Re: [Hipsec] Status of draft-ietf-hip-dex

Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Wed, 16 January 2019 08:16 UTC

Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48B441310F4 for <hipsec@ietfa.amsl.com>; Wed, 16 Jan 2019 00:16:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.853
X-Spam-Level:
X-Spam-Status: No, score=-8.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ptwo8RoYG2PZ for <hipsec@ietfa.amsl.com>; Wed, 16 Jan 2019 00:16:31 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 463AA13115C for <hipsec@ietf.org>; Wed, 16 Jan 2019 00:16:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1547626586; x=1550218586; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=lqKqWrEDm3K46AVM7qaUhBDesmD3BE8i84gyNkAcVNw=; b=PLel3KDzFIUxmMsW17JKuPgmrbfPkBfF9PxPf+DFspFWPs5jik3eT9TEQ8tPwtks qCtmUREAu4oasw7qIDafXeppDeXp5yzrShrPqeXzRievriTYEO4znmGQWfUCGWTE RaMTZo3X2cBWnWngs62GMNS4ZwotkX5w1O4ly4JtL1o=;
X-AuditID: c1b4fb25-209009e000005ff7-9a-5c3ee85a1088
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id F5.C4.24567.A58EE3C5; Wed, 16 Jan 2019 09:16:26 +0100 (CET)
Received: from ESESSMB505.ericsson.se (153.88.183.166) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 16 Jan 2019 09:15:26 +0100
Received: from [100.94.2.65] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.193) with Microsoft SMTP Server id 15.1.1466.3 via Frontend Transport; Wed, 16 Jan 2019 09:15:25 +0100
To: =?UTF-8?Q?Ren=c3=a9_Hummen?= <hummen.committees@gmail.com>, 'Robert Moskowitz' <rgm@htt-consult.com>, 'HIP' <hipsec@ietf.org>
References: <b1d0d946-2e8c-ecbe-9a9f-9e3ee1e33528@ericsson.com> <074001d4ad29$9b24eda0$d16ec8e0$@gmail.com>
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
Openpgp: preference=signencrypt
Autocrypt: addr=Gonzalo.Camarillo@ericsson.com; prefer-encrypt=mutual; keydata= xsBNBEtSyYUBCADL7itybUN0VVtGQuO81AdviJNSo/BIc6xuVUofHlr/U9CbQcSrRSggvTfa 6n5o9t9zAuwp9pp+hQfSzn4/LrEaV2BmEfAFclSl57IhsXDJecw58JqGZrjahIjgU+rmZKPE RqLzubmI3ltEolLb4kkB9Y8FIQBnE1N3O0wHp7BE8VI5pQX24UkRkEtUptmhwnaehURg9atb 1myxbt1nUDEA5PLJNbPeXxPRJ058OEnPtToRinSCJ7BFtD6PoeUWgOL4kKdRbMyswDikiXnN Ntj1VkDQ6yi7pOb2qkviOzKOf/smqm4ovMxUrET7SzKw4icArL+xQUW3ayJyfSju1o5rABEB AAHNJkdvbnphbG8gQ2FtYXJpbGxvIDxnY2FtYXJpbEBnbWFpbC5jb20+wsCBBBMBAgArAhsj BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCWhwGngUJFGzXmQAKCRDRM1CYcD+HNkjG CACG39D/tNsA5xxSqRtN3JJCTfpj+BWqRckMEpBjBWlOOtb94QY8r9NHRIDwvA5qCVYRqQTI qVyReNw/CkOuaah2rbCdhsng6ZAMzFovXSEnbz+wse4QiKybHvjlJJA9qQiNlne57NVlNvLN LrpZJGmSJlJBBEQRq3Z9Crl2tWFkB6mmoXNnoRej6eVmhFoAo3td5loHo55nqYVZYtAHbXan ggmPI12gUigKf4PuvIISpdokSlkpam02Y61ygtqrlYvNnM+GpbayW2X3ZY5x6bwUwfkRSUCj +xslGaRfJUwr8kUxhVlcLR6qVcjNxWeZf9XKVH86OxEJVUVFsChlDAvHzsBNBEtSyYUBCADB qzP0B7lWge5Hn1648WPWrmUg8r3723XL/zUZe1zyEVsY9VyWhrBmuEy7Xm7wdLt0+BBXWJez 7/wWR9w/63qT+3+W0fe6SDXeZqF+HtYO5QPuu/VYtex0e3TI2w4s53ZM5KQCQF60kTDoK43e 5a6/G2GCKMPpkVKxpIeOiDITiRXq9GV7KHkQpPczqj9ImWp2M9sEIngZRaKILU//TaiWnRGR i6vN/sAvfEuu1fXTwpR6bBdD9wIZgyeSqEgxnioDdyFZYkTFl9G8TuLxNIdpVPzW2M9PKRQs i/kl/Kadsgnd8RtlP7cPoIqLMjmOfGwR8EVbKpmkM1+iKJ+g9F/bABEBAAHCwGUEGAECAA8C GwwFAlocBq4FCRRs16kACgkQ0TNQmHA/hzamwgf/Tnr7/WYnKNmEYvwr/GxhSelVYsBwejkz tCXa4gmVkErgPBEYsUtWAP+jVoYndG74v/3zBPHl4CehE9RnAJ+lpsWjwsn0qPI7sCik3Xqv c44g/RQF9RSI8DckQM0MqLJNazzq4tBi/ZbILWNx2N4LrEzhwoePug3MDn3rCv1Xpr/B60or p1zixtSRKyZo+L7UjttUdJkqxUbC35pBlZlDAL2Dop9He7XwUFofyW1Xvn9xxx0NasnlJX9G 288peTb41bQrs9SqaH1aVLXBTo7S9o+8oB9DLTIIwDQqfxqTWpGIfBhiTm9d7ai9WcFC8jSW zJtc/6luXoGjvUlBzQx0jQ==
Message-ID: <4fc59ec2-8ff3-f1ca-ef41-222dc103666f@ericsson.com>
Date: Wed, 16 Jan 2019 10:15:23 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <074001d4ad29$9b24eda0$d16ec8e0$@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrLLMWRmVeSWpSXmKPExsUyM2J7uW7UC7sYg96TPBZTF01mtnh39DuL RcO6z4wOzB47Z91l99g9qYndY8mSn0wBzFFcNimpOZllqUX6dglcGadO3GYpmCVZcXfLeuYG xikiXYycHBICJhIT/v5g7WLk4hASOMIoMXPPWyaQhJDAN0aJy1d8IRKHGCX2vD7BApIQFjCS 2LZ5GjNIQkSgmVFi2ZzVLBAduRLrGuYygthsAhYSW27dB4vzC8hLdC24ygxiMwrc45WY8DS/ i5GDg1fAXuJvoxBImEVAVWJ94wewclGBWIn2N+vBjuAVEJQ4OfMJWJwTaOT9K/PYQFqZBTQl 1u/SBwkzC4hL3HoynwnClpdo3jqbGeIabYnlz1pYJjAKz0IyaRZC9ywk3bOQdC9gZFnFKFqc WpyUm25krJdalJlcXJyfp5eXWrKJERgJB7f8Vt3BePmN4yFGAQ5GJR7e41ftYoRYE8uKK3OB 4cTBrCTC+3MJUIg3JbGyKrUoP76oNCe1+BCjNAeLkjjvHyHBGCGB9MSS1OzU1ILUIpgsEwen VAMjb8RipgKvVdN3ZB3elZ73ckoVc6p22jSxAjWzG6/Td+o3HLP0XN/oc/R3WuWGE2d6X125 ElniO3ft1a78B4e///h/fHLu2c9aE5tyw56e+FS/+WGpxu6I5Vx+Zhdr1k3J1VM4+KTJZsXl XzV+jCsEJ87v/vbH5z7/uYUqD1bP3SEhJd7Hu4d1rxJLcUaioRZzUXEiAM8vc0uAAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/6rvM3U6qqM1RyImKeZkiF0a-nsE>
Subject: Re: [Hipsec] Status of draft-ietf-hip-dex
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jan 2019 08:16:33 -0000

