[Hipsec] Fwd: New Version Notification for draft-ietf-hip-rfc5201-bis-04

Tobias Heer <heer@cs.rwth-aachen.de> Thu, 20 January 2011 20:53 UTC

Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D7F23A6824 for <hipsec@core3.amsl.com>; Thu, 20 Jan 2011 12:53:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0S2EIcD8Xf0m for <hipsec@core3.amsl.com>; Thu, 20 Jan 2011 12:53:52 -0800 (PST)
Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by core3.amsl.com (Postfix) with ESMTP id 67E473A681A for <hipsec@ietf.org>; Thu, 20 Jan 2011 12:53:52 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0LFC00FTPA6BYPH0@mta-1.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Thu, 20 Jan 2011 21:56:35 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.60,353,1291590000"; d="scan'208";a="89530389"
Received: from relay-auth-2.ms.rz.rwth-aachen.de (HELO relay-auth-2) ([134.130.7.79]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Thu, 20 Jan 2011 21:56:36 +0100
Received: from [192.168.3.3] ([unknown] [91.179.203.58]) by relay-auth-2.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0LFC000GCA6B6980@relay-auth-2.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Thu, 20 Jan 2011 21:56:35 +0100 (CET)
From: Tobias Heer <heer@cs.rwth-aachen.de>
Date: Thu, 20 Jan 2011 21:56:37 +0100
References: <20110120205032.AB7A23A6824@core3.amsl.com>
To: HIP <hipsec@ietf.org>
Message-id: <E907FD01-6C29-4CF5-B07F-BA6601541254@cs.rwth-aachen.de>
X-Mailer: Apple Mail (2.1082)
Subject: [Hipsec] Fwd: New Version Notification for draft-ietf-hip-rfc5201-bis-04
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jan 2011 20:53:53 -0000

Hello,

I just submitted a new version of RFC5201-bis.

http://www.ietf.org/id/draft-ietf-hip-rfc5201-bis-04.txt

Here is the changelog from version 03:

8.1.  Changes from draft-ietf-hip-rfc5201-bis-03

   o  Editorial changes to improve clarity and readability.

   o  Removed obsoleted (not applicable) attack from security
      consideration section.

   o  Added a requirement that hosts MUST support processing of ACK
      parameters with several SEQ numbers even when they do not support
      sending such parameters.

   o  Removed note on memory bound puzzles.  The use of memory bound
      puzzles was reconsidered but no convincing arguments for inclusion
      in this document have been made on the list.

   o  Changed references to reference the new bis documents.

   o  Specified the ECC curves and the hashes used for these.

   o  Specified representation of ECC curves in the HI.

   o  Added text on the dependency between RHASH and HMAC.

   o  Rephrased part of the security considerations to make them
      clearer.

   o  Clarified the use of HITs in opportunistic mode.

   o  Clarified the difference between HIP_MAC and HIP_MAC_2 as well as
      between SIGNATURE and SIGNATURE_2.

   o  Changed NOTIFY name for value 44 from SERVER_BUSY_PLEASE_RETRY to
      RESPONDER_BUSY_PLEASE_RETRY.

   o  Mentioned that there are multiple valid puzzle solutions.


Feel free to provide reviews, comments and suggestions.

Tobias


Anfang der weitergeleiteten E-Mail:

> Von: IETF I-D Submission Tool <idsubmission@ietf.org>
> Datum: 20. Januar 2011 21:50:32 MEZ
> An: heer@cs.rwth-aachen.de
> Kopie: thomas.r.henderson@boeing.com, petri.jokela@nomadiclab.com, robert.moskowitz@icsalabs.com
> Betreff: New Version Notification for draft-ietf-hip-rfc5201-bis-04
> 
> 
> A new version of I-D, draft-ietf-hip-rfc5201-bis-04.txt has been successfully submitted by Tobias Heer and posted to the IETF repository.
> 
> Filename:	 draft-ietf-hip-rfc5201-bis
> Revision:	 04
> Title:		 Host Identity Protocol
> Creation_date:	 2011-01-20
> WG ID:		 hip
> Number_of_pages: 119
> 
> Abstract:
> This document specifies the details of the Host Identity Protocol
> (HIP).  HIP allows consenting hosts to securely establish and
> maintain shared IP-layer state, allowing separation of the identifier
> and locator roles of IP addresses, thereby enabling continuity of
> communications across IP address changes.  HIP is based on a SIGMA-
> compliant Diffie-Hellman key exchange, using public key identifiers
> from a new Host Identity namespace for mutual peer authentication.
> The protocol is designed to be resistant to denial-of-service (DoS)
> and man-in-the-middle (MitM) attacks.  When used together with
> another suitable security protocol, such as the Encapsulated Security
> Payload (ESP), it provides integrity protection and optional
> encryption for upper-layer protocols, such as TCP and UDP.
> 
> This document obsoletes RFC 5201 and addresses the concerns raised by
> the IESG, particularly that of crypto agility.  It also incorporates
> lessons learned from the implementations of RFC 5201.
> 
> 
> 
> The IETF Secretariat.
> 
>