Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCUSS questions
Miika Komu <mkomu@cs.hut.fi> Wed, 30 July 2014 09:59 UTC
Return-Path: <mkomu@cs.hut.fi>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB2CB1B2A68 for <hipsec@ietfa.amsl.com>; Wed, 30 Jul 2014 02:59:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbU3lyVq-SFb for <hipsec@ietfa.amsl.com>; Wed, 30 Jul 2014 02:59:30 -0700 (PDT)
Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by ietfa.amsl.com (Postfix) with ESMTP id 8EBA51A00E7 for <hipsec@ietf.org>; Wed, 30 Jul 2014 02:59:30 -0700 (PDT)
Received: from [127.0.0.1] (hutcs.cs.hut.fi [130.233.192.10]) by mail.cs.hut.fi (Postfix) with ESMTP id 9ED26308787 for <hipsec@ietf.org>; Wed, 30 Jul 2014 12:59:29 +0300 (EEST)
Message-ID: <53D8C1F7.9070609@cs.hut.fi>
Date: Wed, 30 Jul 2014 12:59:19 +0300
From: Miika Komu <mkomu@cs.hut.fi>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: hipsec@ietf.org
References: <53C8C557.3070202@tomh.org> <98C8F7AB-D777-428D-B725-2F885EC3893F@comsys.rwth-aachen.de> <53CD9942.9040701@tomh.org>
In-Reply-To: <53CD9942.9040701@tomh.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/HGcBMdmBkBHHzsw4uNf3LjsMx08
Subject: Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCUSS questions
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 09:59:32 -0000
Hi, On 07/22/2014 01:50 AM, Tom Henderson wrote: >> >>> Also - there are no counter modes, is that wise? >> >> HIP DEX defines AES-128-CTR for HIP_CIPHER [3]. However, I just >> realized that it does not specify its use for the ENCRYPTED >> parameter. Instead, the specification focuses on the special-purpose >> ENCRYPTED_KEY parameter. So, some work would be needed to carry this >> over to HIPv2. >> >>> Finally, HIPv1's encryption codepoint 1 was for a 3DES option, but >>> here you have 1 == NULL, yet you deprecate codepoint 3, which is >>> confusing. Why is that? >> >> Is this maybe a specification hiccup? > > I introduced this "DEPRECATED" as part of comment resolutions back in > 2012 (someone in CFRG suggested to drop it), in this post: > > http://www.ietf.org/mail-archive/web/hipsec/current/msg03557.html > > However, HIP_CIPHER is a new parameter, so nothing really needs to be > deprecated. Perhaps "RESERVED" would have been better (or remap > AES-256-CBC to value 3). > > Any concern if I change DEPRECTED to RESERVED and add the comment that > it is unused, such as:? > > Reserved 3 (unused value) > > Or would it be better to just omit the line and skip from 2 to 4? I think either way works. >>> - section 3: 3110 doesn't seem like a great reference for RSA. >>> Isn't there better? >> >> I am not sure what this is referring to. > > I think this refers to the first reference to RSA as an algorithm in > general (in Section 3). Later references use RFC3110 to refer to the > specific encoding defined there, and I think that we need to preserve > those references. So I think Stephen's comment is to replace this > reference in Section 3: > > HIP implementations MUST support the Rivest Shamir Adelman (RSA) > [RFC3110] public key algorithm > > with something else. Any ideas of what to put there? RFC3110 itself > cites Schneier's Applied Cryptography book when referring to RSA. IKEv2 refers to: [RSA] Rivest, R., Shamir, A., and Adleman, L., "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", Communications of the ACM, v. 21, n. 2, February 1978. [PKCS1] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, February 2003.
- [Hipsec] RFC5201-bis: Stephen Farrell's DISCUSS q… Tom Henderson
- Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCU… Rene Hummen
- Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCU… Tom Henderson
- Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCU… Miika Komu
- Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCU… Stephen Farrell
- Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCU… Tobias.Heer
- Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCU… Tom Henderson
- Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCU… Stephen Farrell
- Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCU… Tom Henderson
- Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCU… Rene Hummen