Hi Rene,

if you do not hear anything against your explanation before, please
engage with Terry and Eric so that we can move forward. Thanks!

Cheers,

Gonzalo

On 16-Jan-19 01:25, René Hummen wrote:
> Hi Gonzalo, Bob, all,
> 
> sorry for being unresponsive. 
> 
> I have been working extensively on the draft in the past since becoming
> co-editor of draft-moskowitz-hip-dex-01 back in March 2014, but I have not
> been following HIP-related emails lately in accordance with Bob. I also want
> to take this opportunity to note that I will not have any significant amount
> of time for contributions in the future.
> 
> That said, I still would like to briefly explain the high-level rationale
> behind our choice of cryptographic primitives for HIP DEX, which are Eric's
> key points as I see it:
> In 2014 and beyond, many (Industrial) IoT devices often did not offer
> communication security or relied on fixed symmetric keys, potentially
> resulting in overuse of these keys. This was - and to my understanding still
> is - a direct result of the relatively high cost (ROM, RAM, CPU cycles,
> network usage) of public key cryptography on many microcontroller-based
> embedded devices.
> 
> Taking HIP BEX as a starting point, the idea therefore was to reduce the
> overhead of the cryptographic primitives by omitting public-key signatures
> and hash functions as the main overhead drivers regarding the above cost
> factors. That also meant losing some cryptographic properties such as PFS
> and SIGMA-compliance, many of which are taken for granted for traditional
> Internet security.
> 
> This is the trade-off that we were willing to accept for HIP DEX in order to
> improve on deployed state of the art and our approach is to be very open
> about these trade-offs. This is why we added text to that direction right to
> the start of the document
> (https://tools.ietf.org/html/draft-ietf-hip-dex-06#section-1).
> 
> I suggest for the WG to decide whether this rationale and these trade-offs
> are still valid and acceptable in 2019 and to proceed accordingly.
> 
> @Bob: Please comment if your view differs.
> 
> Regards,
> René
> 
> 
> -----Original Message-----
> From: Hipsec <hipsec-bounces@ietf.org> On Behalf Of Gonzalo Camarillo
> Sent: Dienstag, 15. Januar 2019 15:28
> To: HIP <hipsec@ietf.org>
> Subject: [Hipsec] Status of draft-ietf-hip-dex
> 
> Hi,
> 
> I want to give the group a status update on the HIP DEX draft. Terry, our
> AD, had to remove it from the agenda of the telechat where it was going to
> be discussed (in May) because of security-related concerns about the draft
> (from the Security ADs). We have been periodically pinging Rene and Bob
> (authors of the draft) since then (9 months!), but we have not been able to
> get any response from them... note that we had added Rene as a coauthor of
> this draft because Bob's lack of cycles.
> 
> Terry would like to get this done by the end of February. Any proposals on
> how to proceed?
> 
> Cheers,
> 
> Gonzalo
> 
> _______________________________________________
> Hipsec mailing list
> Hipsec@ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec
>