Re: [Hipsec] HIT Suites and algorithms used in RFC5201-bis

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Thu, 09 December 2010 16:30 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6439B28C110 for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 08:30:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.359
X-Spam-Level:
X-Spam-Status: No, score=-106.359 tagged_above=-999 required=5 tests=[AWL=0.240, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id euWKoOegFje0 for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 08:30:28 -0800 (PST)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 3BCD228C0DC for <hipsec@ietf.org>; Thu, 9 Dec 2010 08:30:28 -0800 (PST)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id oB9GVm7C028553 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 9 Dec 2010 08:31:49 -0800 (PST)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id oB9GVm66029236; Thu, 9 Dec 2010 10:31:48 -0600 (CST)
Received: from XCH-NWHT-07.nw.nos.boeing.com (xch-nwht-07.nw.nos.boeing.com [130.247.25.111]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id oB9GVlU8029199 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Thu, 9 Dec 2010 10:31:48 -0600 (CST)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-07.nw.nos.boeing.com ([130.247.25.111]) with mapi; Thu, 9 Dec 2010 08:31:48 -0800
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: 'Tobias Heer' <heer@cs.rwth-aachen.de>, "hipsec@ietf.org" <hipsec@ietf.org>
Date: Thu, 09 Dec 2010 08:31:46 -0800
Thread-Topic: [Hipsec] HIT Suites and algorithms used in RFC5201-bis
Thread-Index: AcuXkTP/rO6ZCftQRwStDYMA1OGpOwALJjSg
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CED25AB29@XCH-NW-10V.nw.nos.boeing.com>
References: <42082FED-C009-4C35-813A-F55165A419BE@cs.rwth-aachen.de>
In-Reply-To: <42082FED-C009-4C35-813A-F55165A419BE@cs.rwth-aachen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Hipsec] HIT Suites and algorithms used in RFC5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 16:30:31 -0000

> -----Original Message-----
> From: hipsec-bounces@ietf.org
> [mailto:hipsec-bounces@ietf.org] On Behalf Of Tobias Heer
> Sent: Thursday, December 09, 2010 2:27 AM
> To: hipsec@ietf.org
> Subject: [Hipsec] HIT Suites and algorithms used in RFC5201-bis
>
> Hello,
>
> we have consolidated the set of algorithms to be used in
> RFC5201 and would like
> to present it to the list and ask for feedback.
>
> We have three HIT Suites.  The HIT Suites define the
> algorithms that are used
> for generating a HIT/Orchid.  It also defines which HMAC
> flavor will be used in
> HIP control packets.
>
>
>      HIT Suite              ID
>      RESERVED                0
>      RSA,DSA/SHA-1           1    (REQUIRED)
>      ECDSA/SHA-384           2    (RECOMMENDED)
>      ECDSA_LOW/SHA-1         3    (RECOMMENDED)
>
> RSA,DSA/SHA-1 represent the class of HITs we have today with
> HIP version 1.  All
> contained Algorithms (RSA and DSA) must be supported by hosts
> that implement
> this suite.
>
> ECDSA/SHA-384 bundles two ECC curves (NIST P-256 and P-384)
> with SHA-384.  Both
> curves must be implemented by hosts that implement HIT this HIT suite.
>
> ECDSA_LOW/SHA-1 is meant for devices with limited computation
> capabilities.  It
> uses the SECP160R curve from SECG.
>
> If we want to make a bold move towards ECC cryptography (and
> make packet
> fragmentation, etc.  less likely) we could change the
> REQUIRED and RECOMMENDED
> tags so that we REQUIRE the ECDSA/SHA-384 HIT SUITE and make
> the other two
> recommended.  Any comments on this?

Has anyone checked into the availability of these suites in cryptographic libraries and hardware?

Can you clarify what you believe are the implications that you hint at ("packet fragmentation, etc.")?

>
>
> The ECDH groups look similar:
>
>  Group                Value
>  Reserved             0
>  DEPRECATED           1
>  DEPRECATED           2
>  1536-bit MODP group  3 [RFC3526]
>  3072-bit MODP group  4 [RFC3526]
>  DEPRECATED           5
>  DEPRECATED           6
>  NIST P-256           7 [RFC4753]
>  NIST P-384           8 [RFC4753]
>  NIST P-521           9 [RFC4753]
>  SECP160R1           10 [SECG]
>
> Groups 7 to 10 are new in RFC5201-bis.  Again, group 10 is
> meant for devices
> with low computation capabilities and should be used only if long-term
> confidentiality is not required.
>
> The DEPRECATED values are groups present in RFC5201 but have
> been removed in
> RFC5201-bis.  They have to be removed before we finish the document.
>
> Are there any comments regarding the selection of algorithms?
>  With the selected
> ECC curves, we tried to stay as close to other Internet
> standards IKE, TLS that
> use ECC already.
>

I don't have other comments and agree with trying to stay close to the predecessors.

- Tom