Re: [Hipsec] Status of draft-ietf-hip-dex

René Hummen <hummen.committees@gmail.com> Tue, 15 January 2019 23:25 UTC

Return-Path: <hummen.committees@gmail.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A91BC12D4EF for <hipsec@ietfa.amsl.com>; Tue, 15 Jan 2019 15:25:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4XuKtrreZVjS for <hipsec@ietfa.amsl.com>; Tue, 15 Jan 2019 15:25:33 -0800 (PST)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06815128766 for <hipsec@ietf.org>; Tue, 15 Jan 2019 15:25:33 -0800 (PST)
Received: by mail-wm1-x333.google.com with SMTP id a62so151148wmh.4 for <hipsec@ietf.org>; Tue, 15 Jan 2019 15:25:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-transfer-encoding:content-language:thread-index; bh=/s579tRw3xkR//EPzVClgfztJBfnz5vjM0AOW+OIMIA=; b=ChbwEZX1Zl3fMNOLwjZZx+HR14POIM6vuhEg8WzzpHNhkYEStJI4WOtmEERomtIy8y OamZu8PO9nRQFjKRH3CJF8YIddc+A9JwZX4Tk1Dtfb+kbyb7mcSS7q5rtTEPdPx5Hi1a urooFdVYdhZA6ufPLERD48gQq0OkOzZPWo8+616tFl0sRLeYv7yb4bIkINPCbrk2Gjva xMAaKFdpxvOYbXe9bFGiPQt7Pd6SZ5ruj5bcEVR8tFDALaMLElpkqnHeDxFJaB+vocvW MvJgAsd+gg+6kG94DymWxcrkRL10GLEA+N4EBZW2RjBtBg84ILtjrIbaOvghsDLmpE1X v3Ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:content-language :thread-index; bh=/s579tRw3xkR//EPzVClgfztJBfnz5vjM0AOW+OIMIA=; b=Uc6yj4PZ45aXAekRfK48TJxMH7ytMN95jfbuSTeFkU2ClHtih/PRlcvn01vtWVwn1T FoCxPr3WaC9Q2DpyfwwROdlDnmyEvzwMT/PAjOTwBuH+wrbJrexW7/CGDx2cjfXQFkk8 wAVFybXn/dauLIUwL2TQXK/gYBkapThn+3JeKzgcnGcSZxGIlz/jt8br6G+QLejW5sT8 RRLIcKage3zLmAwIG0WZGfdrr5+MugJxGEyldLLl7/z7QRVHB6cTAtUGWOKuinKWlsFw A9yjPonC36nIauEebj6crkZE42b5tRhEI5gcjTSKmIqfNxGn4Mgv27bdG7x2BkshjpwX PRXw==
X-Gm-Message-State: AJcUukfH0Wlz1+leOEpk5GNVwInZMbS/b90YmCqECUmlJmT33arB1kB5 SdpwIk+OySqT+r0VuwIXvw==
X-Google-Smtp-Source: ALg8bN5KMJ0LpBJ0duMYUZAipyqp4xUnRj7uDUWwHGq0h8goroeH8s/eGJoPiWVy/WvMouQxQP9o5g==
X-Received: by 2002:a1c:c87:: with SMTP id 129mr4901934wmm.116.1547594731430; Tue, 15 Jan 2019 15:25:31 -0800 (PST)
Received: from DESKTOPPC (HSI-KBW-046-005-004-028.hsi8.kabel-badenwuerttemberg.de. [46.5.4.28]) by smtp.gmail.com with ESMTPSA id c8sm61366238wrx.42.2019.01.15.15.25.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Jan 2019 15:25:30 -0800 (PST)
From: =?iso-8859-1?Q?Ren=E9_Hummen?= <hummen.committees@gmail.com>
To: "'Gonzalo Camarillo'" <Gonzalo.Camarillo@ericsson.com>, "'Robert Moskowitz'" <rgm@htt-consult.com>, "'HIP'" <hipsec@ietf.org>
References: <b1d0d946-2e8c-ecbe-9a9f-9e3ee1e33528@ericsson.com>
In-Reply-To: <b1d0d946-2e8c-ecbe-9a9f-9e3ee1e33528@ericsson.com>
Date: Wed, 16 Jan 2019 00:25:30 +0100
Message-ID: <074001d4ad29$9b24eda0$d16ec8e0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: de
Thread-index: AQFs7PeVk3qFTDFxKJbfcw4P+czNoaaAUW6Q
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/eBdpT5LxLIAEslbU-aY5Sxw4tBo>
Subject: Re: [Hipsec] Status of draft-ietf-hip-dex
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2019 23:25:36 -0000

Hi Gonzalo, Bob, all,

sorry for being unresponsive. 

I have been working extensively on the draft in the past since becoming
co-editor of draft-moskowitz-hip-dex-01 back in March 2014, but I have not
been following HIP-related emails lately in accordance with Bob. I also want
to take this opportunity to note that I will not have any significant amount
of time for contributions in the future.

That said, I still would like to briefly explain the high-level rationale
behind our choice of cryptographic primitives for HIP DEX, which are Eric's
key points as I see it:
In 2014 and beyond, many (Industrial) IoT devices often did not offer
communication security or relied on fixed symmetric keys, potentially
resulting in overuse of these keys. This was - and to my understanding still
is - a direct result of the relatively high cost (ROM, RAM, CPU cycles,
network usage) of public key cryptography on many microcontroller-based
embedded devices.

Taking HIP BEX as a starting point, the idea therefore was to reduce the
overhead of the cryptographic primitives by omitting public-key signatures
and hash functions as the main overhead drivers regarding the above cost
factors. That also meant losing some cryptographic properties such as PFS
and SIGMA-compliance, many of which are taken for granted for traditional
Internet security.

This is the trade-off that we were willing to accept for HIP DEX in order to
improve on deployed state of the art and our approach is to be very open
about these trade-offs. This is why we added text to that direction right to
the start of the document
(https://tools.ietf.org/html/draft-ietf-hip-dex-06#section-1).

I suggest for the WG to decide whether this rationale and these trade-offs
are still valid and acceptable in 2019 and to proceed accordingly.

@Bob: Please comment if your view differs.

Regards,
René


-----Original Message-----
From: Hipsec <hipsec-bounces@ietf.org> On Behalf Of Gonzalo Camarillo
Sent: Dienstag, 15. Januar 2019 15:28
To: HIP <hipsec@ietf.org>
Subject: [Hipsec] Status of draft-ietf-hip-dex

Hi,

I want to give the group a status update on the HIP DEX draft. Terry, our
AD, had to remove it from the agenda of the telechat where it was going to
be discussed (in May) because of security-related concerns about the draft
(from the Security ADs). We have been periodically pinging Rene and Bob
(authors of the draft) since then (9 months!), but we have not been able to
get any response from them... note that we had added Rene as a coauthor of
this draft because Bob's lack of cycles.

Terry would like to get this done by the end of February. Any proposals on
how to proceed?

Cheers,

Gonzalo

_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec