Re: [Hipsec] Proposed new list for HIP_TRANSFORM
Tobias Heer <heer@cs.rwth-aachen.de> Thu, 07 January 2010 10:58 UTC
Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5AD773A681D for <hipsec@core3.amsl.com>; Thu, 7 Jan 2010 02:58:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQqFRKT0FpD0 for <hipsec@core3.amsl.com>; Thu, 7 Jan 2010 02:58:05 -0800 (PST)
Received: from mta-2.ms.rz.rwth-aachen.de (mta-2.ms.rz.RWTH-Aachen.DE [134.130.7.73]) by core3.amsl.com (Postfix) with ESMTP id 6EF7D3A67B2 for <hipsec@ietf.org>; Thu, 7 Jan 2010 02:58:05 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-2.rz.rwth-aachen.de ([134.130.5.41]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0KVV005OTIGQV810@mta-2.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Thu, 07 Jan 2010 11:58:02 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.49,234,1262559600"; d="scan'208";a="21617656"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-2.rz.rwth-aachen.de with ESMTP; Thu, 07 Jan 2010 11:58:02 +0100
Received: from umic-137-226-154-185.nn.rwth-aachen.de ([unknown] [137.226.154.185]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0KVV00CJ4IGQXV10@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Thu, 07 Jan 2010 11:58:02 +0100 (CET)
From: Tobias Heer <heer@cs.rwth-aachen.de>
In-reply-to: <CE2F5651-0202-4D6F-B357-CFD49ABF0815@indranet.co.nz>
Date: Thu, 07 Jan 2010 12:58:02 +0100
Message-id: <7DD22BB2-22FE-4EF9-B6BD-9BD2ED3333CB@cs.rwth-aachen.de>
References: <4B440CA5.3010209@htt-consult.com> <4B44C35E.8090200@hiit.fi> <4B44CA15.2070905@htt-consult.com> <4B44D016.7050102@hiit.fi> <CE2F5651-0202-4D6F-B357-CFD49ABF0815@indranet.co.nz>
To: Robert Moskowitz <rgm@htt-consult.com>
X-Mailer: Apple Mail (2.1077)
Cc: hip WG <hipsec@ietf.org>
Subject: Re: [Hipsec] Proposed new list for HIP_TRANSFORM
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2010 10:58:06 -0000
Am 07.01.2010 um 04:22 schrieb Andrew McGregor: > > On 07/01/2010, at 7:01 AM, Miika Komu wrote: > >> Robert Moskowitz wrote: >> >> Hi, >> >>> On 01/06/2010 12:07 PM, Miika Komu wrote: >>>> Robert Moskowitz wrote: >>>> >>>> Hi, >>>> >>>>> Proposed new list for HIP_TRANSFORM: >>>>> >>>>> Suite ID Value >>>>> >>>>> RESERVED 0 >>>>> ... >>>>> AES-GCM with a 16 octet ICV 14 [RFC4106] >>>> >>>> seems fine with me. Should the "natural" key size be reflected in some of the algorithms descriptions? >>> I am not sure what you are alluding to here. Key sizes for AES-based transforms start at 128 and go up. If you are asking about those 8/12/16 sizes in CCM and GCM, that applies to the auth size. >> >> do we have to negotiate AES key size? > > No! We need more suite IDs for the key sizes we're going to use. > > The whole point of using suites in the first place was, once you have the suite you know everything you need to know about the crypto setup... you can literally just use the suite-id as an index into a table of all the numbers. > I agree. I think we should also tie the MAC Algorithm for the HIP control packets to the transform to avoid a separate negotiation. Or can you imagine a case in which the ESP MAC algorithm and the HIP control channel MAC algorithm should differ? Tobias > Andrew > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec -- Dipl.-Inform. Tobias Heer, Ph.D. Student Distributed Systems Group RWTH Aachen University, Germany tel: +49 241 80 207 76 web: http://ds.cs.rwth-aachen.de/members/heer
- [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Andrew McGregor
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
- Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
- [Hipsec] Fwd: Proposed new list for HIP_TRANSFORM Tobias Heer