Re: [Hipsec] Last Call: <draft-ietf-hip-dex-24.txt> (HIP Diet EXchange (DEX)) to Proposed Standard
Jeff Ahrenholz <j.ahrenholz@tempered.io> Tue, 02 February 2021 18:42 UTC
Return-Path: <j.ahrenholz@tempered.io>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44D703A0DE2; Tue, 2 Feb 2021 10:42:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tempered.io
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iOMyvHVHAc5E; Tue, 2 Feb 2021 10:42:23 -0800 (PST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2052.outbound.protection.outlook.com [40.107.243.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BB833A1041; Tue, 2 Feb 2021 10:42:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J+fKtlQO1H0m5c8YJaqZQmNyEMRX7dreLZ/A+8Np7KuUZvZfHkIVizZsQvH39rttl/9nAN4uxgqwP6Vuo4ykpqmGnzW6Ac7AVQTo9u2e6Bw3bYwrhYkeAq5lHSCe1WQRa3TnwjLmw/RhgGT/3HBmY1f8mV8ge0CmUQZbnhsq7XbpNGx0pVBxoyrEqsrLSGbfjxU/5j3Pwyl4S/Zd5F82cY0BFPWaeXVdDPodHdk5/WFttV9FJ0IHZGdcQj6y0/bCb7vJp2R0SA1eKUGJQm2MUy0zc+lp5HxZ7I7MQFKYBLrFb6DpcWt5I8JSTBHISufXiy726OeeNUEyUUuIt8bGtA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bwk0P4WBtlX1T1zIKqwdzd11V/eNGOqKkehHh30NEzA=; b=g7zoh8LiUitDdXy9u/HXT5V2RZ/yDXuaVRfjk8zG54LZTDJTEiNmwv1ZO92DZFS7R1dtv7g3r1OwNDpaZRu8VDxmpU32GbeOr00E2Vb2K9n1xPBIokc4wWl53k2Ylqcp5W/WKTsWIPhQKep1Fnq+XpX6j0smFLKKG8UChzVajh/rkS1xl/uw6yLZGXo27ICfmYJHpKx2ba/fxDxJBPm628pUHoxGU1qB7lAn9qBWC4Nqlxn5tx5AGO4CCYFlH6/xZvEDaUsQC6UNEdkGqt1aiBDcBLnyX/rYlbHsjk9HA7mzdT4vUNWko+0Z9ziuvx9EHtBaHFIxBRNmAtye9VtEeA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=tempered.io; dmarc=pass action=none header.from=tempered.io; dkim=pass header.d=tempered.io; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tempered.io; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bwk0P4WBtlX1T1zIKqwdzd11V/eNGOqKkehHh30NEzA=; b=B4i7L5yZghriBhSQfm91u2V0MTlcKvCHObd4iu3LdXUf4NP5U0z09m0XAJPMox9jYcMEllIm4pdOoJoU+W+hbNBcN0SCD0oete7RVtub3MhEJmOjmYCVe6lTBdiTHSakHf/w7AgbSn0yXdnU5nLS7zlmX+Y4QcSfX9GcFqMGtfY7644PKPFp/8R8u2XuFAQoQZhCP8dodHO5OPn38ajcqTjPIwIjCkJZ1QELSWOiFCCemfGDLuc2qWbdM8HBcU3f9iqQGFgKHMKYfopWLh5aHOzYXuCL4xIJRrqYlZZjfHuTrYbDQE1gDNDypzq8F8GBpKUrYM+uJjQpM+ypKjNO/Q==
Received: from MWHPR22MB0974.namprd22.prod.outlook.com (2603:10b6:300:132::14) by CO6PR22MB2626.namprd22.prod.outlook.com (2603:10b6:303:ad::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.19; Tue, 2 Feb 2021 18:42:20 +0000
Received: from MWHPR22MB0974.namprd22.prod.outlook.com ([fe80::2064:2217:4865:f58e]) by MWHPR22MB0974.namprd22.prod.outlook.com ([fe80::2064:2217:4865:f58e%10]) with mapi id 15.20.3805.028; Tue, 2 Feb 2021 18:42:20 +0000
From: Jeff Ahrenholz <j.ahrenholz@tempered.io>
To: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
CC: "draft-ietf-hip-dex@ietf.org" <draft-ietf-hip-dex@ietf.org>, "hip-chairs@ietf.org" <hip-chairs@ietf.org>, "hipsec@ietf.org" <hipsec@ietf.org>
Thread-Topic: Last Call: <draft-ietf-hip-dex-24.txt> (HIP Diet EXchange (DEX)) to Proposed Standard
Thread-Index: AQHW7z5TZeHQrAVQe02VTs2KlDsf9KpFRoe1
Date: Tue, 02 Feb 2021 18:42:20 +0000
Message-ID: <MWHPR22MB097477845C3F808A149FB8E1EDB59@MWHPR22MB0974.namprd22.prod.outlook.com>
References: <161115411446.925.13438084676436304288@ietfa.amsl.com>, <29AAD2A6-3AE1-4356-A444-7BFC9291C8CB@cisco.com>
In-Reply-To: <29AAD2A6-3AE1-4356-A444-7BFC9291C8CB@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none; dmarc.ietf.org; dmarc=none action=none header.from=tempered.io;
