Re: [Hipsec] Status of draft-ietf-hip-dex

Gonzalo Camarillo <> Wed, 16 January 2019 08:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 48B441310F4 for <>; Wed, 16 Jan 2019 00:16:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.853
X-Spam-Status: No, score=-8.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Ptwo8RoYG2PZ for <>; Wed, 16 Jan 2019 00:16:31 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 463AA13115C for <>; Wed, 16 Jan 2019 00:16:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256;; s=mailgw201801; c=relaxed/relaxed; q=dns/txt;; t=1547626586; x=1550218586; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=lqKqWrEDm3K46AVM7qaUhBDesmD3BE8i84gyNkAcVNw=; b=PLel3KDzFIUxmMsW17JKuPgmrbfPkBfF9PxPf+DFspFWPs5jik3eT9TEQ8tPwtks qCtmUREAu4oasw7qIDafXeppDeXp5yzrShrPqeXzRievriTYEO4znmGQWfUCGWTE RaMTZo3X2cBWnWngs62GMNS4ZwotkX5w1O4ly4JtL1o=;
X-AuditID: c1b4fb25-209009e000005ff7-9a-5c3ee85a1088
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id F5.C4.24567.A58EE3C5; Wed, 16 Jan 2019 09:16:26 +0100 (CET)
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 16 Jan 2019 09:15:26 +0100
Received: from [] ( by ( with Microsoft SMTP Server id 15.1.1466.3 via Frontend Transport; Wed, 16 Jan 2019 09:15:25 +0100
To: René Hummen <>, 'Robert Moskowitz' <>, 'HIP' <>
References: <> <074001d4ad29$9b24eda0$d16ec8e0$>
From: Gonzalo Camarillo <>
Openpgp: preference=signencrypt
Autocrypt:; prefer-encrypt=mutual; keydata= xsBNBEtSyYUBCADL7itybUN0VVtGQuO81AdviJNSo/BIc6xuVUofHlr/U9CbQcSrRSggvTfa 6n5o9t9zAuwp9pp+hQfSzn4/LrEaV2BmEfAFclSl57IhsXDJecw58JqGZrjahIjgU+rmZKPE RqLzubmI3ltEolLb4kkB9Y8FIQBnE1N3O0wHp7BE8VI5pQX24UkRkEtUptmhwnaehURg9atb 1myxbt1nUDEA5PLJNbPeXxPRJ058OEnPtToRinSCJ7BFtD6PoeUWgOL4kKdRbMyswDikiXnN Ntj1VkDQ6yi7pOb2qkviOzKOf/smqm4ovMxUrET7SzKw4icArL+xQUW3ayJyfSju1o5rABEB AAHNJkdvbnphbG8gQ2FtYXJpbGxvIDxnY2FtYXJpbEBnbWFpbC5jb20+wsCBBBMBAgArAhsj BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCWhwGngUJFGzXmQAKCRDRM1CYcD+HNkjG CACG39D/tNsA5xxSqRtN3JJCTfpj+BWqRckMEpBjBWlOOtb94QY8r9NHRIDwvA5qCVYRqQTI qVyReNw/CkOuaah2rbCdhsng6ZAMzFovXSEnbz+wse4QiKybHvjlJJA9qQiNlne57NVlNvLN LrpZJGmSJlJBBEQRq3Z9Crl2tWFkB6mmoXNnoRej6eVmhFoAo3td5loHo55nqYVZYtAHbXan ggmPI12gUigKf4PuvIISpdokSlkpam02Y61ygtqrlYvNnM+GpbayW2X3ZY5x6bwUwfkRSUCj +xslGaRfJUwr8kUxhVlcLR6qVcjNxWeZf9XKVH86OxEJVUVFsChlDAvHzsBNBEtSyYUBCADB qzP0B7lWge5Hn1648WPWrmUg8r3723XL/zUZe1zyEVsY9VyWhrBmuEy7Xm7wdLt0+BBXWJez 7/wWR9w/63qT+3+W0fe6SDXeZqF+HtYO5QPuu/VYtex0e3TI2w4s53ZM5KQCQF60kTDoK43e 5a6/G2GCKMPpkVKxpIeOiDITiRXq9GV7KHkQpPczqj9ImWp2M9sEIngZRaKILU//TaiWnRGR i6vN/sAvfEuu1fXTwpR6bBdD9wIZgyeSqEgxnioDdyFZYkTFl9G8TuLxNIdpVPzW2M9PKRQs i/kl/Kadsgnd8RtlP7cPoIqLMjmOfGwR8EVbKpmkM1+iKJ+g9F/bABEBAAHCwGUEGAECAA8C GwwFAlocBq4FCRRs16kACgkQ0TNQmHA/hzamwgf/Tnr7/WYnKNmEYvwr/GxhSelVYsBwejkz tCXa4gmVkErgPBEYsUtWAP+jVoYndG74v/3zBPHl4CehE9RnAJ+lpsWjwsn0qPI7sCik3Xqv c44g/RQF9RSI8DckQM0MqLJNazzq4tBi/ZbILWNx2N4LrEzhwoePug3MDn3rCv1Xpr/B60or p1zixtSRKyZo+L7UjttUdJkqxUbC35pBlZlDAL2Dop9He7XwUFofyW1Xvn9xxx0NasnlJX9G 288peTb41bQrs9SqaH1aVLXBTo7S9o+8oB9DLTIIwDQqfxqTWpGIfBhiTm9d7ai9WcFC8jSW zJtc/6luXoGjvUlBzQx0jQ==
Message-ID: <>
Date: Wed, 16 Jan 2019 10:15:23 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <074001d4ad29$9b24eda0$d16ec8e0$>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrLLMWRmVeSWpSXmKPExsUyM2J7uW7UC7sYg96TPBZTF01mtnh39DuL RcO6z4wOzB47Z91l99g9qYndY8mSn0wBzFFcNimpOZllqUX6dglcGadO3GYpmCVZcXfLeuYG xikiXYycHBICJhIT/v5g7WLk4hASOMIoMXPPWyaQhJDAN0aJy1d8IRKHGCX2vD7BApIQFjCS 2LZ5GjNIQkSgmVFi2ZzVLBAduRLrGuYygthsAhYSW27dB4vzC8hLdC24ygxiMwrc45WY8DS/ i5GDg1fAXuJvoxBImEVAVWJ94wewclGBWIn2N+vBjuAVEJQ4OfMJWJwTaOT9K/PYQFqZBTQl 1u/SBwkzC4hL3HoynwnClpdo3jqbGeIabYnlz1pYJjAKz0IyaRZC9ywk3bOQdC9gZFnFKFqc WpyUm25krJdalJlcXJyfp5eXWrKJERgJB7f8Vt3BePmN4yFGAQ5GJR7e41ftYoRYE8uKK3OB 4cTBrCTC+3MJUIg3JbGyKrUoP76oNCe1+BCjNAeLkjjvHyHBGCGB9MSS1OzU1ILUIpgsEwen VAMjb8RipgKvVdN3ZB3elZ73ckoVc6p22jSxAjWzG6/Td+o3HLP0XN/oc/R3WuWGE2d6X125 ElniO3ft1a78B4e///h/fHLu2c9aE5tyw56e+FS/+WGpxu6I5Vx+Zhdr1k3J1VM4+KTJZsXl XzV+jCsEJ87v/vbH5z7/uYUqD1bP3SEhJd7Hu4d1rxJLcUaioRZzUXEiAM8vc0uAAgAA
Archived-At: <>
Subject: Re: [Hipsec] Status of draft-ietf-hip-dex
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Jan 2019 08:16:33 -0000

