Re: [Hipsec] clarification on HIT Suite IDs
Tom Henderson <tomh@tomh.org> Tue, 23 September 2014 17:40 UTC
Return-Path: <tomh@tomh.org>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 747A21A87DB for <hipsec@ietfa.amsl.com>; Tue, 23 Sep 2014 10:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.267
X-Spam-Level:
X-Spam-Status: No, score=-0.267 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aAH0TIUUks3l for <hipsec@ietfa.amsl.com>; Tue, 23 Sep 2014 10:40:08 -0700 (PDT)
Received: from gproxy4-pub.mail.unifiedlayer.com (gproxy4-pub.mail.unifiedlayer.com [69.89.23.142]) by ietfa.amsl.com (Postfix) with SMTP id 6D9B01A87D8 for <hipsec@ietf.org>; Tue, 23 Sep 2014 10:40:07 -0700 (PDT)
Received: (qmail 10612 invoked by uid 0); 23 Sep 2014 17:40:06 -0000
Received: from unknown (HELO cmgw3) (10.0.90.84) by gproxy4.mail.unifiedlayer.com with SMTP; 23 Sep 2014 17:40:06 -0000
Received: from box528.bluehost.com ([74.220.219.128]) by cmgw3 with id ung11o0082molgS01ng4nt; Tue, 23 Sep 2014 17:40:05 -0600
X-Authority-Analysis: v=2.1 cv=F6LEKMRN c=1 sm=1 tr=0 a=K/474su/0lCI2gKrDs9DLw==:117 a=K/474su/0lCI2gKrDs9DLw==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ZSdzdHkL1-cA:10 a=toYhf8nle-0A:10 a=3qaCO0jm4NsA:10 a=q7J0aIbBmN8A:10 a=IkcTkHD0fZMA:10 a=HYWc1YUsAAAA:8 a=IA_2sfgTpx8A:10 a=rREcAdlOb-AA:10 a=955c1-5d0r2W_PXDO_UA:9 a=QEXdDO2ut3YA:10
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tomh.org; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=Xm2Fh1pzgaaid8P2PsUWswga7Sm0aDLYEX+WP902p1A=; b=aGDJXexdzJqlOnxRdHS9vck88IpPb/WfXf/HI7GDvd5Q1NWFA8tSmrp+hcTtpLyQI+IaGMJqcqUmuJExMycbA8TErPoSiGnjoOsb5TsVkyNHJWu9BypNiR8G/PpmPyxb;
Received: from [71.231.123.189] (port=41857 helo=[192.168.168.42]) by box528.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <tomh@tomh.org>) id 1XWU4H-0001FR-V8; Tue, 23 Sep 2014 11:40:02 -0600
Message-ID: <5421B06F.5010301@tomh.org>
Date: Tue, 23 Sep 2014 10:39:59 -0700
From: Tom Henderson <tomh@tomh.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Julien Laganier <julien.ietf@gmail.com>
References: <5420863E.1060608@tomh.org> <20140922212826.5048E216C3B@bikeshed.isc.org> <54210668.4050605@tomh.org> <CAE_dhju-kOzE1PzTj_+wLfYS4_8kJhWqrxJ16sMC3W6b+sanxQ@mail.gmail.com>
In-Reply-To: <CAE_dhju-kOzE1PzTj_+wLfYS4_8kJhWqrxJ16sMC3W6b+sanxQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {3122:box528.bluehost.com:tomhorg:tomh.org} {sentby:smtp auth 71.231.123.189 authed with tomh@tomh.org}
Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/Oh5xf2kqfYXyo14PvF7fw8CzRDo
Cc: HIP <hipsec@ietf.org>, Francis Dupont <fdupont@isc.org>
Subject: Re: [Hipsec] clarification on HIT Suite IDs
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Sep 2014 17:40:09 -0000
Hi Julien, I agree generally with your recommendations but I have a modified proposal (below): On 09/23/2014 07:49 AM, Julien Laganier wrote: <snip> > > The statement about using more bits of the ORCHID to encode a HIT > suite ID seems to be factually incorrect, or at least it isn't > supported by the ORCHIDv2 generation scheme as published in RFC 7343. > > Since this document (5201-bis) doesn't seem to be the right place to > specify (future) ORCHID generation (a revision of ORCHIDv2 would), I'd > like to suggest that plans for future enhancements be removed from the > paragraph, and to only keep text necessary to ensure future > enhancements are not prevented. For this, reserving the value zero > seems to be enough. (and Appendix E already has a discussion of OGA ID > reuse for the purpose of ID space exhaustion). > > Accordingly, the paragraph would read: > > The ID field in the HIT_SUITE_LIST is defined as eight-bit field as > opposed to the four-bit HIT Suite ID and OGA field in the ORCHID. > This difference is a measure to accommodate larger HIT Suite IDs if > the 16 available values prove insufficient. Hence, the > current four-bit HIT Suite-IDs only use the four higher order bits in > the ID field. Future documents may define the use of the four lower- > order bits in the ID field. What I think is still lacking in the draft is a clear distinction between the OGA ID and the HIT Suite ID, and perhaps some clearer wording that the ID field in the HIT_SUITE_LIST is not yet another parameter needing a registry. HIT Suite IDs are a combination of hash function, HMAC, and signature algorithm(s). Francis stated that they are an extension of (or derived from) the OGA ID. The HIT_SUITE_LIST IDs are specific eight-bit encodings of the HIT Suite ID values. Accordingly, would you agree to a modification to your proposal, as follows? The ID field in the HIT_SUITE_LIST is an eight-bit field that encodes a HIT Suite ID value in its higher-order four bits, leaving the lower-order four bits reserved. The encoding is a measure to allow for possibly larger HIT Suite IDs in the future, although such expansion is outside the scope of this document. The lower-order four bits of the ID field are set to zero by the sender and ignored by the receiver. The HIT Suite IDs are an expansion of the OGA IDs that denote which hash function corresponds to a given HIT. The OGA ID encodes, in four bits, the value of the HIT Suite ID that corresponds to the hash function (and other algorithms) in use. A registry for the OGA ID is not separately established since the values are aligned with those of the HIT Suite ID. The four-bit OGA ID field only permits 15 HIT Suite IDs (the HIT Suite ID with value 0 is reserved) to be used at the same time. If 15 Suite IDs prove to be insufficient, future documents will specify how additional values can be accommodated. And if acceptable, make other editorial alignments to these statements... - Tom
- [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Ted Lemon
- Re: [Hipsec] clarification on HIT Suite IDs Rene Hummen
- Re: [Hipsec] clarification on HIT Suite IDs Gonzalo Camarillo
- Re: [Hipsec] clarification on HIT Suite IDs Rene Hummen
- Re: [Hipsec] clarification on HIT Suite IDs Rene Hummen
- Re: [Hipsec] clarification on HIT Suite IDs Gonzalo Camarillo
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Francis Dupont
- Re: [Hipsec] clarification on HIT Suite IDs Francis Dupont
- [Hipsec] Antwort: Re: clarification on HIT Suite … Tobias.Heer
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Tom Henderson
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Julien Laganier
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Miika Komu
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Tom Henderson
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Rene Hummen
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Tom Henderson
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Rene Hummen