Re: [Hipsec] Proposed new list for HIP

Re: [Hipsec] Proposed new list for HIP_TRANSFORM

Miika Komu <miika.komu@hiit.fi> Wed, 06 January 2010 21:37 UTC

Message-ID: <4B450297.1070708@hiit.fi>
Date: Wed, 06 Jan 2010 22:37:27 +0100
From: Miika Komu <miika.komu@hiit.fi>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Robert Moskowitz <rgm@htt-consult.com>
References: <4B440CA5.3010209@htt-consult.com> <4B44C35E.8090200@hiit.fi> <4B44CA15.2070905@htt-consult.com> <4B44D016.7050102@hiit.fi> <4B44D414.4080501@htt-consult.com>
In-Reply-To: <4B44D414.4080501@htt-consult.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] Proposed new list for HIP_TRANSFORM
Precedence: list
Reply-To: miika.komu@hiit.fi

Robert Moskowitz wrote:

Hi,

> On 01/06/2010 01:01 PM, Miika Komu wrote:
>> Robert Moskowitz wrote:
>>
>> Hi,
>>
>>> On 01/06/2010 12:07 PM, Miika Komu wrote:
>>>> Robert Moskowitz wrote:
>>>>
>>>> Hi,
>>>>
>>>>> Proposed new list for HIP_TRANSFORM:
>>>>>
>>>>>          Suite ID                          Value
>>>>>
>>>>>          RESERVED                          0
>>>>>          AES-CBC with HMAC-SHA1            1     ([RFC3602], 
>>>>> [RFC2404])
>>>>>          3DES-CBC with HMAC-SHA1           2     ([RFC2451], 
>>>>> [RFC2404])
>>>>>          DEPRECATED                        3
>>>>>          BLOWFISH-CBC with HMAC-SHA1       4     ([RFC2451], 
>>>>> [RFC2404])
>>>>>          NULL-ENCRYPT with HMAC-SHA1       5     ([RFC2410], 
>>>>> [RFC2404])
>>>>>          DEPRECATED                        6
>>>>>          NULL-ENCRYPT with HMAC-SHA2       7     ([RFC2410], 
>>>>> [RFC4868])
>>>>>          AES-CBC with HMAC-SHA2            8     ([RFC3602], 
>>>>> [RFC4868])
>>>>>          AES-CCM-8                         9     [RFC4309]
>>>>>          AES-CCM-12                        10    [RFC4309]
>>>>>          AES-CCM-16                        11    [RFC4309]
>>>>>          AES-GCM with a 8 octet ICV        12    [RFC4106]
>>>>>          AES-GCM with a 12 octet ICV       13    [RFC4106]
>>>>>          AES-GCM with a 16 octet ICV       14    [RFC4106]
>>>>
>>>> seems fine with me. Should the "natural" key size be reflected in 
>>>> some of the algorithms descriptions?
>>>
>>> I am not sure what you are alluding to here.  Key sizes for AES-based 
>>> transforms start at 128 and go up.  If you are asking about those 
>>> 8/12/16 sizes in CCM and GCM, that applies to the auth size.
>>
>> do we have to negotiate AES key size?
> 
> OOPS.  Good catch.  We want to make sure we have Suite B support...
> 
> Trying to dig around, how is it handled elsewhere, an ISAKMP keysize TLV 
> for IKE and ESP?
> 
> I have some thoughts for a simple way here...

either we fix the key size in the suite id or we negotiate it as 
max(key-size-in-r1, key-size-in-i2).

[Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Miika Komu
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Paul Lambert
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Andrew McGregor
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Robert Moskowitz
Re: [Hipsec] Proposed new list for HIP_TRANSFORM Tobias Heer
[Hipsec] Fwd: Proposed new list for HIP_TRANSFORM Tobias Heer