Re: [Hipsec] Fwd: New Version Notification for draft-ietf-hip-dex-12.txt
Miika Komu <miika.komu@ericsson.com> Fri, 14 February 2020 14:38 UTC
Return-Path: <miika.komu@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DE1D1200E6 for <hipsec@ietfa.amsl.com>; Fri, 14 Feb 2020 06:38:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dlTQ4whCFdRj for <hipsec@ietfa.amsl.com>; Fri, 14 Feb 2020 06:38:12 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10072.outbound.protection.outlook.com [40.107.1.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 692DC120041 for <hipsec@ietf.org>; Fri, 14 Feb 2020 06:38:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kH96MJMS0BbPQiBKb2mX0mfXqtkpFARVgOzooz3V1vTOeTWwqQkBgRpUnmawcUJDqEkHDsxO7hQDzX4Vxw4S5RHQmRy52lgXoP/L2RTph/i0cQ5OqJjEJ10aVtGog02Q9P7l+6x8JxZ6zamb3rA0d3VaqWQsEIK4Q5TLvVZLX/jPRHeH6nYab+cPS7ASBVI5ngSLlfuHFcgIizxgjuBManfteXzPf0cIVqUmG9TEvn06q8lmPwdbUZS5n5xo6QltZWAXbZDZbGJXcaUZMEIFKGnKlas7eD79nELscDcwON73/qsoYo+OZt4U0ToDAXU4b4ir8ERiIF+TKXT5r2YkFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ctTl1yzgxyD7F+uuIr5yX4XO1spHW+TnLje/oMp5W+8=; b=WDvIU00mJSpAY0y6leChMh7SWiTd35aOC7Ew8ZsIvCxs83VjGSQ9ByHzfTxtqMYv70rp8AzanRW6xXAKCMk32b2wZWoClFBrTVIEHe76hMMXKMvqA1YvixUuWW+cTnOPUgGNhbzYsf/Tg8thiWyqSS+/o7zB057S3MJm22dSHInSpVJacBfQKoiQxbFI6/dy8qyzCcJz2Han6RABWpo6kXW4IwCDZ85Mr01eOzw3MtBzRgjPCpGKQ0s4Nj76lmCUmz2PJPq31NVZvhEVeMAccoZsa6bslGTrvCOsp8fFNRLcRB2Q5uZgLxV7Lg5rd56R8bZXrnf+8Bx5leserPtS8A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ctTl1yzgxyD7F+uuIr5yX4XO1spHW+TnLje/oMp5W+8=; b=RuwjVZkDVb4zzfOfmUEBjGTULN18KFyh9/qXwN8pGboCt9UJ5TXNkzFQRhOnC7TENPUr6E/M4JD9wL/QW+wiMNmw3+T/akdME2XOMjypS+aqZKongE23ny6vgXP7zzrfS3W8UwZGUHloYGPtelUxVkIZ0MWTtZODuGYFtsBJBqY=
Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB3890.eurprd07.prod.outlook.com (52.134.86.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.8; Fri, 14 Feb 2020 14:38:09 +0000
Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::790c:4b51:77d2:7767]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::790c:4b51:77d2:7767%5]) with mapi id 15.20.2729.025; Fri, 14 Feb 2020 14:38:09 +0000
From: Miika Komu <miika.komu@ericsson.com>
To: "j.ahrenholz@tempered.io" <j.ahrenholz@tempered.io>, "rgm@htt-consult.com" <rgm@htt-consult.com>, "hipsec@ietf.org" <hipsec@ietf.org>
Thread-Topic: [Hipsec] Fwd: New Version Notification for draft-ietf-hip-dex-12.txt
Thread-Index: AQHV3+FonWcBVodL+UmcUdISeZX8SKgUbNkAgANkvwCAAvdkAA==
Date: Fri, 14 Feb 2020 14:38:09 +0000
Message-ID: <ec2cd613b79512502c608d1b0d6a3da8e426ad87.camel@ericsson.com>
References: <158131871520.13534.9437394233256375155.idtracker@ietfa.amsl.com> <29372f3d-0a9e-949d-ce64-338be8561500@htt-consult.com> <66046762-C4F2-47AD-BE69-7CAA1AEB6F2A@tempered.io>
In-Reply-To: <66046762-C4F2-47AD-BE69-7CAA1AEB6F2A@tempered.io>
Accept-Language: fi-FI, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fc673a92-6a08-46df-756f-08d7b15b830b
x-ms-traffictypediagnostic: AM0PR07MB3890:
x-microsoft-antispam-prvs: <AM0PR07MB38900CBEF7AB5C5EA67744D6FC150@AM0PR07MB3890.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 03137AC81E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(376002)(366004)(136003)(346002)(39860400002)(199004)(189003)(186003)(26005)(6486002)(36756003)(44832011)(71200400001)(2616005)(66476007)(64756008)(66446008)(966005)(86362001)(478600001)(6512007)(2906002)(8936002)(8676002)(81166006)(81156014)(15650500001)(6506007)(110136005)(66946007)(316002)(76116006)(5660300002)(66556008)(99106002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB3890; H:AM0PR07MB3876.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +9fkwh045fTnI8mctaHVjSB/+3Hj+alafyKE1wO/1kQr1IO1s2OtLxi/cgaBOaTPOoHoGaaUBH8kLZH/VbHzzkJmn4F4E0VwUsyTaBvDBe2TuPQcamfgyejNvZzZ4Dmdjd7YMUdq5YdiJ7iXeh+KEvS+qOXUITnqyHXM1AO7Wi3HbNVCi3jdfzjvklE/40lJZY2MuSEjpVYDy3erw/CtkMFYnQLRoqglen3xYtWMq8bbuapFnwV8GC7uY0QrgAGBeSNVJmM/tt3RsEUBkkUpMw4uPreqDQS06ZpqI4WGluZGIwXArEdkFNIPu74mZcNnuDqJ2Hdp4ZT0FkeYDcLq1jdReSiXzIWtL1+ulq1fJL6xm/tl3fPCelZKvDmPVLKUZDjoS6+Qcn5MFrIB5iBTM6NGpBgv/Qd11ucciLSrXEEor07cJ74dlZk88Sfa0TPtYRgktnTkrXrdfcXKRWAkKvhbh+cQr62SJZH9TlfxBUTDqfSP0c38jVctpbOp31//BpbFODgnZVMV/G7AP6tTEd0L+ScyuSLjGjuZunBju1Dx5S11I3BmQQvbpFBHyJu6
