Re: [Hipsec] Conflicting text in RFC5201 - RFC5201-bis
Ari Keranen <ari.keranen@nomadiclab.com> Wed, 09 June 2010 05:38 UTC
Return-Path: <ari.keranen@nomadiclab.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5BB6428B23E for <hipsec@core3.amsl.com>; Tue, 8 Jun 2010 22:38:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t1b5GbpTjb1k for <hipsec@core3.amsl.com>; Tue, 8 Jun 2010 22:38:25 -0700 (PDT)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id E25123A68DA for <hipsec@ietf.org>; Tue, 8 Jun 2010 22:38:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 1862A4E6D1; Wed, 9 Jun 2010 08:38:25 +0300 (EEST)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mBGntSyb0iRI; Wed, 9 Jun 2010 08:38:24 +0300 (EEST)
Received: from [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1] (unknown [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1]) by gw.nomadiclab.com (Postfix) with ESMTP id 3E7874E6C1; Wed, 9 Jun 2010 08:38:24 +0300 (EEST)
Message-ID: <4C0F28D0.1080002@nomadiclab.com>
Date: Wed, 09 Jun 2010 08:38:24 +0300
From: Ari Keranen <ari.keranen@nomadiclab.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Tobias Heer <heer@cs.rwth-aachen.de>
References: <AB42DFE2-0673-41DE-A40D-7D727D4A6BF3@cs.rwth-aachen.de>
In-Reply-To: <AB42DFE2-0673-41DE-A40D-7D727D4A6BF3@cs.rwth-aachen.de>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HIP WG <hipsec@ietf.org>
Subject: Re: [Hipsec] Conflicting text in RFC5201 - RFC5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2010 05:38:26 -0000
Hi,
On 05/26/2010 01:37 PM, Tobias Heer wrote:
> I have a question regarding some text in RFC5201 that conflicts with
> the crypto agility that we envisioned. The new BEX will have to
> start the negotiations of the DH groups already in I1 to allow the
> Responder to pick a sensible DH group (there are simple
> countermeasures against downgrade attacks, too, so don't worry).
> Therefore, the I1 becomes slightly more important than it was
> (although it stays unsigned and cheap).
>
>
> In Section 4.1 RFC5201 states:
>
> ... 705 The Initiator first sends a trigger packet, I1, to
> the 706 Responder. The packet contains the HIT of the
> Initiator 707 and possibly the HIT of the Responder, if it
> is known. 708 Moreover, it contains a list of Diffie Hellman
> Group IDs 709 supported by the Initiator. Note 710
> that in some cases it may be possible to replace this trigger 711
> packet by some other form of a trigger, in which case the 712
> protocol starts with the Responder sending the R1 packet. ...
>
> With the DH group negotiations already starting in I1 it becomes
> difficult to omit the I1 (you can do it but you lose DH crypto
> agility). Moreover, I doubt that omitting the I1 works well even
> without considering the DH group negotiations because some of the
> measures to keep the Responder stateless until I2 rely on having
> information from the I1 (IP address or HIT) for the puzzle/ opaque
> data field.
>
>
> My questions are: Is anyone using or does anyone intent to use this
> omission of the I1? Is there any specification on how to do it (at
> least this is the only place in 5201 where it is mentioned). Do we
> need this feature because there are cases where you cannot send an
> I1? And finally: can we live without that note?
In HIP BONE we have thought about using this feature for DoS protection
(and perhaps also for making the BeX via overlay faster):
3.3.1. DoS Protection
[...]
In an overlay scenario, there are multiple ways how this mechanism
can be utilized within the overlay. One possibility is to cache the
pre-generated R1 packets within the overlay and let the overlay
directly respond with R1s to I1s. In that way the responder is not
bothered at all until the initiator sends an I2 packet, with the
puzzle solution. Furthermore, a more sophisticated overlay could
verify that an I2 packet has a correctly solved puzzle before
forwarding the packet to the responder.
I think this is a useful feature, but since it's more of an optimization
than something we rely on, if needed, we should be able to live without
it too.
Cheers,
Ari
- [Hipsec] Conflicting text in RFC5201 - RFC5201-bis Tobias Heer
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Samu Varjonen
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… René Hummen
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Tobias Heer
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Ari Keranen
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Tobias Heer
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Ari Keranen
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Tobias Heer