Re: [Hipsec] Proposed new list for HIP_TRANSFORM
Miika Komu <miika.komu@hiit.fi> Wed, 06 January 2010 21:52 UTC
Return-Path: <miika.komu@hiit.fi>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1CB473A67F6 for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 13:52:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.197
X-Spam-Level:
X-Spam-Status: No, score=-2.197 tagged_above=-999 required=5 tests=[AWL=0.402, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7wAnU8-SoWUQ for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 13:52:35 -0800 (PST)
Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 2C6AD3A6767 for <hipsec@ietf.org>; Wed, 6 Jan 2010 13:52:32 -0800 (PST)
Received: from ip104.infrahip.net (cs27096138.pp.htv.fi [89.27.96.138]) by argo.otaverkko.fi (Postfix) with ESMTP id 842D525ED18; Wed, 6 Jan 2010 23:52:30 +0200 (EET)
Message-ID: <4B45061D.8000201@hiit.fi>
Date: Wed, 06 Jan 2010 22:52:29 +0100
From: Miika Komu <miika.komu@hiit.fi>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Robert Moskowitz <rgm@htt-consult.com>
References: <4B440CA5.3010209@htt-consult.com> <4B44C35E.8090200@hiit.fi> <4B44CA15.2070905@htt-consult.com> <4B44D016.7050102@hiit.fi> <4B44D414.4080501@htt-consult.com> <4B450297.1070708@hiit.fi> <4B4505A8.4010009@htt-consult.com>
In-Reply-To: <4B4505A8.4010009@htt-consult.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] Proposed new list for HIP_TRANSFORM
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: miika.komu@hiit.fi
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2010 21:52:37 -0000
Robert Moskowitz wrote: Hi, > On 01/06/2010 04:37 PM, Miika Komu wrote: >> Robert Moskowitz wrote: >> >> Hi, >> >>> On 01/06/2010 01:01 PM, Miika Komu wrote: >>>> Robert Moskowitz wrote: >>>> >>>> Hi, >>>> >>>>> On 01/06/2010 12:07 PM, Miika Komu wrote: >>>>>> Robert Moskowitz wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>>> Proposed new list for HIP_TRANSFORM: >>>>>>> >>>>>>> Suite ID Value >>>>>>> >>>>>>> RESERVED 0 >>>>>>> AES-CBC with HMAC-SHA1 1 ([RFC3602], >>>>>>> [RFC2404]) >>>>>>> 3DES-CBC with HMAC-SHA1 2 ([RFC2451], >>>>>>> [RFC2404]) >>>>>>> DEPRECATED 3 >>>>>>> BLOWFISH-CBC with HMAC-SHA1 4 ([RFC2451], >>>>>>> [RFC2404]) >>>>>>> NULL-ENCRYPT with HMAC-SHA1 5 ([RFC2410], >>>>>>> [RFC2404]) >>>>>>> DEPRECATED 6 >>>>>>> NULL-ENCRYPT with HMAC-SHA2 7 ([RFC2410], >>>>>>> [RFC4868]) >>>>>>> AES-CBC with HMAC-SHA2 8 ([RFC3602], >>>>>>> [RFC4868]) >>>>>>> AES-CCM-8 9 [RFC4309] >>>>>>> AES-CCM-12 10 [RFC4309] >>>>>>> AES-CCM-16 11 [RFC4309] >>>>>>> AES-GCM with a 8 octet ICV 12 [RFC4106] >>>>>>> AES-GCM with a 12 octet ICV 13 [RFC4106] >>>>>>> AES-GCM with a 16 octet ICV 14 [RFC4106] >>>>>> >>>>>> seems fine with me. Should the "natural" key size be reflected in >>>>>> some of the algorithms descriptions? >>>>> >>>>> I am not sure what you are alluding to here. Key sizes for >>>>> AES-based transforms start at 128 and go up. If you are asking >>>>> about those 8/12/16 sizes in CCM and GCM, that applies to the auth >>>>> size. >>>> >>>> do we have to negotiate AES key size? >>> >>> OOPS. Good catch. We want to make sure we have Suite B support... >>> >>> Trying to dig around, how is it handled elsewhere, an ISAKMP keysize >>> TLV for IKE and ESP? >>> >>> I have some thoughts for a simple way here... >> >> either we fix the key size in the suite id or we negotiate it as >> max(key-size-in-r1, key-size-in-i2). > > So we either add a KEYSIZE parameter or change the HIP_TRANSFORM > parameter to include a key size. Any why the max of the two? Rather > the max in common. Say R1 has 128, 192, 256 and I2 has 128 and 192. > Thus the agreed keysize is 192, not 256. it could be also "initiator chooses".
- [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Andrew McGregor
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
- [Hipsec] Fwd: Proposed new list for HIP_TRANSFORM Tobias Heer