Re: [Hipsec] HIT Suites and algorithms used in RFC5201-bis

Henrik Ziegeldorf <henrik.ziegeldorf@rwth-aachen.de> Thu, 09 December 2010 14:11 UTC

Return-Path: <henrik.ziegeldorf@googlemail.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F1FBE3A6B16 for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 06:11:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.31
X-Spam-Level:
X-Spam-Status: No, score=-2.31 tagged_above=-999 required=5 tests=[AWL=0.666, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sHMzxR2UjkWt for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 06:11:31 -0800 (PST)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by core3.amsl.com (Postfix) with ESMTP id 4C9AA3A694E for <hipsec@ietf.org>; Thu, 9 Dec 2010 06:11:24 -0800 (PST)
Received: by ywk9 with SMTP id 9so1500954ywk.31 for <hipsec@ietf.org>; Thu, 09 Dec 2010 06:12:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:to:content-type; bh=8nSfRUpxV6kcPRD02HVmhZtM5ohmmvO1RRRu9/EWNyA=; b=jgBC4j1kFQ77L/4k+mkGOrah0k3B4pa4TptH6fIsL0XccxQ70AhFJVYNEwm1R0UE+x qSMvXliMF2523stv4XHAWucp1oUnpG22qebynLkCYVjJPzjhDahRpdlzDdygVD7FR334 msHGKj04zfyDCu8WO9f1yobjgjqnaL2lM+1l0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; b=tb0VBMDQXabNZj2RUdZ8Fu7OSaP375XfDgbHGruKgkMbiy1+VaRRuSWwz4bYiPcDLu rX87fOkJdJDscItenotiTzgjel1OW31YQe9xFJr9QzFZ17DQLqVza88JiKohh965ihed 961rvUuqWFm/5/L9wqf2TXQU4m/Tc1eDfND9g=
Received: by 10.150.96.8 with SMTP id t8mr6353998ybb.143.1291903973406; Thu, 09 Dec 2010 06:12:53 -0800 (PST)
MIME-Version: 1.0
Sender: henrik.ziegeldorf@googlemail.com
Received: by 10.151.146.4 with HTTP; Thu, 9 Dec 2010 06:12:33 -0800 (PST)
In-Reply-To: <42082FED-C009-4C35-813A-F55165A419BE@cs.rwth-aachen.de>
References: <42082FED-C009-4C35-813A-F55165A419BE@cs.rwth-aachen.de>
From: Henrik Ziegeldorf <henrik.ziegeldorf@rwth-aachen.de>
Date: Thu, 09 Dec 2010 15:12:33 +0100
X-Google-Sender-Auth: N5StrwHd5lnoAOIbYSt9LvITtXk
Message-ID: <AANLkTikNThsie=FfTWdmpAA2UNdjm2hqyO0qvLohUzKa@mail.gmail.com>
To: hipsec@ietf.org
Content-Type: multipart/alternative; boundary="000e0cd6a81a6b3b140496fad517"
Subject: Re: [Hipsec] HIT Suites and algorithms used in RFC5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 14:11:42 -0000

Hello,

On 9 December 2010 11:26, Tobias Heer <heer@cs.rwth-aachen.de> wrote:

> Hello,
>
> we have consolidated the set of algorithms to be used in RFC5201 and would
> like
> to present it to the list and ask for feedback.
>
> We have three HIT Suites.  The HIT Suites define the algorithms that are
> used
> for generating a HIT/Orchid.  It also defines which HMAC flavor will be
> used in
> HIP control packets.
>
>
>     HIT Suite              ID
>     RESERVED                0
>     RSA,DSA/SHA-1           1    (REQUIRED)
>     ECDSA/SHA-384           2    (RECOMMENDED)
>     ECDSA_LOW/SHA-1         3    (RECOMMENDED)
>
> RSA,DSA/SHA-1 represent the class of HITs we have today with HIP version 1.
>  All
> contained Algorithms (RSA and DSA) must be supported by hosts that
> implement
> this suite.
>
> ECDSA/SHA-384 bundles two ECC curves (NIST P-256 and P-384) with SHA-384.
>  Both
> curves must be implemented by hosts that implement HIT this HIT suite.
>
> ECDSA_LOW/SHA-1 is meant for devices with limited computation capabilities.
>  It
> uses the SECP160R curve from SECG.
>

These comments are quite helpful to clarify and justify the use of ECDSA_LOW
as a seperate algorithm identifier.
I think it would make sense to include them in the RFC, too.

But what about an implementation that implements the ECDSA/SHA-384 suite? It
should implement the ECDSA_LOW profile, too, I think.


>
> If we want to make a bold move towards ECC cryptography (and make packet
> fragmentation, etc.  less likely) we could change the REQUIRED and
> RECOMMENDED
> tags so that we REQUIRE the ECDSA/SHA-384 HIT SUITE and make the other two
> recommended.  Any comments on this?
>
>
> The ECDH groups look similar:
>
>  Group                Value
>  Reserved             0
>  DEPRECATED           1
>  DEPRECATED           2
>  1536-bit MODP group  3 [RFC3526]
>  3072-bit MODP group  4 [RFC3526]
>  DEPRECATED           5
>  DEPRECATED           6
>  NIST P-256           7 [RFC4753]
>  NIST P-384           8 [RFC4753]
>  NIST P-521           9 [RFC4753]
>  SECP160R1           10 [SECG]
>
> Groups 7 to 10 are new in RFC5201-bis.  Again, group 10 is meant for
> devices
> with low computation capabilities and should be used only if long-term
> confidentiality is not required.
>
> The DEPRECATED values are groups present in RFC5201 but have been removed
> in
> RFC5201-bis.  They have to be removed before we finish the document.
>
> Are there any comments regarding the selection of algorithms?  With the
> selected
> ECC curves, we tried to stay as close to other Internet standards IKE, TLS
> that
> use ECC already.
>
> Best regards,
>
> Tobias
>
>
>
>
>
> --
> Dipl.-Inform. Tobias Heer, Ph.D. Student
>

Best regards,
Henrik

> Chair of Communication and Distributed Systems - comsys
> RWTH Aachen University, Germany
> tel: +49 241 80 207 76
> web: http://ds.cs.rwth-aachen.de/members/heer
> blog: http://dtobi.wordpress.com/
> card: http://card.ly/dtobi
>
> _______________________________________________
> Hipsec mailing list
> Hipsec@ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec
>