Re: [Hipsec] The HIT prefix once again
Bob Hinden <bob.hinden@nokia.com> Tue, 02 August 2005 07:14 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dzqz5-0001WM-Sk; Tue, 02 Aug 2005 03:14:43 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DzdWD-00007e-Ba for hipsec@megatron.ietf.org; Mon, 01 Aug 2005 12:52:01 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA23583 for <hipsec@ietf.org>; Mon, 1 Aug 2005 12:51:58 -0400 (EDT)
Received: from mgw-ext01.nokia.com ([131.228.20.93]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Dze2W-00027w-Lp for hipsec@ietf.org; Mon, 01 Aug 2005 13:25:25 -0400
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext01.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id j71GpvQg020066; Mon, 1 Aug 2005 19:51:57 +0300
Received: from esebh003.NOE.Nokia.com ([172.21.138.82]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 1 Aug 2005 19:51:57 +0300
Received: from l5131412.nokia.com ([172.25.154.244]) by esebh003.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Mon, 1 Aug 2005 19:51:56 +0300
Message-Id: <6.2.1.2.2.20050801094928.02d0f9e8@daebe102.noe.nokia.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Mon, 01 Aug 2005 09:51:53 -0700
To: Pekka Nikander <pekka.nikander@nomadiclab.com>
From: Bob Hinden <bob.hinden@nokia.com>
Subject: Re: [Hipsec] The HIT prefix once again
In-Reply-To: <A48CA79D-6913-4265-A16F-CF35F2BD04F2@nomadiclab.com>
References: <200507310744.j6V7iWl6004438@givry.rennes.enst-bretagne.fr> <A48CA79D-6913-4265-A16F-CF35F2BD04F2@nomadiclab.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-OriginalArrivalTime: 01 Aug 2005 16:51:56.0956 (UTC) FILETIME=[53D5BDC0:01C596B9]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
X-Mailman-Approved-At: Tue, 02 Aug 2005 03:14:42 -0400
Cc: gabriel montenegro <gabriel_montenegro_2000@yahoo.com>, hipsec@ietf.org, Brian Haberman <brian@innovationslab.net>, Bob Hinden <bob.hinden@nokia.com>
X-BeenThere: hipsec@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@lists.ietf.org>
List-Help: <mailto:hipsec-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=subscribe>
Sender: hipsec-bounces@lists.ietf.org
Errors-To: hipsec-bounces@lists.ietf.org
Pekka, At 06:52 AM 08/01/2005, Pekka Nikander wrote: >Bob, > >Do you want me to put up a slide or two on this at the end of the >IPv6 WG tomorrow? Or would it be better to have a more compelling >draft (than the one by Francis) first? I talked about it with Brian Haberman and we both think the agenda is already too tight and it might generate a long unfocused discussion. We think it would be better to write the draft and then ask for comments and discussion. Thanks, Bob >Francis, > >I finally had time to read your draft, http://www.ietf.org/internet- >drafts/draft-dupont-ipv6-cgpref-01.txt I think you need to have >reference to a document that defines how GCIDs are supposed to be >used; I didn't see any. Alone I don't see how you draft would make a >compelling case. > >However, going more to the technical level, we may want to share the >exactly same name space. > >AFAICT, the HITs and CBIDs are formed as follows: > > HIT = prefix | encode(hash(public key)) > > CBID = prefix | encode(hash(any string)) > >where, in both cases, there prefix defines the 'encode' and 'hash' >functions used. In the HIT case the public key must be understood >from the context, and AFAICT in the CBID case the "any string" must >also be understood from the context. It also looks like that we can >use the exactly same 'encode' and 'hash' functions, as the >requirements for them are the same. Initially, we would apparently >be just taking the low order bits of the hash as the encoding and use >SHA1 as the hash function. Or do you have different requirements? > >Now, based on that we could share the exactly same name space, i.e., >just have a single prefix. One potential complication is that it is >much easier to generate arbitrary strings than even short public >keys. However, based on my strawperson analysis, that doesn't matter >since HIP, by default, expects the HIT to be a hash of a public key >and does not accept anything else. Hence, the fact that arbitrary >strings are easier to generate that public keys doesn't matter. > >The biggest difference seems to be on our needs w.r.t the time frame >for the assignment. I really think that a temporary assignment with >the default of the assignment going back by, say, 2009, would be >better. In that way that space does not keep assigned if the >experimentation fails and it is not used. On the other hand, if any >efforts using the space succeed and the space is being used, the >space is there and can be used. > >Hence, I think we can go for asking a single shared address space. >My proposal is to go for a proposal that says: > > Assign a /5 provisionally for this use, with the next 3 bits reserved > for the case that the existing hash algorithm fails, resulting in > /8 which is the only part that gets assigned at this time. > > If the IPv6 WG feels that assigning a /5 or /8 is too much, then we > just need to live with that and live with the lower security level. > >As I said during the f2f meeting, I am planning to write a short >draft on this in the near future but would really appreciate help. > >--Pekka > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec
- [Hipsec] Type 1 and 2 HITs Julien Laganier
- [Hipsec] Re: Type 1 and 2 HITs Pekka Nikander
- RE: [Hipsec] Re: Type 1 and 2 HITs Henderson, Thomas R
- [Hipsec] The HIT prefix once again (was Re: Re: T… Pekka Nikander
- Re: [Hipsec] The HIT prefix once again (was Re: R… Francis Dupont
- Re: [Hipsec] The HIT prefix once again (was Re: R… Pekka Nikander
- Re: [Hipsec] The HIT prefix once again (was Re: R… Francis Dupont
- Re: [Hipsec] The HIT prefix once again Pekka Nikander
- Re: [Hipsec] The HIT prefix once again Francis Dupont
- Re: [Hipsec] The HIT prefix once again Bob Hinden
- [Hipsec] Type 1 and 2 HITs Petri Jokela