x-originating-ip: [73.254.156.159]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ca6a8f0d-4db6-4b3b-ed7d-08d8c7aa4605
x-ms-traffictypediagnostic: CO6PR22MB2626:
x-microsoft-antispam-prvs: <CO6PR22MB26260FABAA2C988DED2B6295EDB59@CO6PR22MB2626.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7JAcM2h1vsViachsHr8HUy/VSU1cVb+AbVE1CEsVUW+ZZmaxIQtBNCvtN9JxMHv4x5jcNHicXLdVecAnx6bjAHGa1kN273JFI6VpXrpwULoojyRveaSGNyZztXSUZtbuz339Jg/2o7WQuO0twHiQzo8XuhsJ3SXZyw6Frt9MG/AwKstSjxFn+zKDL2ssm3U1z0WAtboPiAhHGy8tF6M9ZsBWaDf1NwiASO0v+eW/fAG48yC3KNZYsxAFpQnT9pEWZYFUXF+0V3aQaIdKH1MxsFto1F1bNpZUrgYJmMkDtiN8toWKuU/n9R2YWW0DnZwKZJwGx2tNKEqsbIBfPY8Z6g2Ejrb9KjomYPXTpXt7km0/35cJoQOMJl0MbutCvGhrCOkaYckmS806+ySxyZr32sFdOfbnRhQqhSg/gej1/36zwVvRt+dZYEa7AddDChL/ApU3vjnxpByslu/I6d0nkRtP3yvhQzNwa5ON5gizbMfdkKViz3LQW6TotQ4MZTXUgiswJ2PdT62do3Yyvqqnp9dPmn2o+D0ynVb6W9xFksv2FJUtnPIWPRmF0/gGsuM2w5mfPOLCqvilm4Kyprxsly/W+A7VGun2LKhKxDwiiMY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR22MB0974.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(136003)(366004)(346002)(396003)(39840400004)(54906003)(316002)(110136005)(71200400001)(52536014)(5660300002)(83380400001)(76116006)(166002)(66556008)(66446008)(66946007)(6506007)(53546011)(86362001)(4326008)(186003)(8676002)(478600001)(64756008)(26005)(966005)(66476007)(7696005)(8936002)(55016002)(33656002)(9686003)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: EAVRvcXzurbqQBzLM1k1R4VqquB3ZXU8Cq3Jd1sTXTUudP4efddTusE51HlLx9EWb2awm30MaaEUeXTUWnT8o6b7oVY42ky1F5KJy+GaPusge5fnuC4VezyxGca6l/EBFiZQls7VIYdIm9h4ZaFsHoeAH+LQnwlsvzDRgGn7FQMe3WuEZg1otweJj64SWOLwTYvZSyMJURpJ0gPDAxkhRHz3xs6uffjWEJ4Nas3lGmzNUQmlSdlWB683SwBzCgghVtQjlP6kOAZIGK0nc6wT4CVtBtPrfJgppAYIV7Zr1T0QuGzTQ5ayPn07vi2tg/6tjosILDxQ2tLwggwwUQE4ECTvXLMTZTfteGgXrAr4BPMnkwJab9hTh2K+cK96iM4ICYgXwRZf2IKQcVJsZCgsJ7Ct7nwZK+f4imTjYH3oil8PxJ0LlunTmBUmKPhkqXeD+CtM2qQ5JM/yEfE1yhAiid0PdDCwygW+9vQ2zpHMOBqyydbDc4n1DQL3GtN/vd2PG6bMrDwzEG1tvu66g7US9v5GN7Nc6y9MotqNmNRvkM+uxue6AlqHxk+yFmUe9o5tkhbQ/HhMl0LhKeN5gMMnrq4DJdcX+LxSIl76AdQZ7/HGGhA1fJ4o2xkqM1MOnzZROAHmuq1YAE7uVSrHPQSyFo7l3R/xKiH0VkfvFs5F8njutGO5t9z+9l2zrp00Y4BHQOggcvhkuF36W5XhfDtjiesuyGgpfovac+smGGE9HUB72uPTfzaOVbxVgklOg1/RuTmdca74WofOUkWz1CoKhIXA/IeiBn9rvRp92MlEMgHyFa7yloglSYyYMzW7B9VyJuqYtAywPb6u5Unt0jijTdN+vM7PFRkPQZ0C6wAvDWQOAgbj3Vgsp/4B3n/4YMYFYj75Otwnz2R3P4cBuOhfO2vLZLnmi5LYBFi+Grfcn3oHXVO8mmEr4HUIXOXezEEoYNDJ7iPS6EPzD2arKpNA5RCmXRTzF16G2zmGp+Rcu2dOP2GdH2FuCbttEZv/0pXKWEO19djSySugk1ak5a6ZQpK/b70j0czY9nLKHR+mMrpADq63LRt7QhmCyNbEBX2VFxWl0z9PAJwyg/RYdp9KLA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR22MB097477845C3F808A149FB8E1EDB59MWHPR22MB0974namp_"
MIME-Version: 1.0
X-OriginatorOrg: tempered.io
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR22MB0974.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ca6a8f0d-4db6-4b3b-ed7d-08d8c7aa4605
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2021 18:42:20.4927 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0816e7af-ac4a-4e9e-ae57-e5f50bdac4dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BGw/2cVg5kvlOXkEuE5gGffOjA20SvO3JW2zLPOPDJi2Y2rLP7xvu/NLNMyUXnJ34jDrELaGkBuldrWJsXthvA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR22MB2626
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/toLGQZvVs9t9TENSLmOd5gs8foE>
Subject: Re: [Hipsec] Last Call: <draft-ietf-hip-dex-24.txt> (HIP Diet EXchange (DEX)) to Proposed Standard
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 18:42:27 -0000
