Re: [Hipsec] IPCOMP support in HIP

Derek Fawcus <dfawcus+lists-hipsec@employees.org> Thu, 10 March 2016 20:55 UTC

Return-Path: <dfawcus@employees.org>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41ED612DD68 for <hipsec@ietfa.amsl.com>; Thu, 10 Mar 2016 12:55:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=employees.org; domainkeys=pass (1024-bit key) header.from=dfawcus+lists-hipsec@employees.org header.d=employees.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qZLZCHTN47T3 for <hipsec@ietfa.amsl.com>; Thu, 10 Mar 2016 12:55:32 -0800 (PST)
Received: from cowbell.employees.org (cowbell.employees.org [65.50.211.142]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9567512DD67 for <hipsec@ietf.org>; Thu, 10 Mar 2016 12:55:21 -0800 (PST)
Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id 43FA2D7894; Thu, 10 Mar 2016 12:55:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=date:from :to:cc:subject:message-id:references:mime-version:content-type :in-reply-to; s=selector1; bh=z+SHmcAGp5YjBOezCBK47UE3P6M=; b=lh VR6N6GK7kMkkNjot14DW1vN7MSS62xfLu4VgT5yqd4m304yae8+wWc/J3hSpqFg9 ljBVUarLz/hv3T1npy3VqVec+4efnXAcWLLtWm1enAEui6F8kkH84r26qPzjp51l V9ZdZRvtdQ0geOmmCZDof5bSbPuL0ebmS8q0Ceg8E=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=date:from :to:cc:subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=selector1; b=WvdzB16WDmwsdAA4slaE6nA/AHjN Wow5dIuvqAjhQLE2TuwLn7ljmCu6aB4KnwfL3dR6Q7ezS43Zwk5Ggjzb8bQGcSSR qBx6FRcNLXPj1jAYs470sOO9biuWIWPya50Vrf287gg+IgJ6bw2dumpp2dEU92Ef roLaiK8LW7z1g5o=
Received: by cowbell.employees.org (Postfix, from userid 1736) id 357B0D7893; Thu, 10 Mar 2016 12:55:21 -0800 (PST)
Date: Thu, 10 Mar 2016 20:55:21 +0000
From: Derek Fawcus <dfawcus+lists-hipsec@employees.org>
To: Robert Moskowitz <rgm@htt-consult.com>
Message-ID: <20160310205521.GB39508@cowbell.employees.org>
Mail-Followup-To: Robert Moskowitz <rgm@htt-consult.com>, hipsec@ietf.org
References: <56E03F56.5040300@htt-consult.com> <56E176AB.5070709@htt-consult.com> <20160310191041.GA14546@cowbell.employees.org> <56E1D565.5060605@htt-consult.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <56E1D565.5060605@htt-consult.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/hipsec/2Ta2FJWwS6KCwHDiCWuxHBwh13w>
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] IPCOMP support in HIP
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 20:55:33 -0000

On Thu, Mar 10, 2016 at 03:13:25pm -0500, Robert Moskowitz wrote:
> I have looked at both the CRIME and BREACH attacks and neither would 
> work against IPCOMP within ESP.

Ah,  good.

> It DOES change some of my thoughts about compression as a XML option for 
> use in DOTS.  That is pretty much what CRIME is attacking.

So my spanner wasn't totally worthless :-)

DF