Re: [Hipsec] Conflicting text in RFC5201 - RFC5201-bis
René Hummen <rene.hummen@cs.rwth-aachen.de> Wed, 26 May 2010 13:47 UTC
Return-Path: <rene.hummen@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CFEAD3A68F3 for <hipsec@core3.amsl.com>; Wed, 26 May 2010 06:47:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.719
X-Spam-Level:
X-Spam-Status: No, score=-3.719 tagged_above=-999 required=5 tests=[AWL=0.783, BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFqTaEbDZcDH for <hipsec@core3.amsl.com>; Wed, 26 May 2010 06:47:28 -0700 (PDT)
Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by core3.amsl.com (Postfix) with ESMTP id 9976F3A6928 for <hipsec@ietf.org>; Wed, 26 May 2010 06:47:28 -0700 (PDT)
MIME-version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0L3100LX84YUZA00@mta-1.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Wed, 26 May 2010 15:47:18 +0200 (CEST)
X-IronPort-AV: E=Sophos;i="4.53,304,1272837600"; d="scan'208";a="58997762"
Received: from relay-auth-2.ms.rz.rwth-aachen.de (HELO relay-auth-2) ([134.130.7.79]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Wed, 26 May 2010 15:47:19 +0200
Received: from umic-137-226-154-190.nn.rwth-aachen.de ([unknown] [137.226.154.190]) by relay-auth-2.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0L31003WJ4YUGV40@relay-auth-2.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Wed, 26 May 2010 15:47:18 +0200 (CEST)
From: René Hummen <rene.hummen@cs.rwth-aachen.de>
Content-transfer-encoding: quoted-printable
Date: Wed, 26 May 2010 15:47:18 +0200
Message-id: <279FACB2-90A1-465A-951B-7F1FC8214404@cs.rwth-aachen.de>
To: HIP WG <hipsec@ietf.org>
X-Mailer: Apple Mail (2.1078)
Subject: Re: [Hipsec] Conflicting text in RFC5201 - RFC5201-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2010 13:47:30 -0000
On May 26, 2010, at 12:59 PM, Samu Varjonen wrote: > Tobias Heer wrote: >> Hello, I have a question regarding some text in RFC5201 that conflicts with the crypto agility that we envisioned. >> >> The new BEX will have to start the negotiations of the DH groups already in I1 to allow the Responder to pick a sensible DH group (there are simple countermeasures against downgrade attacks, too, so don't worry). >> Therefore, the I1 becomes slightly more important than it was (although it stays unsigned and cheap). >> In Section 4.1 RFC5201 states: >> ... >> 705 The Initiator first sends a trigger packet, I1, to the 706 Responder. The packet contains the HIT of the Initiator 707 and possibly the HIT of the Responder, if it is known. 708 Moreover, it contains a list of Diffie Hellman Group IDs 709 supported by the Initiator. Note 710 that in some cases it may be possible to replace this trigger 711 packet by some other form of a trigger, in which case the 712 protocol starts with the Responder sending the R1 packet. ... >> With the DH group negotiations already starting in I1 it becomes difficult to omit the I1 (you can do it but you lose DH crypto agility). >> Moreover, I doubt that omitting the I1 works well even without considering the DH group negotiations because some of the measures to keep the Responder stateless until I2 rely on having information from the I1 (IP address or HIT) for the puzzle/ opaque data field. >> My questions are: Is anyone using or does anyone intent to use this omission of the I1? > > Check out draft-ietf-hip-hiccups-02 Section 5.3 > " > A host receiving a HIP DATA packet makes decision whether to process > the packet or not. If the host, following its local policy, suspects > that this packet could be part of a DoS attack. The host MAY respond > with an R1 packet to the HIP DATA packet... > " You could adapt draft-ietf-hip-hiccups-02 Section 5.3 as follows, in order to support the crypto agility changes introduced in RFC5201-bis: " ...If the host chooses to respond to the HIP DATA with an R1 packet, it creates a new R1 or selects a precomputed R1 according to the format described in [RFC5201] Section 5.3.2. " Add: "The host should thereby choose its preferred DH group for the DH value." This way, the BEX can continue as supposed by hiccups, if the two hosts agree on the DH group. Otherwise, the host, that was initially sending the HIP DATA packet, would advertise the supported DH groups by sending a corresponding I1. >> Is there any specification on how to do it (at least this is the only place in 5201 where it is mentioned). >> Do we need this feature because there are cases where you cannot send an I1? >> And finally: can we live without that note? >> Of course, even if we skip it there is nothing that will keep someone defining it as an extension to the base specs if it is needed in the future. >> Thanks for any input. >> Tobias Ciao, René -- Dipl.-Inform. Rene Hummen, Ph.D. Student Distributed Systems Group RWTH Aachen University, Germany tel: +49 241 80 20772 web: http://ds.rwth-aachen.de/members/hummen
- [Hipsec] Conflicting text in RFC5201 - RFC5201-bis Tobias Heer
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Samu Varjonen
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… René Hummen
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Tobias Heer
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Ari Keranen
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Tobias Heer
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Ari Keranen
- Re: [Hipsec] Conflicting text in RFC5201 - RFC520… Tobias Heer