x-ms-exchange-antispam-messagedata: MQaya13bPZDxjjOMipAH0KHdM9W3+tXKs/Rn1YXY5A22UVdgHgaMV+i69wLbXGDqyu6UKD0U27kH1xvqKCGEdgOtruN4iGBTq0ybtHlyEgpg3d4IjSdOZCja0zwsxPNYyvVCR+oca7Lew/XdnRTmtg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <C4E43512B3657D4397A13268D7AB51AD@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fc673a92-6a08-46df-756f-08d7b15b830b
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2020 14:38:09.4411 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: o2kgRTrdudI8SYucpsJDJkCYPlege0Aj4gyJfmtLpWrsfviU9c9mx0AAbnu7DeZ2bUdAxXkbdOANd2oYdTsWKw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB3890
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/Nq5xwypTKAEATXzMQkoDJWEi4OA>
Subject: Re: [Hipsec] Fwd: New Version Notification for draft-ietf-hip-dex-12.txt
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2020 14:38:16 -0000
Hi, ke, 2020-02-12 kello 17:20 +0000, Jeff Ahrenholz kirjoitti: > > I believe this version answers all the IESG issues. > > > > Please review, there are some important additions. > > > > EKR had a number of security concerns. Some I feel don't apply to > > HIP, like use an AEAD for HIP packet security. > > > > But there are a number of added sections, particularly in Security > > Considerations that are worth the group's review that I have things > > stated properly. > > > > Also there is a new parameter, I_NONCE to add Initiator randomness > > into the Master Key generation. There is some cleanup in the > > KEYMAT section to reflect this. > > > > So please take a read through. > > I took a look at the new I_NONCE parameter... > > Regarding this statement (Section 5.2.6): > "The I_NONCE parameter encapsulates a random value that is later used > in the Master key creation process (see Section 6.3)." > > Looking at Section 6.3 HIP DEX KEYMAT Generation, it discusses using > Diffie-Hellman derived key Kij, but I don't see anything about using > I_NONCE. There is a random #I provided by the Responder from the > PUZZLE parameter, but nothing about a random I_NONCE supplied by the > Initiator. thanks for catching this! This occurred due to a html comment inside a figure (xml2rfc team is working on a fix). Here is the fixed document: https://tools.ietf.org/html/draft-ietf-hip-dex-13#section-6.3 > minor nits: > s/when key is smaller or equal to 128 bits/when the key is smaller or > equal to 128 bits/ > In Section 4.1.1 HIP Puzzle Mechanism, the links (HTML version) to > RFC 7401 sections 4.1.1 and 4.1.2 do not link to RFC 7401 but to the > dex draft. apparently this has to be fixed manually in collaboration with the RFC editor.
- [Hipsec] Fwd: New Version Notification for draft-… Robert Moskowitz
- Re: [Hipsec] Fwd: New Version Notification for dr… Jeff Ahrenholz
- Re: [Hipsec] Fwd: New Version Notification for dr… Robert Moskowitz
- Re: [Hipsec] Fwd: New Version Notification for dr… Jeff Ahrenholz
- [Hipsec] Something wrong in -12 Re: Fwd: New Vers… Robert Moskowitz
- Re: [Hipsec] Fwd: New Version Notification for dr… Robert Moskowitz
- Re: [Hipsec] Fwd: New Version Notification for dr… Robert Moskowitz
- Re: [Hipsec] Fwd: New Version Notification for dr… Miika Komu