Re: [Hipsec] HIT Suites and algorithms used in RFC5201-bis

Tobias Heer <heer@cs.rwth-aachen.de> Thu, 09 December 2010 18:58 UTC

Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E02C928C13B for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 10:58:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mW8xA484yBAq for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 10:58:47 -0800 (PST)
Received: from mta-2.ms.rz.rwth-aachen.de (mta-2.ms.rz.RWTH-Aachen.DE [134.130.7.73]) by core3.amsl.com (Postfix) with ESMTP id 79E6728C13E for <hipsec@ietf.org>; Thu, 9 Dec 2010 10:58:47 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-2.rz.rwth-aachen.de ([134.130.5.41]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0LD600CM5CSH2620@mta-2.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Thu, 09 Dec 2010 20:00:17 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.59,321,1288566000"; d="scan'208";a="44992992"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-2.rz.rwth-aachen.de with ESMTP; Thu, 09 Dec 2010 20:00:17 +0100
Received: from [192.168.3.3] ([unknown] [91.179.148.52]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0LD6003E1CSGOA20@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Thu, 09 Dec 2010 20:00:16 +0100 (CET)
From: Tobias Heer <heer@cs.rwth-aachen.de>
In-reply-to: <7CC566635CFE364D87DC5803D4712A6C4CED25AB29@XCH-NW-10V.nw.nos.boeing.com>
Date: Thu, 09 Dec 2010 20:00:16 +0100
Message-id: <448BB3A0-BC99-4DE7-B4A5-A0269B80F294@cs.rwth-aachen.de>
References: <42082FED-C009-4C35-813A-F55165A419BE@cs.rwth-aachen.de> <7CC566635CFE364D87DC5803D4712A6C4CED25AB29@XCH-NW-10V.nw.nos.boeing.com>
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
X-Mailer: Apple Mail (2.1082)
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] HIT Suites and algorithms used in RFC5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 18:58:49 -0000

Hello Tom,

Am 09.12.2010 um 17:31 schrieb Henderson, Thomas R:

> 
> 
>> -----Original Message-----
>> From: hipsec-bounces@ietf.org
>> [mailto:hipsec-bounces@ietf.org] On Behalf Of Tobias Heer
>> Sent: Thursday, December 09, 2010 2:27 AM
>> To: hipsec@ietf.org
>> Subject: [Hipsec] HIT Suites and algorithms used in RFC5201-bis
>> 
>> Hello,
>> 

[...]
>> 
>> 
>> ECDSA/SHA-384 bundles two ECC curves (NIST P-256 and P-384)
>> with SHA-384.  Both
>> curves must be implemented by hosts that implement HIT this HIT suite.
>> 
>> ECDSA_LOW/SHA-1 is meant for devices with limited computation
>> capabilities.  It
>> uses the SECP160R curve from SECG.
>> 
>> If we want to make a bold move towards ECC cryptography (and
>> make packet
>> fragmentation, etc.  less likely) we could change the
>> REQUIRED and RECOMMENDED
>> tags so that we REQUIRE the ECDSA/SHA-384 HIT SUITE and make
>> the other two
>> recommended.  Any comments on this?
> 
> Has anyone checked into the availability of these suites in cryptographic libraries and hardware?
> 
I have checked that these are available in the widely used openssl library. They all are.

> Can you clarify what you believe are the implications that you hint at ("packet fragmentation, etc.")?

Large RSA/DSA Keys, large RSA signatures and certificates may add up to a considerable amount of data in HIP control packets. Reducing the size of the keys (compared to RSA/DSA) and the size of the signatures (compared to RSA) may reduce the probability of packet fragmentation for HIP control packets - that was my train of thought. Sorry for not making it more obvious.


Tobias

> 
>> 
>> 
>> The ECDH groups look similar:
>> 
>> Group                Value
>> Reserved             0
>> DEPRECATED           1
>> DEPRECATED           2
>> 1536-bit MODP group  3 [RFC3526]
>> 3072-bit MODP group  4 [RFC3526]
>> DEPRECATED           5
>> DEPRECATED           6
>> NIST P-256           7 [RFC4753]
>> NIST P-384           8 [RFC4753]
>> NIST P-521           9 [RFC4753]
>> SECP160R1           10 [SECG]
>> 
>> Groups 7 to 10 are new in RFC5201-bis.  Again, group 10 is
>> meant for devices
>> with low computation capabilities and should be used only if long-term
>> confidentiality is not required.
>> 
>> The DEPRECATED values are groups present in RFC5201 but have
>> been removed in
>> RFC5201-bis.  They have to be removed before we finish the document.
>> 
>> Are there any comments regarding the selection of algorithms?
>> With the selected
>> ECC curves, we tried to stay as close to other Internet
>> standards IKE, TLS that
>> use ECC already.
>> 
> 
> I don't have other comments and agree with trying to stay close to the predecessors.
> 
> - Tom

-- 
Dipl.-Inform. Tobias Heer, Ph.D. Student
Chair of Communication and Distributed Systems - comsys
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer
blog: http://dtobi.wordpress.com/
card: http://card.ly/dtobi