Re: [Hipsec] Host ID Parameter in RFC5201-bis
Tobias Heer <heer@cs.rwth-aachen.de> Tue, 07 December 2010 17:00 UTC
Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D8CD03A6995 for <hipsec@core3.amsl.com>; Tue, 7 Dec 2010 09:00:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umPdWuUV0OTr for <hipsec@core3.amsl.com>; Tue, 7 Dec 2010 09:00:03 -0800 (PST)
Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by core3.amsl.com (Postfix) with ESMTP id 10D003A6813 for <hipsec@ietf.org>; Tue, 7 Dec 2010 09:00:02 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-2.rz.rwth-aachen.de ([134.130.5.41]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0LD2002ZBHYG7RB0@mta-1.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Tue, 07 Dec 2010 18:01:28 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.59,311,1288566000"; d="scan'208";a="44825737"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-2.rz.rwth-aachen.de with ESMTP; Tue, 07 Dec 2010 18:01:28 +0100
Received: from umic-i4-137-226-45-197.nn.rwth-aachen.de ([unknown] [137.226.45.197]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0LD2003SRHYGIK60@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Tue, 07 Dec 2010 18:01:28 +0100 (CET)
From: Tobias Heer <heer@cs.rwth-aachen.de>
In-reply-to: <FEFF0128-6D4E-459D-865F-F72D80107710@cs.rwth-aachen.de>
Date: Tue, 07 Dec 2010 18:01:28 +0100
Message-id: <4B133801-4207-4597-8B25-26FA7850359B@cs.rwth-aachen.de>
References: <AANLkTika2NWRahQkkEtBC26ZOga7EBAHYwOZuJLJvHrQ@mail.gmail.com> <FEFF0128-6D4E-459D-865F-F72D80107710@cs.rwth-aachen.de>
To: hipsec@ietf.org
X-Mailer: Apple Mail (2.1082)
Subject: Re: [Hipsec] Host ID Parameter in RFC5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2010 17:00:07 -0000
Hello Henrik,
I implemented your comments in RFC5201-bis. Do you think your comments are addressed adequately?
The new text on the HI looks like this:
5.2.8. HOST_ID
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HI Length |DI-type| DI Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Algorithm | Host Identity /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ | Domain Identifier /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 705
Length length in octets, excluding Type, Length, and
Padding
HI Length length of the Host Identity in octets
DI-type type of the following Domain Identifier field
Algorithm index to the employed algorithm
DI Length length of the FQDN or NAI in octets
Host Identity actual Host Identity
Domain Identifier the identifier of the sender
The Host Identity is derived from the DNSKEY format for RSA and DSA.
For these, the Public Key field of the RDATA part from RFC 4034
[RFC4034] is used. For ECC we distinguish two different profiles:
ECDSA and ECDSA_LOW. ECC contains curves approved by NIST and
defined in RFC 4754 [RFC4754]. ECDSA_LOW is defined for devices with
low computational capabilities and uses shorter curves from SECG
[SECG].
Algorithm
profiles Values
RESERVED 0
DSA 3 [RFC2536] (RECOMMENDED)
RSA 5 [RFC3110] (REQUIRED)
ECDSA 7 [RFC4754] (RECOMMENDED)
ECDSA_LOW 9 [SECG] (RECOMMENDED)
For ECDSA and ECDSA_LOW Host Identities is represented by the
following fields:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ECC Curve | /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ Public Key |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ECC Curve Curve label
Public Key Represented in Octet-string format
[I-D.mcgrew-fundamental-ecc]
For hosts that implement ECDSA as algorithm the following ECC curves
are required:
Algorithm Curve Values
ECDSA RESERVED 0
ECDSA NIST-P-256 1 [RFC4754]
ECDSA NIST-P-384 2 [RFC4754]
For hosts that implement the ECC_LOW algorithm profile, the following
curve is required:
Algorithm Curve Values
ECDSA_LOW RESERVED 0
ECDSA_LOW SECP160R1 1 [SECG]
The following DI-types have been defined:
Type Value
none included 0
FQDN 1
NAI 2
FQDN Fully Qualified Domain Name, in binary format.
NAI Network Access Identifier
The format for the FQDN is defined in RFC 1035 [RFC1035] Section 3.1.
The format for NAI is defined in [RFC4282]
If there is no Domain Identifier, i.e., the DI-type field is zero,
the DI Length field is set to zero as well.
Best regards,
Tobias
Am 02.12.2010 um 17:14 schrieb Tobias Heer:
> Hello Henrik,
>
> thanks for the input. Short version: I think you comments are good and the HI parameter should be self-contained. I agree with removing the DNSKEY format.
>
> More comments in line.
>
> Am 30.11.2010 um 19:01 schrieb Henrik Ziegeldorf:
>
>> Hi,
>>
>> I'm currently implementing basic elliptic curve cryptography for HIP according to RFC5201-bis,
>> and have some suggestions concerning the Host ID parameter (Sect. 5.2.8).
>>
>> I'd like to discuss the following points:
>>
>> 1) Self-containment of the host_id parameter: For RSA/DSA identities an algorithm field is specified, for ECDSA identities there is none.
