHA1 2 ([RFC2451], >>>> [RFC2404]) >>>> DEPRECATED 3 >>>> BLOWFISH-CBC with HMAC-SHA1 4 ([RFC2451], >>>> [RFC2404]) >>>> NULL-ENCRYPT with HMAC-SHA1 5 ([RFC2410], >>>> [RFC2404]) >>>> DEPRECATED 6 >>>> NULL-ENCRYPT with HMAC-SHA2 7 ([RFC2410], >>>> [RFC4868]) >>>> AES-CBC with HMAC-SHA2 8 ([RFC3602], >>>> [RFC4868]) >>>> AES-CCM-8 9 [RFC4309] >>>> AES-CCM-12 10 [RFC4309] >>>> AES-CCM-16 11 [RFC4309] >>>> AES-GCM with a 8 octet ICV 12 [RFC4106] >>>> AES-GCM with a 12 octet ICV 13 [RFC4106] >>>> AES-GCM with a 16 octet ICV 14 [RFC4106] >>> >>> seems fine with me. Should the "natural" key size be reflected in >>> some of the algorithms descriptions? >> >> I am not sure what you are alluding to here. Key sizes for AES-based >> transforms start at 128 and go up. If you are asking about those >> 8/12/16 sizes in CCM and GCM, that applies to the auth size. > > do we have to negotiate AES key size? OOPS. Good catch. We want to make sure we have Suite B support... Trying to dig around, how is it handled elsewhere, an ISAKMP keysize TLV for IKE and ESP? I have some thoughts for a simple way here...
- [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Andrew McGregor
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
- [Hipsec] Fwd: Proposed new list for HIP_TRANSFORM Tobias Heer