I took a read through the changes using the diff link, and I think this draft looks good. I found the section on differences between HIPv2 BEX and DEX to be quite helpful. It was nice to see Section 7.1 on the HIT/HI ACL, this is what we do in practice, when using the HIP BEX. regards, -Jeff From: Hipsec <hipsec-bounces@ietf.org> Date: Wednesday, January 20, 2021 at 7:10 AM To: last-call@ietf.org <last-call@ietf.org>, IETF-Announce <ietf-announce@ietf.org> Cc: draft-ietf-hip-dex@ietf.org <draft-ietf-hip-dex@ietf.org>, hip-chairs@ietf.org <hip-chairs@ietf.org>, hipsec@ietf.org <hipsec@ietf.org> Subject: Re: [Hipsec] Last Call: <draft-ietf-hip-dex-24.txt> (HIP Diet EXchange (DEX)) to Proposed Standard There have been several of *significant* changes since the IETF last call in November 2019 on the -11 revision, so, as the responsible AD, I am asking the IETF community for 3rd review on the latest revision -24. The changes include at least: applicability statement, use of the FOLD function, I_NONCE, input keying material for master/pair-wise key generation, security section, some deleted DH groups and ciphers. For your convenience the diff between the two versions: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-dex-24&url1=draft-ietf-hip-dex-11 Thank you in advance for your valuable comments before the 3rd of February 2021, -éric vyncke PS: thank you for the previous reviewers, your comments have helped the authors to improve the document. Thank you as well to the authors for listening to those comments. -----Original Message----- From: <iesg-secretary@ietf.org> on behalf of The IESG <iesg-secretary@ietf.org> Reply-To: "last-call@ietf.org" <last-call@ietf.org> Date: Wednesday, 20 January 2021 at 15:48 To: IETF-Announce <ietf-announce@ietf.org> Cc: Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "draft-ietf-hip-dex@ietf.org" <draft-ietf-hip-dex@ietf.org>, Eric Vyncke <evyncke@cisco.com>, "gonzalo.camarillo@ericsson.com" <gonzalo.camarillo@ericsson.com>, "hip-chairs@ietf.org" <hip-chairs@ietf.org>, "hipsec@ietf.org" <hipsec@ietf.org> Subject: Last Call: <draft-ietf-hip-dex-24.txt> (HIP Diet EXchange (DEX)) to Proposed Standard The IESG has received a request from the Host Identity Protocol WG (hip) to consider the following document: - 'HIP Diet EXchange (DEX)' <draft-ietf-hip-dex-24.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2021-02-03. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2) and specifically developed for use on low end processors. The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and cryptographic hash functions. The HIP DEX protocol is primarily designed for computation or memory- constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. Unlike HIPv2, HIP DEX does not support Forward Secrecy (FS), and MUST only be used on devices where FS is prohibitively expensive. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-hip-dex/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc6261: Encrypted Signaling Transport Modes for the Host Identity Protocol (Experimental - IETF stream) _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] Last Call: <draft-ietf-hip-dex-24.txt> (… The IESG
- Re: [Hipsec] Last Call: <draft-ietf-hip-dex-24.tx… Eric Vyncke (evyncke)
- Re: [Hipsec] Last Call: <draft-ietf-hip-dex-24.tx… Jeff Ahrenholz
- Re: [Hipsec] Last Call: <draft-ietf-hip-dex-24.tx… Andrei Gurtov
- Re: [Hipsec] [Last-Call] Last Call: <draft-ietf-h… Eric Rescorla