Hi Rene,

if you do not hear anything against your explanation before, please
engage with Terry and Eric so that we can move forward. Thanks!



On 16-Jan-19 01:25, René Hummen wrote:
> Hi Gonzalo, Bob, all,
> sorry for being unresponsive. 
> I have been working extensively on the draft in the past since becoming
> co-editor of draft-moskowitz-hip-dex-01 back in March 2014, but I have not
> been following HIP-related emails lately in accordance with Bob. I also want
> to take this opportunity to note that I will not have any significant amount
> of time for contributions in the future.
> That said, I still would like to briefly explain the high-level rationale
> behind our choice of cryptographic primitives for HIP DEX, which are Eric's
> key points as I see it:
> In 2014 and beyond, many (Industrial) IoT devices often did not offer
> communication security or relied on fixed symmetric keys, potentially
> resulting in overuse of these keys. This was - and to my understanding still
> is - a direct result of the relatively high cost (ROM, RAM, CPU cycles,
> network usage) of public key cryptography on many microcontroller-based
> embedded devices.
> Taking HIP BEX as a starting point, the idea therefore was to reduce the
> overhead of the cryptographic primitives by omitting public-key signatures
> and hash functions as the main overhead drivers regarding the above cost
> factors. That also meant losing some cryptographic properties such as PFS
> and SIGMA-compliance, many of which are taken for granted for traditional
> Internet security.
> This is the trade-off that we were willing to accept for HIP DEX in order to
> improve on deployed state of the art and our approach is to be very open
> about these trade-offs. This is why we added text to that direction right to
> the start of the document
> (
> I suggest for the WG to decide whether this rationale and these trade-offs
> are still valid and acceptable in 2019 and to proceed accordingly.
> @Bob: Please comment if your view differs.
> Regards,
> René
> -----Original Message-----
> From: Hipsec <> On Behalf Of Gonzalo Camarillo
> Sent: Dienstag, 15. Januar 2019 15:28
> To: HIP <>
> Subject: [Hipsec] Status of draft-ietf-hip-dex
> Hi,
> I want to give the group a status update on the HIP DEX draft. Terry, our
> AD, had to remove it from the agenda of the telechat where it was going to
> be discussed (in May) because of security-related concerns about the draft
> (from the Security ADs). We have been periodically pinging Rene and Bob
> (authors of the draft) since then (9 months!), but we have not been able to
> get any response from them... note that we had added Rene as a coauthor of
> this draft because Bob's lack of cycles.
> Terry would like to get this done by the end of February. Any proposals on
> how to proceed?
> Cheers,
> Gonzalo
> _______________________________________________
> Hipsec mailing list