Re: [Hipsec] HIT Suites and algorithms used in RFC5201-bis

Miika Komu <mkomu@cs.hut.fi> Thu, 09 December 2010 13:29 UTC

Return-Path: <mkomu@cs.hut.fi>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A6F9828C10A for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 05:29:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFy7xGuPFtNC for <hipsec@core3.amsl.com>; Thu, 9 Dec 2010 05:29:58 -0800 (PST)
Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by core3.amsl.com (Postfix) with ESMTP id 4B35628C107 for <hipsec@ietf.org>; Thu, 9 Dec 2010 05:29:58 -0800 (PST)
Received: from hutcs.cs.hut.fi ([130.233.192.10] helo=[127.0.0.1]) by mail.cs.hut.fi with esmtp (Exim 4.54) id 1PQgak-00027b-H0 for hipsec@ietf.org; Thu, 09 Dec 2010 15:31:26 +0200
Message-ID: <4D00DA2E.5030100@cs.hut.fi>
Date: Thu, 09 Dec 2010 15:31:26 +0200
From: Miika Komu <mkomu@cs.hut.fi>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: hipsec@ietf.org
References: <42082FED-C009-4C35-813A-F55165A419BE@cs.rwth-aachen.de>
In-Reply-To: <42082FED-C009-4C35-813A-F55165A419BE@cs.rwth-aachen.de>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Hipsec] HIT Suites and algorithms used in RFC5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 13:29:59 -0000

Hi,

On 12/09/2010 12:26 PM, Tobias Heer wrote:
> Hello,
>
> we have consolidated the set of algorithms to be used in RFC5201 and would like
> to present it to the list and ask for feedback.
>
> We have three HIT Suites.  The HIT Suites define the algorithms that are used
> for generating a HIT/Orchid.  It also defines which HMAC flavor will be used in
> HIP control packets.
>
>
>       HIT Suite              ID
>       RESERVED                0
>       RSA,DSA/SHA-1           1    (REQUIRED)
>       ECDSA/SHA-384           2    (RECOMMENDED)
>       ECDSA_LOW/SHA-1         3    (RECOMMENDED)
>
> RSA,DSA/SHA-1 represent the class of HITs we have today with HIP version 1.  All
> contained Algorithms (RSA and DSA) must be supported by hosts that implement
> this suite.
>
> ECDSA/SHA-384 bundles two ECC curves (NIST P-256 and P-384) with SHA-384.  Both
> curves must be implemented by hosts that implement HIT this HIT suite.
>
> ECDSA_LOW/SHA-1 is meant for devices with limited computation capabilities.  It
> uses the SECP160R curve from SECG.
>
> If we want to make a bold move towards ECC cryptography (and make packet
> fragmentation, etc.  less likely) we could change the REQUIRED and RECOMMENDED
> tags so that we REQUIRE the ECDSA/SHA-384 HIT SUITE and make the other two
> recommended.  Any comments on this?
>
>
> The ECDH groups look similar:
>
>   Group                Value
>   Reserved             0
>   DEPRECATED           1
>   DEPRECATED           2
>   1536-bit MODP group  3 [RFC3526]
>   3072-bit MODP group  4 [RFC3526]
>   DEPRECATED           5
>   DEPRECATED           6
>   NIST P-256           7 [RFC4753]
>   NIST P-384           8 [RFC4753]
>   NIST P-521           9 [RFC4753]
>   SECP160R1           10 [SECG]
>
> Groups 7 to 10 are new in RFC5201-bis.  Again, group 10 is meant for devices
> with low computation capabilities and should be used only if long-term
> confidentiality is not required.
>
> The DEPRECATED values are groups present in RFC5201 but have been removed in
> RFC5201-bis.  They have to be removed before we finish the document.
>
> Are there any comments regarding the selection of algorithms?  With the selected
> ECC curves, we tried to stay as close to other Internet standards IKE, TLS that
> use ECC already.
>
> Best regards,

seems fine to me.