Re: [Hipsec] Status of draft-ietf-hip-dex
René Hummen <hummen.committees@gmail.com> Tue, 15 January 2019 23:25 UTC
Return-Path: <hummen.committees@gmail.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A91BC12D4EF for <hipsec@ietfa.amsl.com>; Tue, 15 Jan 2019 15:25:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4XuKtrreZVjS for <hipsec@ietfa.amsl.com>; Tue, 15 Jan 2019 15:25:33 -0800 (PST)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06815128766 for <hipsec@ietf.org>; Tue, 15 Jan 2019 15:25:33 -0800 (PST)
Received: by mail-wm1-x333.google.com with SMTP id a62so151148wmh.4 for <hipsec@ietf.org>; Tue, 15 Jan 2019 15:25:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-transfer-encoding:content-language:thread-index; bh=/s579tRw3xkR//EPzVClgfztJBfnz5vjM0AOW+OIMIA=; b=ChbwEZX1Zl3fMNOLwjZZx+HR14POIM6vuhEg8WzzpHNhkYEStJI4WOtmEERomtIy8y OamZu8PO9nRQFjKRH3CJF8YIddc+A9JwZX4Tk1Dtfb+kbyb7mcSS7q5rtTEPdPx5Hi1a urooFdVYdhZA6ufPLERD48gQq0OkOzZPWo8+616tFl0sRLeYv7yb4bIkINPCbrk2Gjva xMAaKFdpxvOYbXe9bFGiPQt7Pd6SZ5ruj5bcEVR8tFDALaMLElpkqnHeDxFJaB+vocvW MvJgAsd+gg+6kG94DymWxcrkRL10GLEA+N4EBZW2RjBtBg84ILtjrIbaOvghsDLmpE1X v3Ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:content-language :thread-index; bh=/s579tRw3xkR//EPzVClgfztJBfnz5vjM0AOW+OIMIA=; b=Uc6yj4PZ45aXAekRfK48TJxMH7ytMN95jfbuSTeFkU2ClHtih/PRlcvn01vtWVwn1T FoCxPr3WaC9Q2DpyfwwROdlDnmyEvzwMT/PAjOTwBuH+wrbJrexW7/CGDx2cjfXQFkk8 wAVFybXn/dauLIUwL2TQXK/gYBkapThn+3JeKzgcnGcSZxGIlz/jt8br6G+QLejW5sT8 RRLIcKage3zLmAwIG0WZGfdrr5+MugJxGEyldLLl7/z7QRVHB6cTAtUGWOKuinKWlsFw A9yjPonC36nIauEebj6crkZE42b5tRhEI5gcjTSKmIqfNxGn4Mgv27bdG7x2BkshjpwX PRXw==
X-Gm-Message-State: AJcUukfH0Wlz1+leOEpk5GNVwInZMbS/b90YmCqECUmlJmT33arB1kB5 SdpwIk+OySqT+r0VuwIXvw==
X-Google-Smtp-Source: ALg8bN5KMJ0LpBJ0duMYUZAipyqp4xUnRj7uDUWwHGq0h8goroeH8s/eGJoPiWVy/WvMouQxQP9o5g==
X-Received: by 2002:a1c:c87:: with SMTP id 129mr4901934wmm.116.1547594731430; Tue, 15 Jan 2019 15:25:31 -0800 (PST)
Received: from DESKTOPPC (HSI-KBW-046-005-004-028.hsi8.kabel-badenwuerttemberg.de. [46.5.4.28]) by smtp.gmail.com with ESMTPSA id c8sm61366238wrx.42.2019.01.15.15.25.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Jan 2019 15:25:30 -0800 (PST)
From: René Hummen <hummen.committees@gmail.com>
To: 'Gonzalo Camarillo' <Gonzalo.Camarillo@ericsson.com>, 'Robert Moskowitz' <rgm@htt-consult.com>, 'HIP' <hipsec@ietf.org>
References: <b1d0d946-2e8c-ecbe-9a9f-9e3ee1e33528@ericsson.com>
In-Reply-To: <b1d0d946-2e8c-ecbe-9a9f-9e3ee1e33528@ericsson.com>
Date: Wed, 16 Jan 2019 00:25:30 +0100
Message-ID: <074001d4ad29$9b24eda0$d16ec8e0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: de
Thread-index: AQFs7PeVk3qFTDFxKJbfcw4P+czNoaaAUW6Q
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/eBdpT5LxLIAEslbU-aY5Sxw4tBo>
Subject: Re: [Hipsec] Status of draft-ietf-hip-dex
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2019 23:25:36 -0000
Hi Gonzalo, Bob, all, sorry for being unresponsive. I have been working extensively on the draft in the past since becoming co-editor of draft-moskowitz-hip-dex-01 back in March 2014, but I have not been following HIP-related emails lately in accordance with Bob. I also want to take this opportunity to note that I will not have any significant amount of time for contributions in the future. That said, I still would like to briefly explain the high-level rationale behind our choice of cryptographic primitives for HIP DEX, which are Eric's key points as I see it: In 2014 and beyond, many (Industrial) IoT devices often did not offer communication security or relied on fixed symmetric keys, potentially resulting in overuse of these keys. This was - and to my understanding still is - a direct result of the relatively high cost (ROM, RAM, CPU cycles, network usage) of public key cryptography on many microcontroller-based embedded devices. Taking HIP BEX as a starting point, the idea therefore was to reduce the overhead of the cryptographic primitives by omitting public-key signatures and hash functions as the main overhead drivers regarding the above cost factors. That also meant losing some cryptographic properties such as PFS and SIGMA-compliance, many of which are taken for granted for traditional Internet security. This is the trade-off that we were willing to accept for HIP DEX in order to improve on deployed state of the art and our approach is to be very open about these trade-offs. This is why we added text to that direction right to the start of the document (https://tools.ietf.org/html/draft-ietf-hip-dex-06#section-1). I suggest for the WG to decide whether this rationale and these trade-offs are still valid and acceptable in 2019 and to proceed accordingly. @Bob: Please comment if your view differs. Regards, René -----Original Message----- From: Hipsec <hipsec-bounces@ietf.org> On Behalf Of Gonzalo Camarillo Sent: Dienstag, 15. Januar 2019 15:28 To: HIP <hipsec@ietf.org> Subject: [Hipsec] Status of draft-ietf-hip-dex Hi, I want to give the group a status update on the HIP DEX draft. Terry, our AD, had to remove it from the agenda of the telechat where it was going to be discussed (in May) because of security-related concerns about the draft (from the Security ADs). We have been periodically pinging Rene and Bob (authors of the draft) since then (9 months!), but we have not been able to get any response from them... note that we had added Rene as a coauthor of this draft because Bob's lack of cycles. Terry would like to get this done by the end of February. Any proposals on how to proceed? Cheers, Gonzalo _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] Status of draft-ietf-hip-dex Gonzalo Camarillo
- Re: [Hipsec] Status of draft-ietf-hip-dex René Hummen
- Re: [Hipsec] Status of draft-ietf-hip-dex Gonzalo Camarillo