[Hipsec] clarification on HIT Suite IDs

Tom Henderson <tomh@tomh.org> Mon, 22 September 2014 20:27 UTC

Return-Path: <tomh@tomh.org>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66AAF1A1B2E for <hipsec@ietfa.amsl.com>; Mon, 22 Sep 2014 13:27:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.267
X-Spam-Level:
X-Spam-Status: No, score=-0.267 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QICTDjSHv-64 for <hipsec@ietfa.amsl.com>; Mon, 22 Sep 2014 13:27:55 -0700 (PDT)
Received: from gproxy2-pub.mail.unifiedlayer.com (gproxy2-pub.mail.unifiedlayer.com [69.89.18.3]) by ietfa.amsl.com (Postfix) with SMTP id F021D1A1B83 for <hipsec@ietf.org>; Mon, 22 Sep 2014 13:27:51 -0700 (PDT)
Received: (qmail 7706 invoked by uid 0); 22 Sep 2014 20:27:51 -0000
Received: from unknown (HELO cmgw4) (10.0.90.85) by gproxy2.mail.unifiedlayer.com with SMTP; 22 Sep 2014 20:27:51 -0000
Received: from box528.bluehost.com ([74.220.219.128]) by cmgw4 with id uSTl1o0012molgS01SToGg; Mon, 22 Sep 2014 20:27:50 -0600
X-Authority-Analysis: v=2.1 cv=fdw+lSgF c=1 sm=1 tr=0 a=K/474su/0lCI2gKrDs9DLw==:117 a=K/474su/0lCI2gKrDs9DLw==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ZSdzdHkL1-cA:10 a=WXgBucgFJTYA:10 a=Ntlban6-KP8A:10 a=q7J0aIbBmN8A:10 a=8nJEP1OIZ-IA:10 a=HYWc1YUsAAAA:8 a=IA_2sfgTpx8A:10 a=rREcAdlOb-AA:10 a=48vgC7mUAAAA:8 a=dHDs3F7aARvFJjAXlUUA:9 a=wPNLvfGTeEIA:10
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tomh.org; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=Z79KcFI9xtpvkPyNg5hi3q2VvDmeD3vtM2ystNoBpiU=; b=HCsL6qEn7E+dXklZW7YFLVpELPiK+pGBzSTO65LdbN8FsK/1ObZAsF4bkGEPZSTovf8V5Fgd9LaU30OkGeOzbunuuSkduCz3rKeQUulrKJD0y+64StH0XNHdeCjDzqEQ;
Received: from [71.231.123.189] (port=59503 helo=[192.168.168.42]) by box528.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <tomh@tomh.org>) id 1XWAD3-0006AC-Kt; Mon, 22 Sep 2014 14:27:45 -0600
Message-ID: <5420863E.1060608@tomh.org>
Date: Mon, 22 Sep 2014 13:27:42 -0700
From: Tom Henderson <tomh@tomh.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: HIP <hipsec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {3122:box528.bluehost.com:tomhorg:tomh.org} {sentby:smtp auth 71.231.123.189 authed with tomh@tomh.org}
Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/lwtFyokd1PR7YYdsIfAHJ-STga8
Cc: julien.ietf@gmail.com, fdupont@isc.org
Subject: [Hipsec] clarification on HIT Suite IDs
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Sep 2014 20:27:56 -0000

In the course of performing recent draft revisions, I had some 
additional questions about the HIT Suite IDs.

http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-19#section-5.2.10

Briefly, RFC 7343 specifies that ORCHIDs consist of the special prefix, 
a 4-bit Orchid Generation Algorithm (OGA), and a 96-bit hash.  RFC 7343 
does not ask IANA to set up a registry for OGA values.  The RFC states 
"... the value of the OGA identifier according to the
    document defining the context usage identified by the Context ID." 
My read of this is that the assignment of OGA identifiers is delegated 
to the documents defining the context usage identified by the Context 
ID; in this case, it would be RFC5201-bis.

The HIT Suite ID in RFC5201-bis is used as the OGA ID in HIP.  The IANA 
considerations section states this, although someone looking explicitly 
for assigned OGA values may have to dig for it.

The reason that the HIT Suite ID is not named the 'OGA ID' in HIP is due 
to the potential growth capability that is defined in section 5.2.10. 
Specifically, the zero value for HIT Suite ID is reserved, to allow for 
growth of the field should the four-bit field be exhausted.  So it 
technically is an 8-bit value, and the 4 higher-order bits are used to 
form the OGA (for now).

Basically, the draft is saying that if HIT Suite ID is zero, then this 
ORCHID encoding:

  ORCHID     :=  Prefix | OGA ID | Encode_96( Hash )

becomes instead:

  ORCHID     :=  Prefix | HIT Suite ID | Encode_92( Hash )

and the bits immediately after the Prefix are used also to identify the 
length of this OGA ID.  It seems to me that this could either be 
clarified further in the draft, or simplified.

For clarification, it might be a good idea to add some text that says 
more explicitly that the OGA ID is formed by taking the four high-order 
bits of the ID found in the HIT_SUITE_LIST, and by making the table read 
something like:


         HIT Suite           4-bit truncated value      8-bit ID
         RESERVED                0                            0
         RSA,DSA/SHA-256         1    (REQUIRED)          65536
         ECDSA/SHA-384           2    (RECOMMENDED)      131072
         ECDSA_LOW/SHA-1         3    (RECOMMENDED)      262144

However, I wonder whether the better choice would be to simplify the 
current encodings and make it a right-aligned field, keep the value 0 as 
reserved, and leave future growth to future updates.  The same kind of 
growth could be accommodated if the (future) extended OGA ID were 
encoded with the nibbles swapped.

Thoughts?

- Tom