IETF Logo Mail Archive

Re: [Hipsec] Proposed new list for HIP_TRANSFORM

Tobias Heer <heer@cs.rwth-aachen.de> Thu, 07 January 2010 15:04 UTC

Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A1F93A67F3 for <hipsec@core3.amsl.com>; Thu, 7 Jan 2010 07:04:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id exIkpJRQLbsZ for <hipsec@core3.amsl.com>; Thu, 7 Jan 2010 07:04:11 -0800 (PST)
Received: from mta-2.ms.rz.rwth-aachen.de (mta-2.ms.rz.RWTH-Aachen.DE [134.130.7.73]) by core3.amsl.com (Postfix) with ESMTP id 326683A67B0 for <hipsec@ietf.org>; Thu, 7 Jan 2010 07:04:10 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-2.rz.rwth-aachen.de ([134.130.5.41]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0KVV005MTTUW8R80@mta-2.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Thu, 07 Jan 2010 16:04:08 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.49,235,1262559600"; d="scan'208";a="21637686"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-2.rz.rwth-aachen.de with ESMTP; Thu, 07 Jan 2010 16:04:08 +0100
Received: from umic-137-226-154-185.nn.rwth-aachen.de ([unknown] [137.226.154.185]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0KVV00CF5TUWXV50@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Thu, 07 Jan 2010 16:04:08 +0100 (CET)
From: Tobias Heer <heer@cs.rwth-aachen.de>
In-reply-to: <4B45DAC9.1090303@htt-consult.com>
Date: Thu, 07 Jan 2010 16:04:06 +0100
Message-id: <5460FD61-6C49-4211-8760-1AD3C5A6DC7F@cs.rwth-aachen.de>
References: <4B440CA5.3010209@htt-consult.com> <4B44C35E.8090200@hiit.fi> <4B44CA15.2070905@htt-consult.com> <4B44D016.7050102@hiit.fi> <CE2F5651-0202-4D6F-B357-CFD49ABF0815@indranet.co.nz> <7DD22BB2-22FE-4EF9-B6BD-9BD2ED3333CB@cs.rwth-aachen.de> <4B45DAC9.1090303@htt-consult.com>
To: Robert Moskowitz <rgm@htt-consult.com>
X-Mailer: Apple Mail (2.1077)
Cc: hip WG <hipsec@ietf.org>
Subject: Re: [Hipsec] Proposed new list for HIP_TRANSFORM
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2010 15:04:12 -0000

Am 07.01.2010 um 13:59 schrieb Robert Moskowitz:

> On 01/07/2010 06:58 AM, Tobias Heer wrote:
>> Am 07.01.2010 um 04:22 schrieb Andrew McGregor:
>> 
>>   
>>> On 07/01/2010, at 7:01 AM, Miika Komu wrote:
>>> 
>>>     
>>>> Robert Moskowitz wrote:
>>>> 
>>>> Hi,
>>>> 
>>>>       
>>>>> On 01/06/2010 12:07 PM, Miika Komu wrote:
>>>>>         
>>>>>> Robert Moskowitz wrote:
>>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>>           
>>>>>>> Proposed new list for HIP_TRANSFORM:
>>>>>>> 
>>>>>>>        Suite ID                          Value
>>>>>>> 
>>>>>>>        RESERVED                          0
>>>>>>> 
>>>>>>>             
>> ...
>> 
>>   
>>>>>>>        AES-GCM with a 16 octet ICV       14    [RFC4106]
>>>>>>>             
>>>>>> seems fine with me. Should the "natural" key size be reflected in some of the algorithms descriptions?
>>>>>>           
>>>>> I am not sure what you are alluding to here.  Key sizes for AES-based transforms start at 128 and go up.  If you are asking about those 8/12/16 sizes in CCM and GCM, that applies to the auth size.
>>>>>         
>>>> do we have to negotiate AES key size?
>>>>       
>>> No!  We need more suite IDs for the key sizes we're going to use.
>>> 
>>> The whole point of using suites in the first place was, once you have the suite you know everything you need to know about the crypto setup... you can literally just use the suite-id as an index into a table of all the numbers.
>>> 
>>>     
>> I agree. I think we should also tie the MAC Algorithm for the HIP control packets to the transform to avoid a separate negotiation. Or can you imagine a case in which the ESP MAC algorithm and the HIP control channel MAC algorithm should differ?
> 
> The HIP control packet MAC algorithm is still HMAC, and it will use the HIH as the underlying hash.  There are HIP_TRANSFORMS that do not have a separate MAC, like CCM.
> 

Is it really wise to use the HIH instead of the ESP transform to determine the HIP control packet HMAC hash algorithm? In my opinion, the MAC algorithm from the ESP transform has more in common with the control packet HMAC than the HIH. The HIH is for generating an identity tag and the two other MACs are for integrity protection of packets. Of course, both algorithms need to be supported by both hosts but I can imagine that hosts might want to use stronger and more costly hash functions for generating their identity than they would use for integrity protection. In this regard, the security requirements for control channel hash algorithm are more similar to the ESP HMAC.

Tobias



--  

Dipl.-Inform. Tobias Heer, Ph.D. Student
Distributed Systems Group 
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer

v2.23.0 | Report a Bug | By Email