>>
>> For RSA and DSA the format of the host identity field is defined as the DNSKEY format.
>>
>> 0 1 2 3
>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | flags | protocol | algorithm |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | /
>> / public key /
>> / /
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
>>
>> For ECC, the host identity field format is defined as follows:
>>
>> 0 1 2 3
>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | ECC Curve | |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | Public Key /
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
>> Note, that the format for ECDSA identities has no algorithm field, which would allow to identify the use of ECDSA algorithm.
>> This isn't really serious, since we can determine from HIT_SUITE_LIST parameter which algorithms we use.
>> However, this leads to the parameter not being self-contained anymore,
>> since from the host_id parameter alone we cannot distinguish the algorithms in use, i.e. RSA, DSA or ECDSA.
>>
>> I see two alternatives to provide for self-containment (and make it easier to implement):
>>
>>
>> a) Adapt the format of the ECC HI field to the format for RSA and DSA identities.
>> I guess this would make sense, if their is some future usecase in HIP for the flags and protocol fields.
>>
>> 0 1 2 3
>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | flags | protocol | algorithm |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | ECC Curve | Public Key /
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
>> / /
>> / /
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
> After some thinking, I would not favor this alternative although there are efforts to define DNSKEY for ECC. First, I don't know if it is a good plan to attach to these ongoing efforts because they have different goals than HIP (e.g., http://tools.ietf.org/html/draft-hoffman-dnssec-ecdsa-04 only defines p-256 and p-384, no lower - we would not have a curve for low-power devices). We could try to ask for lower curves but I think it is not likely to have DNSKEY documents for all curves (e.g., binary curves, etc.) that might be needed for different HIP use cases.
>
> If we wouldn't attach to these efforts and define our own curves but reuse the DNSKEY format and description we would need our own algorithm numbers assigned to be compatible with DNSKEY. I don't think this is useful in terms of standardization of DNSKEY. Hence, I would prefer the alternative mentioned below and define DNSKEY mappings for HIs instead. That way, one could still pull the keys from DNS and apply minor conversions to generate a HI from it.
>
>>
>> b) Dump the flags and protocol fields (and loose compatibility to DNSKEY Format as defined in RFC2535 3.1)
>> and include algorithm as a fixed field in the host_id parameter, f.e.
>>
>> 0 1 2 3
>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | Type | Length |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | HI Length |DI-type| DI Length |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | Algorithm | Host Identity /
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> / | Domain Identifier /
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> / | Padding |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
>> To me, this makes more sense, since values for the algorithms are already defined in Sect. 5.2.8
>> (but might only be used with the RSA, DSA formats).
>>
>> Algorithms Values
>>
>> RESERVED 0
>> DSA 3 [RFC2536] (RECOMMENDED)
>> RSA 5 [RFC3110] (REQUIRED)
>> ECDSA 7 [fundamental-ecc] (RECOMMENDED)
>>
>> Without an explicit algorithm field, it is unclear where to use the ECDSA value.
>
> To me it makes sense. Anyone on the list with good reasons not to do this?
>
>>
>> 2) If the host_id parameter format was not changed, the following happens:
>>
>> - First, we would need HIP_SUITE_LIST to distinguish RSA/DSA and ECDSA.
>> - Then, in the RSA/DSA case we would need to peek into the host identity's algorithm field to distinguish RSA and DSA,
>> since HIT_SUITE_LIST does not distinguish between RSA and DSA.
>>
>> I think it is nicer and cleaner to have one single field to distinguish between the RSA, DSA and ECDSA (and other future algorithms),
>> instead of having this two-step process to distinguishing algorithms. (And also, this supports my point above.)
>
> Yes, self-containment is essential - also for storing and passing on the HIs.
>>
>>
>> 2) Minor editorial change:
>> In RFC5201-bis the definition of the ECC host identity gives the impression,
>> that there seem are 2 undefined bytes directly after ECC Curve field.
>> Shouldn't the format for ECC HI's be written like this instead:
>>
>> 0 1 2 3
>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | ECC Curve | Public Key /
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
>> / /
>> / /
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
> ACK.
>
> Tobias
> --
> Dipl.-Inform. Tobias Heer, Ph.D. Student
> Chair of Communication and Distributed Systems - comsys
> RWTH Aachen University, Germany
> tel: +49 241 80 207 76
> web: http://ds.cs.rwth-aachen.de/members/heer
> blog: http://dtobi.wordpress.com/
> card: http://card.ly/dtobi
>
> _______________________________________________
> Hipsec mailing list
> Hipsec@ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec
--
Dipl.-Inform. Tobias Heer, Ph.D. Student
Chair of Communication and Distributed Systems - comsys
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer
blog: http://dtobi.wordpress.com/
card: http://card.ly/dtobi
- [Hipsec] Host ID Parameter in RFC5201-bis Henrik Ziegeldorf
- Re: [Hipsec] Host ID Parameter in RFC5201-bis Tobias Heer
- Re: [Hipsec] Host ID Parameter in RFC5201-bis Tobias Heer