IETF Logo Mail Archive

Re: [Hipsec] clarification on HIT Suite IDs

Tom Henderson <tomh@tomh.org> Tue, 23 September 2014 17:40 UTC

Return-Path: <tomh@tomh.org>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 747A21A87DB for <hipsec@ietfa.amsl.com>; Tue, 23 Sep 2014 10:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.267
X-Spam-Level:
X-Spam-Status: No, score=-0.267 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aAH0TIUUks3l for <hipsec@ietfa.amsl.com>; Tue, 23 Sep 2014 10:40:08 -0700 (PDT)
Received: from gproxy4-pub.mail.unifiedlayer.com (gproxy4-pub.mail.unifiedlayer.com [69.89.23.142]) by ietfa.amsl.com (Postfix) with SMTP id 6D9B01A87D8 for <hipsec@ietf.org>; Tue, 23 Sep 2014 10:40:07 -0700 (PDT)
Received: (qmail 10612 invoked by uid 0); 23 Sep 2014 17:40:06 -0000
Received: from unknown (HELO cmgw3) (10.0.90.84) by gproxy4.mail.unifiedlayer.com with SMTP; 23 Sep 2014 17:40:06 -0000
Received: from box528.bluehost.com ([74.220.219.128]) by cmgw3 with id ung11o0082molgS01ng4nt; Tue, 23 Sep 2014 17:40:05 -0600
X-Authority-Analysis: v=2.1 cv=F6LEKMRN c=1 sm=1 tr=0 a=K/474su/0lCI2gKrDs9DLw==:117 a=K/474su/0lCI2gKrDs9DLw==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ZSdzdHkL1-cA:10 a=toYhf8nle-0A:10 a=3qaCO0jm4NsA:10 a=q7J0aIbBmN8A:10 a=IkcTkHD0fZMA:10 a=HYWc1YUsAAAA:8 a=IA_2sfgTpx8A:10 a=rREcAdlOb-AA:10 a=955c1-5d0r2W_PXDO_UA:9 a=QEXdDO2ut3YA:10
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tomh.org; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=Xm2Fh1pzgaaid8P2PsUWswga7Sm0aDLYEX+WP902p1A=; b=aGDJXexdzJqlOnxRdHS9vck88IpPb/WfXf/HI7GDvd5Q1NWFA8tSmrp+hcTtpLyQI+IaGMJqcqUmuJExMycbA8TErPoSiGnjoOsb5TsVkyNHJWu9BypNiR8G/PpmPyxb;
Received: from [71.231.123.189] (port=41857 helo=[192.168.168.42]) by box528.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <tomh@tomh.org>) id 1XWU4H-0001FR-V8; Tue, 23 Sep 2014 11:40:02 -0600
Message-ID: <5421B06F.5010301@tomh.org>
Date: Tue, 23 Sep 2014 10:39:59 -0700
From: Tom Henderson <tomh@tomh.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Julien Laganier <julien.ietf@gmail.com>
References: <5420863E.1060608@tomh.org> <20140922212826.5048E216C3B@bikeshed.isc.org> <54210668.4050605@tomh.org> <CAE_dhju-kOzE1PzTj_+wLfYS4_8kJhWqrxJ16sMC3W6b+sanxQ@mail.gmail.com>
In-Reply-To: <CAE_dhju-kOzE1PzTj_+wLfYS4_8kJhWqrxJ16sMC3W6b+sanxQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {3122:box528.bluehost.com:tomhorg:tomh.org} {sentby:smtp auth 71.231.123.189 authed with tomh@tomh.org}
Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/Oh5xf2kqfYXyo14PvF7fw8CzRDo
Cc: HIP <hipsec@ietf.org>, Francis Dupont <fdupont@isc.org>
Subject: Re: [Hipsec] clarification on HIT Suite IDs
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Sep 2014 17:40:09 -0000

Hi Julien,

I agree generally with your recommendations but I have a modified 
proposal (below):

On 09/23/2014 07:49 AM, Julien Laganier wrote:

<snip>
>
> The statement about using more bits of the ORCHID to encode a HIT
> suite ID seems to be factually incorrect, or at least it isn't
> supported by the ORCHIDv2 generation scheme as published in RFC 7343.
>
> Since this document (5201-bis) doesn't seem to be the right place to
> specify (future) ORCHID generation (a revision of ORCHIDv2 would), I'd
> like to suggest that plans for future enhancements be removed from the
> paragraph, and to only keep text necessary to ensure future
> enhancements are not prevented. For this, reserving the value zero
> seems to be enough. (and Appendix E already has a discussion of OGA ID
> reuse for the purpose of ID space exhaustion).
>
> Accordingly, the paragraph would read:
>
>       The ID field in the HIT_SUITE_LIST is defined as eight-bit field as
>       opposed to the four-bit HIT Suite ID and OGA field in the ORCHID.
>       This difference is a measure to accommodate larger HIT Suite IDs if
>       the 16 available values prove insufficient.  Hence, the
>       current four-bit HIT Suite-IDs only use the four higher order bits in
>       the ID field.  Future documents may define the use of the four lower-
>       order bits in the ID field.

What I think is still lacking in the draft is a clear distinction 
between the OGA ID and the HIT Suite ID, and perhaps some clearer 
wording that the ID field in the HIT_SUITE_LIST is not yet another 
parameter needing a registry.

HIT Suite IDs are a combination of hash function, HMAC, and signature 
algorithm(s).  Francis stated that they are an extension of (or derived 
from) the OGA ID.  The HIT_SUITE_LIST IDs are specific eight-bit 
encodings of the HIT Suite ID values.

Accordingly, would you agree to a modification to your proposal, as follows?

      The ID field in the HIT_SUITE_LIST is an eight-bit field that
      encodes a HIT Suite ID value in its higher-order four bits,
      leaving the lower-order four bits reserved.  The encoding is
      a measure to allow for possibly larger HIT Suite IDs in the
      future, although such expansion is outside the scope of this
      document.  The lower-order four bits of the ID field are set
      to zero by the sender and ignored by the receiver.

      The HIT Suite IDs are an expansion of the OGA IDs that denote
      which hash function corresponds to a given HIT.  The OGA ID
      encodes, in four bits, the value of the HIT Suite ID that
      corresponds to the hash function (and other algorithms) in use.
      A registry for the OGA ID is not separately established since
      the values are aligned with those of the HIT Suite ID.

      The four-bit OGA ID field only permits 15 HIT Suite IDs
      (the HIT Suite ID with value 0 is reserved) to be used at
      the same time.  If 15 Suite IDs prove to be insufficient,
      future documents will specify how additional values can
      be accommodated.

And if acceptable, make other editorial alignments to these statements...

- Tom

v2.23.0 | Report a Bug | By Email