IETF Logo Mail Archive

Re: [Hipsec] WGLC: draft-ietf-hip-reload-instance-00

Ari Keranen <ari.keranen@nomadiclab.com> Fri, 26 February 2010 06:57 UTC

Return-Path: <ari.keranen@nomadiclab.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5DE3928C518 for <hipsec@core3.amsl.com>; Thu, 25 Feb 2010 22:57:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rM6rlhMRqZTL for <hipsec@core3.amsl.com>; Thu, 25 Feb 2010 22:57:25 -0800 (PST)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 1F28628C517 for <hipsec@ietf.org>; Thu, 25 Feb 2010 22:57:24 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 802364E6D7; Fri, 26 Feb 2010 08:59:32 +0200 (EET)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3QfBooiuCNh; Fri, 26 Feb 2010 08:59:32 +0200 (EET)
Received: from [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1] (unknown [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1]) by gw.nomadiclab.com (Postfix) with ESMTP id 05C794E6D4; Fri, 26 Feb 2010 08:59:32 +0200 (EET)
Message-ID: <4B877153.10908@nomadiclab.com>
Date: Fri, 26 Feb 2010 08:59:31 +0200
From: Ari Keranen <ari.keranen@nomadiclab.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
References: <4B5F07F6.7080800@ericsson.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7C0@XCH-NW-10V.nw.nos.boeing.com> <4B83F243.6070208@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7D1@XCH-NW-10V.nw.nos.boeing.com> <4B8689B0.50704@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7FF@XCH-NW-10V.nw.nos.boeing.com>
In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4C1F48A7FF@XCH-NW-10V.nw.nos.boeing.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-reload-instance-00
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2010 06:57:26 -0000

Henderson, Thomas R wrote:
>>> When you say "In the other Peer ID mode, namely "RELOAD",..."
>>> which case do you mean?  Just the self-generated case?  If it is
>>> the centralized case, the Node IDs can't be used as HITs, and
>>> then the Node IDs and the HITs are not related to one another and
>>> need to be bound by some kind of certificate framework.  This is
>>> what I think section 5.6.1.1 of the base draft refers to.  Or am
>>> I misunderstanding something?
>> We mean both cases.  I'm sorry but I don't follow why couldn't the 
>> non-ORCHID Node IDs be used as "HITs" (i.e., in the HIP header, VIA
>>  lists and certificates) in the centralized case?
>> 
> 
> Let's say that the enrollment server allocates the first node the
> Node ID of "0", the second node a Node ID of "1" etc.  Are you
> suggesting that these values are used as HITs?

Yes. Although the enrollment server would not really give IDs like that 
but rather make them cryptographically random, but the point remains the 
same: the IDs in the RELOAD mode are not (necessarily) hashes of public 
keys.

> I raised this issue in another thread yesterday, but it seems to me
> that a central idea in the HIP architecture is that the HIT is the
> hash of the public key of a public/private key pair and that the host
> holds the private key.  I don't believe we've talked before about the
> possibility that the HI and HIT are not related cryptographically.

Yeah, we had a thread on the HIP list about this some half a year ago 
but it died away. I admit that the HIT being a hash of a public key is 
somewhat central idea in HIP, but is it really necessary if you have a 
certificate that can provide the same binding between the non-HIT-ID and 
Host ID?

AFAIK, you only lose the property that for someone else it's really hard 
to generate the same identity, but with an enrollment server that would 
not be a problem thanks to the certificates. Without an enrollment 
server one could fake the ID in the RELOAD mode, but then you can still 
use the ORCHID mode and real HITs or generate IDs as digests (SHA-1 or 
SHA-256) of the public key as the RELOAD draft proposes.


Cheers,
Ari

v2.23.0 | Report a Bug | By Email