IETF Logo Mail Archive

Re: [Hipsec] clarification on HIT Suite IDs

Julien Laganier <julien.ietf@gmail.com> Tue, 23 September 2014 14:49 UTC

Return-Path: <julien.ietf@gmail.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FAD71A86F3 for <hipsec@ietfa.amsl.com>; Tue, 23 Sep 2014 07:49:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aDrXjxA72Uu1 for <hipsec@ietfa.amsl.com>; Tue, 23 Sep 2014 07:49:53 -0700 (PDT)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 822FC1A1ADC for <hipsec@ietf.org>; Tue, 23 Sep 2014 07:49:53 -0700 (PDT)
Received: by mail-lb0-f173.google.com with SMTP id 10so7072318lbg.4 for <hipsec@ietf.org>; Tue, 23 Sep 2014 07:49:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+5GZ7qA8Ffr6MaQVk/80a7vc1CwIZ1qxA3Jqa382tno=; b=NOmYKGFJ3SdhV3+xa77kXFx9ud6oLoIbH0Pg+GFnANmYMOwx18ulZJABqBvlaPYSpo 892CezLxNg8YeQzmXUYxcrpjcR88aUtKgP9X16o5DG86OdeAPU850tGPFT8AT6KNVQw8 Ltaggs4VkuR0ste1+ifBut9eCx2wj8zC2+OpVelXOu25oCOv+uF1NVwEKUx7MvWdHSYY H3ysxHCGUDhONllf8aw8Qo2uIuNbWEiZpQbvziqeo8NkaHzMRPORIXHWSRfvyPkJ/tTq qkoNCbCJy1TgJRBnbIU3dtmQg/Wg9t3vkxgxhzAiTe0fKv2jh/DnXh400pPrpa6dx7jp mSwQ==
MIME-Version: 1.0
X-Received: by 10.152.87.170 with SMTP id az10mr201414lab.20.1411483791726; Tue, 23 Sep 2014 07:49:51 -0700 (PDT)
Received: by 10.25.210.4 with HTTP; Tue, 23 Sep 2014 07:49:51 -0700 (PDT)
In-Reply-To: <54210668.4050605@tomh.org>
References: <5420863E.1060608@tomh.org> <20140922212826.5048E216C3B@bikeshed.isc.org> <54210668.4050605@tomh.org>
Date: Tue, 23 Sep 2014 07:49:51 -0700
Message-ID: <CAE_dhju-kOzE1PzTj_+wLfYS4_8kJhWqrxJ16sMC3W6b+sanxQ@mail.gmail.com>
From: Julien Laganier <julien.ietf@gmail.com>
To: Tom Henderson <tomh@tomh.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/T3KSEptlqFaTWLsol9Lb3IC0AMs
Cc: HIP <hipsec@ietf.org>, Francis Dupont <fdupont@isc.org>
Subject: Re: [Hipsec] clarification on HIT Suite IDs
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Sep 2014 14:49:55 -0000

Hi Tom,

Please see inline.

On Mon, Sep 22, 2014 at 10:34 PM, Tom Henderson <tomh@tomh.org> wrote:
> On 09/22/2014 02:28 PM, Francis Dupont wrote:
>
>>>
>>> Basically, the draft is saying that if HIT Suite ID is zero, then this
>>> ORCHID encoding:
>>>
>>>    ORCHID     :=  Prefix | OGA ID | Encode_96( Hash )
>>>
>>> becomes instead:
>>>
>>>    ORCHID     :=  Prefix | HIT Suite ID | Encode_92( Hash )
>>>
>>> and the bits immediately after the Prefix are used also to identify the
>>> length of this OGA ID.  It seems to me that this could either be
>>> clarified further in the draft, or simplified.
>>
>>
>> => no, it doesn't say that: the current wording is:
>>
>>     The ID field in the HIT_SUITE_LIST is defined as eight-bit field as
>>     opposed to the four-bit HIT Suite ID and OGA field in the ORCHID.
>>     This difference is a measure to accommodate larger HIT Suite IDs if
>>     the 16 available values prove insufficient.  In that case, one of the
>>     16 values, zero, will be used to indicate that four additional bits
>>     of the ORCHID will be used to encode the HIT Suite ID.  Hence, the
>>     current four-bit HIT Suite-IDs only use the four higher order bits in
>>     the ID field.  Future documents may define the use of the four lower-
>>     order bits in the ID field.
>
>
> Perhaps we can agree that it is ambiguous; elsewhere it also states:
>
>       For the time being, the HIT Suite uses only four bits because
>       these bits have to be carried in the HIT.  Using more bits for the
>       HIT Suite ID reduces the cryptographic strength of the HIT.
>
> which implied to me that the HIT suite ID may in the future consume more
> bits presently allocated to hash.

The statement about using more bits of the ORCHID to encode a HIT
suite ID seems to be factually incorrect, or at least it isn't
supported by the ORCHIDv2 generation scheme as published in RFC 7343.

Since this document (5201-bis) doesn't seem to be the right place to
specify (future) ORCHID generation (a revision of ORCHIDv2 would), I'd
like to suggest that plans for future enhancements be removed from the
paragraph, and to only keep text necessary to ensure future
enhancements are not prevented. For this, reserving the value zero
seems to be enough. (and Appendix E already has a discussion of OGA ID
reuse for the purpose of ID space exhaustion).

Accordingly, the paragraph would read:

     The ID field in the HIT_SUITE_LIST is defined as eight-bit field as
     opposed to the four-bit HIT Suite ID and OGA field in the ORCHID.
     This difference is a measure to accommodate larger HIT Suite IDs if
     the 16 available values prove insufficient.  Hence, the
     current four-bit HIT Suite-IDs only use the four higher order bits in
     the ID field.  Future documents may define the use of the four lower-
     order bits in the ID field.


(and that is beyond this discussion, but given that adding more suite
IDs presumably addresses a need for _increased_ security, it is
counter intuitive to already decide to achieve that by _reducing_ the
size of the encoded hash output, but I digress)

<snip>

> Perhaps we could start by trying to resolve whether the plan should be to
> reuse four-bit values if the space is eventually exceeded, or whether the
> HIT suite ID may grow in the future (and how that affects the ORCHID).
> Maybe we do not need to specify the plan in this draft; maybe we could just
> avoid the problem for now and just keep value 0 reserved and state that what
> to do when the HIT_SUITE_ID space is exhausted is for further study, with
> deprecated value reuse and expansion of the HIT Suite ID being two
> possibilities.

IMHO it is premature to plan for the ID space exhaustion while it has
not happened and we do not have an understanding of what will cause
the ID space to be exhausted (if it ever does.) E.g., if none of the
hash functions chosen in HIP suites provided enough security in 96
bits truncated output, will there be a new hash function that will? So
the discussion on contingency plan seems moot at this point in time.

Thus it seems keeping zero reserved is good enough for now.

> Another basic question I have is whether the table 11 in Appendix E should
> be merged with the unlabeled table at the end of 5.2.10 (and located in
> 5.2.10), and whether Appendix E text in general ought to be brought forward
> in the draft to section 3.2 and/or 5.2.10.

I think that makes sense since it is normative.

--julien

v2.23.0 | Report a Bug | By Email