IETF Logo Mail Archive

Re: [Hipsec] ORCHID IANA allocation

Tobias Heer <heer@cs.rwth-aachen.de> Fri, 26 February 2010 13:17 UTC

Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EF34A3A879A for <hipsec@core3.amsl.com>; Fri, 26 Feb 2010 05:17:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.001
X-Spam-Level:
X-Spam-Status: No, score=-5.001 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ALVgcSMN3AN5 for <hipsec@core3.amsl.com>; Fri, 26 Feb 2010 05:17:12 -0800 (PST)
Received: from mta-2.ms.rz.rwth-aachen.de (mta-2.ms.rz.RWTH-Aachen.DE [134.130.7.73]) by core3.amsl.com (Postfix) with ESMTP id 8690E3A8795 for <hipsec@ietf.org>; Fri, 26 Feb 2010 05:17:12 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0KYG008R6ACD2F90@mta-2.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Fri, 26 Feb 2010 14:19:25 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.49,546,1262559600"; d="scan'208";a="46661774"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Fri, 26 Feb 2010 14:19:26 +0100
Received: from umic-137-226-154-185.nn.rwth-aachen.de ([unknown] [137.226.154.185]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0KYG00DIPACDBC70@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Fri, 26 Feb 2010 14:19:25 +0100 (CET)
From: Tobias Heer <heer@cs.rwth-aachen.de>
In-reply-to: <7CC566635CFE364D87DC5803D4712A6C4C1F48A7E8@XCH-NW-10V.nw.nos.boeing.com>
Date: Fri, 26 Feb 2010 14:19:26 +0100
Message-id: <28B85428-CC28-4DB4-83AC-505CE6B4E955@cs.rwth-aachen.de>
References: <00E85481-5745-4093-B165-887058ED719B@cs.rwth-aachen.de> <"7CC5666 35CFE364D87DC5803D4712A6C4C1F48A6D9"@XCH-NW-10V.nw.nos.boeing.com> <"BF345F630 74F8040B58C00A186FCA57F1C692DBE6B"@NALASEXMB04.na.qualcomm.com> <"461A6C4B-08E 3-4D77-8292-BD4CCC7A375B"@cs.rwth-aachen.de> <4B8546B5.3010708@hiit.fi> <BF345F63074F8040B58C00A186FCA57F1C6A8C3ADE@NALASEXMB04.na.qualcomm.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7E8@XCH-NW-10V.nw.nos.boeing.com>
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
X-Mailer: Apple Mail (2.1077)
Cc: "hipsec@ietf.org" <hipsec@ietf.org>
Subject: Re: [Hipsec] ORCHID IANA allocation
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2010 13:17:14 -0000

Hi Tom, 

Am 24.02.2010 um 19:57 schrieb Henderson, Thomas R:
[...]

>> Would there be consensus to update ORCHIDs to v2 as follows:
>> 
>> - ORCHIDv2 structured as 28 + 4 + 96 bits
>> - 28 bits are new prefix for ORCHIDv2
>> - 4 bits encodes hash
>> - 96 bits are hashed string
>> 
>> Note that CGA's hash extension techniques (with Sec
>> parameter) have been updated with some hash agility support
>> in [RFC4982]; do we want to do something similar? Or do we
>> want to use standalone hash extension in the 96 bits, as in
>> the original CGA design [RFC3972]?
>> 
> 
> I support the above.  Regarding your question, I would recommend that we say for now that "4 bits encodes the hash string generation algorithm" because it may not simply be a hash algorithm but something like hash extension of CGA.
> 
You got a very good point here. I agree.

> Note that if we make ORCHIDs generic, the 4 bits must be shared among all the possible users in the future.  I don't think it is a big concern because the current use outside of HIP seems to be limited.
> 

I don't think that is a big concern. The ORCHID is designed in a way that the context ID is not visible from the ORCHID. Hence, all protocols that use ORCHIDS need checks whether a given ORCHID actually matches the current protocol context. As far as I can tell, this is done by simple trial and error: hash the public key and the context ID and see if it matches. Now, with the 4 additional bits, for a new (4+96 bit) ORCHID, the protocols that use the old ORCHID format check for the context ID again and the test would fail. In that case, the protocol would figure that it is an ORCHID of another protocol - no harm done... and no need to "share" the four bits. Am I missing something here?


> It would be nice to discuss and then state in one of the drafts (4843-bis, 4423-bis, or 5201-bis) what the consensus or options are for the following:


I tried to distribute your (good) questions to the three documents. I took the liberty to number the questions below.
I think question 3 would fit into 4843-bis nicely. There is already a short part on HITs and LSIs. One could easily extend this to go into ORCHIDS a bit more.
RFC4423 is only concerned with ORCHIDS and is almost HIP agnostic. I think that it should stay like that. Your questions 1 and 2 would be good here.
Do you want to discuss the answers to your questions on the list or are these meant as todo for the authors of the respective documents.

I can adjust the text in RFC5201-bis to match the new HIT format and the resulting changes in the BEX. Part of it was already done together with Bob anyway. I will post the result on the list. 


1.)
> - future allocations of new ORCHID prefixes?  Are there any conditions that would lead to asking for additional ORCHID prefixes, or do we expect only one such prefix?
2.)
> - what happens if the four bits runs out (do we deprecate old values such as in RFC4982?)
3.)
> - some discussion of the relationship between HITs, LSIs, ORCHIDs, and other quantities.
>  ** future extension of HIT size (256 bits has been raised in the past)-- is this possible or are we closing the door on such a future extension?.  More generally, does HIP allow for HITs that are not ORCHIDs?  (e.g. the old type-2 HITs, or more recent proposals for hierarchical HITs)  Do we use the bits in the HIP control field to identify HIT type?
>  ** possible use of RFC 3972 or 4982 CGAs as HITs (Marcelo and Jari have floated this idea in the past)
>  ** LSI prefix for IPv4  (recall we discussed a /16 in the 127/8 space-- do we also want to resolve this issue while we are resolving ORCHIDs?)
>  ** are LSIs possible for IPv6?  When would they be used instead of ORCHIDs?
> 

Tobias


> Tom
> _______________________________________________
> Hipsec mailing list
> Hipsec@ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec




--  

Dipl.-Inform. Tobias Heer, Ph.D. Student
Distributed Systems Group 
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer

v2.29.0 | Report a Bug | By Email | System Status