Re: [Hipsec] Proposed cipers for 5201-bis
Samu Varjonen <samu.varjonen@hiit.fi> Fri, 16 April 2010 22:00 UTC
Return-Path: <samu.varjonen@hiit.fi>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 10E673A686D for <hipsec@core3.amsl.com>; Fri, 16 Apr 2010 15:00:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0nBCf3Cy-0k2 for <hipsec@core3.amsl.com>; Fri, 16 Apr 2010 15:00:52 -0700 (PDT)
Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id DB47E3A67EC for <hipsec@ietf.org>; Fri, 16 Apr 2010 15:00:51 -0700 (PDT)
Received: from [192.168.0.11] (cs78226116.pp.htv.fi [62.78.226.116]) by argo.otaverkko.fi (Postfix) with ESMTP id 05D5B25ED06 for <hipsec@ietf.org>; Sat, 17 Apr 2010 01:00:44 +0300 (EEST)
Message-ID: <4BC8DDF3.3090304@hiit.fi>
Date: Sat, 17 Apr 2010 01:00:19 +0300
From: Samu Varjonen <samu.varjonen@hiit.fi>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; fi; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: hipsec@ietf.org
References: <4BC879B6.5060305@htt-consult.com>
In-Reply-To: <4BC879B6.5060305@htt-consult.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Hipsec] Proposed cipers for 5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Apr 2010 22:00:53 -0000
16.4.2010 17:52, Robert Moskowitz kirjoitti: > I have worked through a number of documents and have come up with the > following recommendations that will go into 5201-bis. I am posting them > separately here so others can think about them without having to wade > through the changes we are making to 5201. > > First and foremost we are adding EC support. EC MAY be used for 128bit > strenght crypto and MUST be used for 192 and 256bit crypto. This means > that I am dropping many of the larger DH mod sizes. Also with the advent > of fECC, I can drop some of the early ECC curves. fECC gives us the > tools to work with well researched stuff. For now we are adding the > larger SHA sizes and will await results of the NIST hash competition. > > Anyway, here we go... > > HOST_ID > > Algorithms Values > > RESERVED 0 > DSA 3 [RFC2536] (RECOMMENDED) > RSA 5 [RFC3110] (REQUIRED) > ECDSA 6 [draft-?????.txt] > > Is there a doc for ECDSA in DNS records? Note that I dropped RSA/SHA1 > for just RSA, as that is what we are really doing. > There was one draft (http://tools.ietf.org/html/draft-ietf-dnsext-ecc-key-10) years ago that has now expired. Have not found any newer one. > > DIFFIE_HELLMAN > > Group Value > > Reserved 0 > DEPRECATED 1 > DEPRECATED 2 > DEPRECATED 3 > 3072-bit MODP group 4 RFC3526 > DEPRECATED 5 > DEPRECATED 6 > 256-bit random ECP group 7 RFC4753, draft-mcgrew-fundamental-ecc-02.txt > 384-bit random ECP group 8 RFC4753, draft-mcgrew-fundamental-ecc-02.txt > 521-bit random ECP group 9 RFC4753, draft-mcgrew-fundamental-ecc-02.txt > > > Note all that is getting deprecated. Speak up if you have reasons to NOT > drop what I did... > > HASH > > Hash Value > > Reserved 0 > SHA-1 1 > SHA-256 2 > SHA-384 3 > SHA-512 4 > > Nothing special here. > > > HIP_TRANSFORM > > Suite ID Value > > RESERVED 0 > AES-128-CBC with HMAC-SHA1 1 ([RFC3602], [RFC2404]) > 3DES-CBC with HMAC-SHA1 2 ([RFC2451], [RFC2404]) > DEPRECATED 3 > DEPRECATED 4 > NULL-ENCRYPT with HMAC-SHA1 5 ([RFC2410], [RFC2404]) > DEPRECATED 6 > NULL-ENCRYPT with HMAC-SHA2 7 ([RFC2410], [RFC4868]) > AES-128-CBC with HMAC-SHA2 8 ([RFC3602], [RFC4868]) > AES-256-CBC with HMAC-SHA2 9 ([RFC3602], [RFC4868]) > AES-CCM-8 9 [RFC4309] > AES-CCM-16 10 [RFC4309] > AES-GCM with a 8 octet ICV 11 [RFC4106] > AES-GCM with a 16 octet ICV 12 [RFC4106] > > Again, note what is being deprecated. I believe I am adding only that > which is of value. > > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] Proposed cipers for 5201-bis Robert Moskowitz
- Re: [Hipsec] Proposed cipers for 5201-bis Samu Varjonen
- [Hipsec] Proposed cipers for 5201-bis Robert Moskowitz
- Re: [Hipsec] Proposed cipers for 5201-bis Robert Moskowitz
- Re: [Hipsec] Proposed cipers for 5201-bis Robert Moskowitz