Re: [Hipsec] Proposed cipers for 5201-bis
Robert Moskowitz <rgm@htt-consult.com> Sun, 18 April 2010 04:35 UTC
Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8C9793A6AB7 for <hipsec@core3.amsl.com>; Sat, 17 Apr 2010 21:35:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.162
X-Spam-Level:
X-Spam-Status: No, score=-1.162 tagged_above=-999 required=5 tests=[AWL=-0.052, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BNjprFT0jxBh for <hipsec@core3.amsl.com>; Sat, 17 Apr 2010 21:35:20 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id DEA8B3A63EC for <hipsec@ietf.org>; Sat, 17 Apr 2010 21:35:19 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 75EBC68D72; Sun, 18 Apr 2010 04:29:35 +0000 (UTC)
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1JOPecry-a-o; Sun, 18 Apr 2010 00:29:25 -0400 (EDT)
Received: from nc2400.htt-consult.com (h155.home.htt [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 95D3468BA1; Sun, 18 Apr 2010 00:29:25 -0400 (EDT)
Message-ID: <4BCA8BF0.9060001@htt-consult.com>
Date: Sun, 18 Apr 2010 00:34:56 -0400
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100330 Fedora/3.0.4-1.fc12 Thunderbird/3.0.4
MIME-Version: 1.0
To: Samu Varjonen <samu.varjonen@hiit.fi>
References: <4BC879B6.5060305@htt-consult.com> <4BC8DDF3.3090304@hiit.fi>
In-Reply-To: <4BC8DDF3.3090304@hiit.fi>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] Proposed cipers for 5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Apr 2010 04:35:21 -0000
On 04/16/2010 06:00 PM, Samu Varjonen wrote: > 16.4.2010 17:52, Robert Moskowitz kirjoitti: >> I have worked through a number of documents and have come up with the >> following recommendations that will go into 5201-bis. I am posting them >> separately here so others can think about them without having to wade >> through the changes we are making to 5201. >> >> First and foremost we are adding EC support. EC MAY be used for 128bit >> strenght crypto and MUST be used for 192 and 256bit crypto. This means >> that I am dropping many of the larger DH mod sizes. Also with the advent >> of fECC, I can drop some of the early ECC curves. fECC gives us the >> tools to work with well researched stuff. For now we are adding the >> larger SHA sizes and will await results of the NIST hash competition. >> >> Anyway, here we go... >> >> HOST_ID >> >> Algorithms Values >> >> RESERVED 0 >> DSA 3 [RFC2536] (RECOMMENDED) >> RSA 5 [RFC3110] (REQUIRED) >> ECDSA 6 [draft-?????.txt] >> >> Is there a doc for ECDSA in DNS records? Note that I dropped RSA/SHA1 >> for just RSA, as that is what we are really doing. >> > > There was one draft > (http://tools.ietf.org/html/draft-ietf-dnsext-ecc-key-10) years ago > that has now expired. Have not found any newer one. I will ask Donald about this. Thanks. > >> >> DIFFIE_HELLMAN >> >> Group Value >> >> Reserved 0 >> DEPRECATED 1 >> DEPRECATED 2 >> DEPRECATED 3 >> 3072-bit MODP group 4 RFC3526 >> DEPRECATED 5 >> DEPRECATED 6 >> 256-bit random ECP group 7 RFC4753, draft-mcgrew-fundamental-ecc-02.txt >> 384-bit random ECP group 8 RFC4753, draft-mcgrew-fundamental-ecc-02.txt >> 521-bit random ECP group 9 RFC4753, draft-mcgrew-fundamental-ecc-02.txt >> >> >> Note all that is getting deprecated. Speak up if you have reasons to NOT >> drop what I did... >> >> HASH >> >> Hash Value >> >> Reserved 0 >> SHA-1 1 >> SHA-256 2 >> SHA-384 3 >> SHA-512 4 >> >> Nothing special here. >> >> >> HIP_TRANSFORM >> >> Suite ID Value >> >> RESERVED 0 >> AES-128-CBC with HMAC-SHA1 1 ([RFC3602], [RFC2404]) >> 3DES-CBC with HMAC-SHA1 2 ([RFC2451], [RFC2404]) >> DEPRECATED 3 >> DEPRECATED 4 >> NULL-ENCRYPT with HMAC-SHA1 5 ([RFC2410], [RFC2404]) >> DEPRECATED 6 >> NULL-ENCRYPT with HMAC-SHA2 7 ([RFC2410], [RFC4868]) >> AES-128-CBC with HMAC-SHA2 8 ([RFC3602], [RFC4868]) >> AES-256-CBC with HMAC-SHA2 9 ([RFC3602], [RFC4868]) >> AES-CCM-8 9 [RFC4309] >> AES-CCM-16 10 [RFC4309] >> AES-GCM with a 8 octet ICV 11 [RFC4106] >> AES-GCM with a 16 octet ICV 12 [RFC4106] >> >> Again, note what is being deprecated. I believe I am adding only that >> which is of value. >> >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec >
- [Hipsec] Proposed cipers for 5201-bis Robert Moskowitz
- Re: [Hipsec] Proposed cipers for 5201-bis Samu Varjonen
- [Hipsec] Proposed cipers for 5201-bis Robert Moskowitz
- Re: [Hipsec] Proposed cipers for 5201-bis Robert Moskowitz
- Re: [Hipsec] Proposed cipers for 5201-bis Robert Moskowitz