Re: [Hipsec] clarification on HIT Suite IDs
Francis Dupont <fdupont@isc.org> Tue, 23 September 2014 11:27 UTC
Return-Path: <fdupont@isc.org>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29E031A7D83 for <hipsec@ietfa.amsl.com>; Tue, 23 Sep 2014 04:27:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.687
X-Spam-Level:
X-Spam-Status: No, score=-2.687 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BiNVTzJytZjC for <hipsec@ietfa.amsl.com>; Tue, 23 Sep 2014 04:27:51 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BB301A70FE for <hipsec@ietf.org>; Tue, 23 Sep 2014 04:27:51 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 1F4561FCB4F; Tue, 23 Sep 2014 11:27:48 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10295) id EA16C216C3B; Tue, 23 Sep 2014 11:27:46 +0000 (UTC)
From: Francis Dupont <fdupont@isc.org>
To: Tom Henderson <tomh@tomh.org>
In-reply-to: <54210668.4050605@tomh.org>
References: <5420863E.1060608@tomh.org> <20140922212826.5048E216C3B@bikeshed.isc.org> <54210668.4050605@tomh.org>
Comments: In-reply-to Tom Henderson <tomh@tomh.org> message dated "Mon, 22 Sep 2014 22:34:32 -0700."
Date: Tue, 23 Sep 2014 11:27:46 +0000
Message-Id: <20140923112746.EA16C216C3B@bikeshed.isc.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/wrYKJwq9SUT8N21tt4e6RRGYqAY
X-Mailman-Approved-At: Fri, 26 Sep 2014 03:39:20 -0700
Cc: HIP <hipsec@ietf.org>, Francis Dupont <fdupont@isc.org>, julien.ietf@gmail.com
Subject: Re: [Hipsec] clarification on HIT Suite IDs
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Sep 2014 11:27:52 -0000
Tom Henderson writes: > For the time being, the HIT Suite uses only four bits because > these bits have to be carried in the HIT. Using more bits for the > HIT Suite ID reduces the cryptographic strength of the HIT. => yes, there is a long discussion in RFC 7343 about this tradeoff. > which implied to me that the HIT suite ID may in the future consume more > bits presently allocated to hash. => the fact the problem could exist doesn't mean it will exist... > > So there is nothing very clear about what will happen if one will need > > more than 15 HIT Suite-IDs... BTW according to appendix E I should add > > "at the same time" (appendix E proposes to reuse values, making unlikely > > to really need more than 15 values). > > I'm not sure where you are proposing to add the clause; can you point > out the sentence? => one will need more than 15 HIT Suite-IDs -> one will need more than 15 HIT Suite-IDs at the same time > > => no, the current choice makes more sense with the HIT Suite-IDs > > from OGAs. But it is a matter of taste for sure... > > Perhaps we could start by trying to resolve whether the plan should be > to reuse four-bit values if the space is eventually exceeded, or whether > the HIT suite ID may grow in the future (and how that affects the > ORCHID). => clearly the current plan is the first (reuse 4 bit values). The second is just a provision in the case the first fails. > Maybe we do not need to specify the plan in this draft; maybe > we could just avoid the problem for now and just keep value 0 reserved > and state that what to do when the HIT_SUITE_ID space is exhausted is > for further study, with deprecated value reuse and expansion of the HIT > Suite ID being two possibilities. => perhaps it was considered as too optimistic? BTW I have no idea about the future need in new values in the HIT_SUITE_ID / OGA space (but does somebody already have one?) > Another basic question I have is whether the table 11 in Appendix E > should be merged with the unlabeled table at the end of 5.2.10 (and > located in 5.2.10), and whether Appendix E text in general ought to be > brought forward in the draft to section 3.2 and/or 5.2.10. => it is a question for the hipsec mailing list (I subscribed to it but from my personal e-mail). Regards Francis Dupont <fdupont@isc.org>
- [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Tom Henderson
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Ted Lemon
- Re: [Hipsec] clarification on HIT Suite IDs Rene Hummen
- Re: [Hipsec] clarification on HIT Suite IDs Gonzalo Camarillo
- Re: [Hipsec] clarification on HIT Suite IDs Rene Hummen
- Re: [Hipsec] clarification on HIT Suite IDs Rene Hummen
- Re: [Hipsec] clarification on HIT Suite IDs Gonzalo Camarillo
- Re: [Hipsec] clarification on HIT Suite IDs Julien Laganier
- Re: [Hipsec] clarification on HIT Suite IDs Francis Dupont
- Re: [Hipsec] clarification on HIT Suite IDs Francis Dupont
- [Hipsec] Antwort: Re: clarification on HIT Suite … Tobias.Heer
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Tom Henderson
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Julien Laganier
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Miika Komu
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Tom Henderson
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Rene Hummen
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Tom Henderson
- Re: [Hipsec] Antwort: Re: clarification on HIT Su… Rene Hummen