IETF Logo Mail Archive

Re: [Hipsec] HIP parameters critical flag

Robert Moskowitz <rgm@htt-consult.com> Tue, 12 January 2010 18:48 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 67FCF3A6A08 for <hipsec@core3.amsl.com>; Tue, 12 Jan 2010 10:48:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aua9BB81GvLG for <hipsec@core3.amsl.com>; Tue, 12 Jan 2010 10:48:37 -0800 (PST)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 89E4F3A67E7 for <hipsec@ietf.org>; Tue, 12 Jan 2010 10:48:37 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 5964268B9E; Tue, 12 Jan 2010 19:46:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vri0dwkRkNXv; Tue, 12 Jan 2010 14:45:58 -0500 (EST)
Received: from nc2400.htt-consult.com (unknown [12.105.251.43]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id E0E4A68B93; Tue, 12 Jan 2010 14:45:57 -0500 (EST)
Message-ID: <4B4CC351.9010804@htt-consult.com>
Date: Tue, 12 Jan 2010 10:45:37 -0800
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Thunderbird/3.0
MIME-Version: 1.0
To: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
References: <4B4C9C1F.7050309@htt-consult.com> <AC120305-F2D2-428D-BFCB-CB12A4114598@cs.rwth-aachen.de> <FD98F9C3CBABA74E89B5D4B5DE0263B937813030C9@XCH-NW-12V.nw.nos.boeing.com> <4B4CB807.5090707@htt-consult.com> <FD98F9C3CBABA74E89B5D4B5DE0263B937813030CA@XCH-NW-12V.nw.nos.boeing.com>
In-Reply-To: <FD98F9C3CBABA74E89B5D4B5DE0263B937813030CA@XCH-NW-12V.nw.nos.boeing.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "hipsec@ietf.org" <hipsec@ietf.org>
Subject: Re: [Hipsec] HIP parameters critical flag
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2010 18:48:38 -0000

On 01/12/2010 10:27 AM, Ahrenholz, Jeffrey M wrote:
>    
>>> Have you considered extending the HOST_ID TLV by one field
>>>        
>> to include HIH (rather than using a separate parameter)?
>>      
>>> (for example the HI hi_hdr already indicates the RSA/DSA
>>>        
>> key type, the HIP_SIGNATURE contains SIG algorithm, etc.)
>>      
>>>
>>>        
>> I envision multiple HIH per HI.  With a possible ranking of
>> HIH for the HI.
>>      
> It seems hard to rank or negotiate the HIH since the HITs chosen in the HIP header are already derived using a particular HIH. If you chose a different HIH then you would start a new association using different HITs? Maybe I don't fully understand HIH yet...
>    

We are both correct  :)

The way that Tobias  and I are working out the changes to BEX to support 
HIH, I1 will have a HIT based on I's perfered HIH, but listing the HIHs 
I supports.  R1 would either just go with that or respond with R's 
perfered HIH.  In the later case, I would restart BEX with just one HIH, 
either what is in R1 or guessing it is the victim of a downgrade attack 
what I suspects is the right HIH to use.

Tobias, do you think it would be good to share your revised BEX exchange 
here?

v2.23.0 | Report a Bug | By Email