IETF Logo Mail Archive

Re: [Hipsec] Manditory to implement Host ID Lengths

Robert Moskowitz <rgm@htt-consult.com> Tue, 27 April 2010 17:33 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D57E33A6A61 for <hipsec@core3.amsl.com>; Tue, 27 Apr 2010 10:33:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[AWL=0.603, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id POiNpDpLw5xX for <hipsec@core3.amsl.com>; Tue, 27 Apr 2010 10:33:27 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id E46263A6A89 for <hipsec@ietf.org>; Tue, 27 Apr 2010 10:33:13 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 9E11D68B25; Tue, 27 Apr 2010 17:27:03 +0000 (UTC)
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdH0IyyXU91a; Tue, 27 Apr 2010 13:26:53 -0400 (EDT)
Received: from nc2400.htt-consult.com (h155.home.htt [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 2B50A68A94; Tue, 27 Apr 2010 13:26:53 -0400 (EDT)
Message-ID: <4BD71FC1.1000506@htt-consult.com>
Date: Tue, 27 Apr 2010 13:32:49 -0400
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100330 Fedora/3.0.4-1.fc12 Thunderbird/3.0.4
MIME-Version: 1.0
To: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
References: <4BD1E4EC.6000706@htt-consult.com> <4BD20A20.7020402@htt-consult.com> <FD98F9C3CBABA74E89B5D4B5DE0263B9379491074D@XCH-NW-12V.nw.nos.boeing.com>
In-Reply-To: <FD98F9C3CBABA74E89B5D4B5DE0263B9379491074D@XCH-NW-12V.nw.nos.boeing.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "hipsec@ietf.org" <hipsec@ietf.org>
Subject: Re: [Hipsec] Manditory to implement Host ID Lengths
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 17:33:28 -0000

On 04/27/2010 01:07 PM, Ahrenholz, Jeffrey M wrote:
>    
>>> Some help here, please, so I can finish up another loose
>>>        
>> end in 5201-bis.
>>
>> Here are some proposed cipher suites. Using RFCs 4308 and 4869 as
>> guidelines...
>>
>> HIP BEX Cipher suites:
>>
>> Suite Host_ID Diffie_Hellman Hash Recommended HIP-Transform
>>
>> 1 ECDSA-160 ECDH-160 SHA1 AES-128-CBC with HMAC-SHA1 or 3DES-CBC with
>> HMAC-SHA1
>> 2 RSA 1024 DH-1536 SHA1 AES-128-CBC with HMAC-SHA1 or 3DES-CBC with
>> HMAC-SHA1
>> 3 RSA-2048 DH-3072 SHA-256 AES-128-CBC with HMAC-SHA2 or AES-CCM-8
>> 4 ECDSA-256 ECDH-256 SHA-256 AES-256-CBC with HMAC-SHA2 or
>> AES-CCM-16 or
>> AES-GCM with a 16 octet ICV
>> 5 ECDSA-384 ECDH-384 SHA-384 AES-256-CBC with HMAC-SHA2 or
>> AES-CCM-16 or
>> AES-GCM with a 16 octet ICV
>>
>> 3 is Manditory. 1&  4 are recommended (1 for servers supporting weak
>> clients)? 5 is for Suite-B.
>>      
> These suites seem OK to me. Hopefully the above are well supported by OpenSSL or other libraries. We've been using 2 as the default with HIPv1 (RSA 1024 / DH-1536).
>
> It should be noted, with HIPv1 and an MTU size of 1500, that using large keys of RSA 4096 + DH-1536 will cause a 1458 byte I2 packet (proto 139 without UDP), and using RSA 4096 + DH-3072 causes fragmentation of the I2. That leads to problems (bugs?) at least with our OpenHIP implementation.
>    

p-384 gives you a greater strength at a smaller size with a much lower 
CPU cost.  For example see:

http://www.nsa.gov/business/programs/elliptic_curve.shtml

Yet another reason to move to EC.

Per Dave McGrew back on /4/9:

"so far, nobody has published software that specifically targets this 
draft.   The openssl implementation of ECC could be used as something 
interoperable (though it implements a lot more than just the fECC subset 
of ECC)."

We do need to get the OpenSSL authors looking at this draft....

v2.29.0 | Report a Bug | By Email | System Status