[Hipsec] clarification on HIT Suite IDs
Tom Henderson <tomh@tomh.org> Mon, 22 September 2014 20:27 UTC
Return-Path: <tomh@tomh.org>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66AAF1A1B2E for <hipsec@ietfa.amsl.com>; Mon, 22 Sep 2014 13:27:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.267
X-Spam-Level:
X-Spam-Status: No, score=-0.267 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QICTDjSHv-64 for <hipsec@ietfa.amsl.com>; Mon, 22 Sep 2014 13:27:55 -0700 (PDT)
Received: from gproxy2-pub.mail.unifiedlayer.com (gproxy2-pub.mail.unifiedlayer.com [69.89.18.3]) by ietfa.amsl.com (Postfix) with SMTP id F021D1A1B83 for <hipsec@ietf.org>; Mon, 22 Sep 2014 13:27:51 -0700 (PDT)
Received: (qmail 7706 invoked by uid 0); 22 Sep 2014 20:27:51 -0000
Received: from unknown (HELO cmgw4) (10.0.90.85) by gproxy2.mail.unifiedlayer.com with SMTP; 22 Sep 2014 20:27:51 -0000
Received: from box528.bluehost.com ([74.220.219.128]) by cmgw4 with id uSTl1o0012molgS01SToGg; Mon, 22 Sep 2014 20:27:50 -0600
X-Authority-Analysis: v=2.1 cv=fdw+lSgF c=1 sm=1 tr=0 a=K/474su/0lCI2gKrDs9DLw==:117 a=K/474su/0lCI2gKrDs9DLw==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ZSdzdHkL1-cA:10 a=WXgBucgFJTYA:10 a=Ntlban6-KP8A:10 a=q7J0aIbBmN8A:10 a=8nJEP1OIZ-IA:10 a=HYWc1YUsAAAA:8 a=IA_2sfgTpx8A:10 a=rREcAdlOb-AA:10 a=48vgC7mUAAAA:8 a=dHDs3F7aARvFJjAXlUUA:9 a=wPNLvfGTeEIA:10
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tomh.org; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=Z79KcFI9xtpvkPyNg5hi3q2VvDmeD3vtM2ystNoBpiU=; b=HCsL6qEn7E+dXklZW7YFLVpELPiK+pGBzSTO65LdbN8FsK/1ObZAsF4bkGEPZSTovf8V5Fgd9LaU30OkGeOzbunuuSkduCz3rKeQUulrKJD0y+64StH0XNHdeCjDzqEQ;
Received: from [71.231.123.189] (port=59503 helo=[192.168.168.42]) by box528.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <tomh@tomh.org>) id 1XWAD3-0006AC-Kt; Mon, 22 Sep 2014 14:27:45 -0600
Message-ID: <5420863E.1060608@tomh.org>
Date: Mon, 22 Sep 2014 13:27:42 -0700
From: Tom Henderson <tomh@tomh.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: HIP <hipsec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {3122:box528.bluehost.com:tomhorg:tomh.org} {sentby:smtp auth 71.231.123.189 authed with tomh@tomh.org}
Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/lwtFyokd1PR7YYdsIfAHJ-STga8
Cc: julien.ietf@gmail.com, fdupont@isc.org
Subject: [Hipsec] clarification on HIT Suite IDs
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Sep 2014 20:27:56 -0000
In the course of performing recent draft revisions, I had some additional questions about the HIT Suite IDs. http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-19#section-5.2.10 Briefly, RFC 7343 specifies that ORCHIDs consist of the special prefix, a 4-bit Orchid Generation Algorithm (OGA), and a 96-bit hash. RFC 7343 does not ask IANA to set up a registry for OGA values. The RFC states "... the value of the OGA identifier according to the document defining the context usage identified by the Context ID." My read of this is that the assignment of OGA identifiers is delegated to the documents defining the context usage identified by the Context ID; in this case, it would be RFC5201-bis. The HIT Suite ID in RFC5201-bis is used as the OGA ID in HIP. The IANA considerations section states this, although someone looking explicitly for assigned OGA values may have to dig for it. The reason that the HIT Suite ID is not named the 'OGA ID' in HIP is due to the potential growth capability that is defined in section 5.2.10. Specifically, the zero value for HIT Suite ID is reserved, to allow for growth of the field should the four-bit field be exhausted. So it technically is an 8-bit value, and the 4 higher-order bits are used to form the OGA (for now). Basically, the draft is saying that if HIT Suite ID is zero, then this ORCHID encoding: ORCHID := Prefix | OGA ID | Encode_96( Hash ) becomes instead: ORCHID := Prefix | HIT Suite ID | Encode_92( Hash ) and the bits immediately after the Prefix are used also to identify the length of this OGA ID. It seems to me that this could either be clarified further in the draft, or simplified. For clarification, it might be a good idea to add some text that says more explicitly that the OGA ID is formed by taking the four high-order bits of the ID found in the HIT_SUITE_LIST, and by making the table read something like: HIT Suite 4-bit truncated value 8-bit ID RESERVED 0 0 RSA,DSA/SHA-256 1 (REQUIRED) 65536 ECDSA/SHA-384 2 (RECOMMENDED) 131072 ECDSA_LOW/SHA-1 3 (RECOMMENDED) 262144 However, I wonder whether the better choice would be to simplify the current encodings and make it a right-aligned field, keep the value 0 as reserved, and leave future growth to future updates. The same kind of growth could be accommodated if the (future) extended OGA ID were encoded with the nibbles swapped. Thoughts? - Tom
- [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Ted Lemon
- Re: [Hipsec] clarification on HIT Suite IDs Rene Hummen
- Re: [Hipsec] clarification on HIT Suite IDs Gonzalo Camarillo
- Re: [Hipsec] clarification on HIT Suite IDs Rene Hummen
- Re: [Hipsec] clarification on HIT Suite IDs Rene Hummen
- Re: [Hipsec] clarification on HIT Suite IDs Gonzalo Camarillo
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Francis Dupont
- Re: [Hipsec] clarification on HIT Suite IDs Francis Dupont
- [Hipsec] Antwort: Re: clarification on HIT Suite … Tobias.Heer
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Tom Henderson
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Julien Laganier
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Miika Komu
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Tom Henderson
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Rene Hummen
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Tom Henderson
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Rene Hummen