Re: [Hipsec] Proposed new list for HIP_TRANSFORM
Andrew McGregor <andrew@indranet.co.nz> Thu, 07 January 2010 03:22 UTC
Return-Path: <andrew@indranet.co.nz>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F2A7B3A67AD for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 19:22:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.565
X-Spam-Level:
X-Spam-Status: No, score=0.565 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RCVD_IN_SORBS_WEB=0.619, RDNS_NONE=0.1, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yjtSiYruIecm for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 19:22:15 -0800 (PST)
Received: from mail.indranet.co.nz (unknown [203.97.93.68]) by core3.amsl.com (Postfix) with ESMTP id 04A593A657C for <hipsec@ietf.org>; Wed, 6 Jan 2010 19:22:15 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.indranet.co.nz (Postfix) with ESMTP id 27C871256A9D; Thu, 7 Jan 2010 16:22:13 +1300 (NZDT)
X-Virus-Scanned: amavisd-new at indranet.co.nz
Received: from mail.indranet.co.nz ([127.0.0.1]) by localhost (XServe-2.acheron.indranet.co.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ycOaWUeDT5l; Thu, 7 Jan 2010 16:22:12 +1300 (NZDT)
Received: from [192.168.1.100] (121-72-134-43.dsl.telstraclear.net [121.72.134.43]) by mail.indranet.co.nz (Postfix) with ESMTP id 1F5E71256A84; Thu, 7 Jan 2010 16:22:12 +1300 (NZDT)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Andrew McGregor <andrew@indranet.co.nz>
In-Reply-To: <4B44D016.7050102@hiit.fi>
Date: Thu, 07 Jan 2010 16:22:10 +1300
Content-Transfer-Encoding: quoted-printable
Message-Id: <CE2F5651-0202-4D6F-B357-CFD49ABF0815@indranet.co.nz>
References: <4B440CA5.3010209@htt-consult.com> <4B44C35E.8090200@hiit.fi> <4B44CA15.2070905@htt-consult.com> <4B44D016.7050102@hiit.fi>
To: miika.komu@hiit.fi
X-Mailer: Apple Mail (2.1077)
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] Proposed new list for HIP_TRANSFORM
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2010 03:22:16 -0000
On 07/01/2010, at 7:01 AM, Miika Komu wrote: > Robert Moskowitz wrote: > > Hi, > >> On 01/06/2010 12:07 PM, Miika Komu wrote: >>> Robert Moskowitz wrote: >>> >>> Hi, >>> >>>> Proposed new list for HIP_TRANSFORM: >>>> >>>> Suite ID Value >>>> >>>> RESERVED 0 >>>> AES-CBC with HMAC-SHA1 1 ([RFC3602], [RFC2404]) >>>> 3DES-CBC with HMAC-SHA1 2 ([RFC2451], [RFC2404]) >>>> DEPRECATED 3 >>>> BLOWFISH-CBC with HMAC-SHA1 4 ([RFC2451], [RFC2404]) >>>> NULL-ENCRYPT with HMAC-SHA1 5 ([RFC2410], [RFC2404]) >>>> DEPRECATED 6 >>>> NULL-ENCRYPT with HMAC-SHA2 7 ([RFC2410], [RFC4868]) >>>> AES-CBC with HMAC-SHA2 8 ([RFC3602], [RFC4868]) >>>> AES-CCM-8 9 [RFC4309] >>>> AES-CCM-12 10 [RFC4309] >>>> AES-CCM-16 11 [RFC4309] >>>> AES-GCM with a 8 octet ICV 12 [RFC4106] >>>> AES-GCM with a 12 octet ICV 13 [RFC4106] >>>> AES-GCM with a 16 octet ICV 14 [RFC4106] >>> >>> seems fine with me. Should the "natural" key size be reflected in some of the algorithms descriptions? >> I am not sure what you are alluding to here. Key sizes for AES-based transforms start at 128 and go up. If you are asking about those 8/12/16 sizes in CCM and GCM, that applies to the auth size. > > do we have to negotiate AES key size? No! We need more suite IDs for the key sizes we're going to use. The whole point of using suites in the first place was, once you have the suite you know everything you need to know about the crypto setup... you can literally just use the suite-id as an index into a table of all the numbers. Andrew
- [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Andrew McGregor
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
- [Hipsec] Fwd: Proposed new list for HIP_TRANSFORM Tobias Heer