IETF Logo Mail Archive

Re: [Hipsec] Proposed new list for HIP_TRANSFORM

Robert Moskowitz <rgm@htt-consult.com> Thu, 07 January 2010 02:22 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BCA9A3A67B6 for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 18:22:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E3PgvdJY-0BC for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 18:22:48 -0800 (PST)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 6B9BB3A657C for <hipsec@ietf.org>; Wed, 6 Jan 2010 18:22:48 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 3E98B68B23; Thu, 7 Jan 2010 03:20:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFyJ4Hkb2BMc; Wed, 6 Jan 2010 22:20:18 -0500 (EST)
Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 1CD1A68B21; Wed, 6 Jan 2010 22:20:18 -0500 (EST)
Message-ID: <4B454568.3090304@htt-consult.com>
Date: Wed, 06 Jan 2010 21:22:32 -0500
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Thunderbird/3.0
MIME-Version: 1.0
To: Paul Lambert <paul@marvell.com>
References: <4B440CA5.3010209@htt-consult.com> <4B44C35E.8090200@hiit.fi> <4B44CA15.2070905@htt-consult.com> <4B44D016.7050102@hiit.fi> <4B44D414.4080501@htt-consult.com> <4B450297.1070708@hiit.fi> <4B4505A8.4010009@htt-consult.com> <4B45061D.8000201@hiit.fi> <4B450F18.3020103@htt-consult.com> <7BAC95F5A7E67643AAFB2C31BEE662D013CA5A4AA5@SC-VEXCH2.marvell.com>
In-Reply-To: <7BAC95F5A7E67643AAFB2C31BEE662D013CA5A4AA5@SC-VEXCH2.marvell.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] Proposed new list for HIP_TRANSFORM
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2010 02:22:49 -0000

On 01/06/2010 08:37 PM, Paul Lambert wrote:
>
>    
>> -----Original Message-----
>> From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On Behalf
>> Of Robert Moskowitz
>> Sent: Wednesday, January 06, 2010 2:31 PM
>> To: miika.komu@hiit.fi
>> Cc: HIP
>> Subject: Re: [Hipsec] Proposed new list for HIP_TRANSFORM
>>
>> On 01/06/2010 04:52 PM, Miika Komu wrote:
>>      
>>> Robert Moskowitz wrote:
>>>
>>> Hi,
>>>
>>>        
>>>> On 01/06/2010 04:37 PM, Miika Komu wrote:
>>>>          
>>>>> Robert Moskowitz wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>>            
>>>>>> On 01/06/2010 01:01 PM, Miika Komu wrote:
>>>>>>              
>>>>>>> Robert Moskowitz wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>                
>>>>>>>> On 01/06/2010 12:07 PM, Miika Komu wrote:
>>>>>>>>                  
>>>>>>>>> Robert Moskowitz wrote:
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>>                    
>>>>>>>>>> Proposed new list for HIP_TRANSFORM:
>>>>>>>>>>
>>>>>>>>>>           Suite ID                          Value
>>>>>>>>>>
>>>>>>>>>>           RESERVED                          0
>>>>>>>>>>           AES-CBC with HMAC-SHA1            1     ([RFC3602],
>>>>>>>>>> [RFC2404])
>>>>>>>>>>           3DES-CBC with HMAC-SHA1           2     ([RFC2451],
>>>>>>>>>> [RFC2404])
>>>>>>>>>>           DEPRECATED                        3
>>>>>>>>>>           BLOWFISH-CBC with HMAC-SHA1       4     ([RFC2451],
>>>>>>>>>> [RFC2404])
>>>>>>>>>>           NULL-ENCRYPT with HMAC-SHA1       5     ([RFC2410],
>>>>>>>>>> [RFC2404])
>>>>>>>>>>           DEPRECATED                        6
>>>>>>>>>>           NULL-ENCRYPT with HMAC-SHA2       7     ([RFC2410],
>>>>>>>>>> [RFC4868])
>>>>>>>>>>           AES-CBC with HMAC-SHA2            8     ([RFC3602],
>>>>>>>>>> [RFC4868])
>>>>>>>>>>           AES-CCM-8                         9     [RFC4309]
>>>>>>>>>>           AES-CCM-12                        10    [RFC4309]
>>>>>>>>>>           AES-CCM-16                        11    [RFC4309]
>>>>>>>>>>           AES-GCM with a 8 octet ICV        12    [RFC4106]
>>>>>>>>>>           AES-GCM with a 12 octet ICV       13    [RFC4106]
>>>>>>>>>>           AES-GCM with a 16 octet ICV       14    [RFC4106]
>>>>>>>>>>                      
>>>>>>>>> seems fine with me. Should the "natural" key size be reflected
>>>>>>>>> in some of the algorithms descriptions?
>>>>>>>>>                    
>>>>>>>> I am not sure what you are alluding to here.  Key sizes for
>>>>>>>> AES-based transforms start at 128 and go up.  If you are asking
>>>>>>>> about those 8/12/16 sizes in CCM and GCM, that applies to the
>>>>>>>> auth size.
>>>>>>>>                  
>>>>>>> do we have to negotiate AES key size?
>>>>>>>                
>>>>>> OOPS.  Good catch.  We want to make sure we have Suite B support...
>>>>>>
>>>>>> Trying to dig around, how is it handled elsewhere, an ISAKMP
>>>>>> keysize TLV for IKE and ESP?
>>>>>>
>>>>>> I have some thoughts for a simple way here...
>>>>>>              
>>>>> either we fix the key size in the suite id or we negotiate it as
>>>>> max(key-size-in-r1, key-size-in-i2).
>>>>>            
>>>> So we either add a KEYSIZE parameter or change the HIP_TRANSFORM
>>>> parameter to include a key size.  Any why the max of the two?  Rather
>>>> the max in common.  Say R1 has 128, 192, 256 and I2 has 128 and 192.
>>>> Thus the agreed keysize is 192, not 256.
>>>>          
>>> it could be also "initiator chooses".
>>>        
>> that makes the R1 key sizes being the offer, and I2 being the
>> selection.  I don't have a problem with that.
>>
>> Now is there any changes to any of the transforms based on the keysize?
>> I hope not!
>>      
>
> The encryption key size should be part of the transform name .....
>    

Can you please expand on this?  Why is it better to have a different 
transform for each allowed key size?

> Also ... why so many algorithms?

So that someone with more knowledge about the various algorithms can 
pipe up and advise us!

Also depending on underlying MACsec, one algorithm might be perferred 
over another.  CCM is in 802.11, 15, and 16.  GCM is in 802.1AE for 
802.3 usage.  A device with a particular MAC may perfer that algorithm.

>    Choices for similar algorithms are not necessary a good idea.  GCm is a little tricky and the max instantiations vary based on the ICV size ...
>    

So only devices that have it already for the MAC might be using it?  I 
would like to see only one CCM and one GCM, but I don't know what has 
actually been fielded for say 15.4 or .3ah.

I went for a more 'complete' list for starters.

v2.23.0 | Report a Bug | By Email