Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CFEAD3A68F3 for ; Wed, 26 May 2010 06:47:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.719 X-Spam-Level: X-Spam-Status: No, score=-3.719 tagged_above=-999 required=5 tests=[AWL=0.783, BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFqTaEbDZcDH for ; Wed, 26 May 2010 06:47:28 -0700 (PDT) Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by core3.amsl.com (Postfix) with ESMTP id 9976F3A6928 for ; Wed, 26 May 2010 06:47:28 -0700 (PDT) MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0L3100LX84YUZA00@mta-1.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Wed, 26 May 2010 15:47:18 +0200 (CEST) X-IronPort-AV: E=Sophos;i="4.53,304,1272837600"; d="scan'208";a="58997762" Received: from relay-auth-2.ms.rz.rwth-aachen.de (HELO relay-auth-2) ([134.130.7.79]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Wed, 26 May 2010 15:47:19 +0200 Received: from umic-137-226-154-190.nn.rwth-aachen.de ([unknown] [137.226.154.190]) by relay-auth-2.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0L31003WJ4YUGV40@relay-auth-2.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Wed, 26 May 2010 15:47:18 +0200 (CEST) From: =?iso-8859-1?Q?Ren=E9_Hummen?= Content-transfer-encoding: quoted-printable Date: Wed, 26 May 2010 15:47:18 +0200 Message-id: <279FACB2-90A1-465A-951B-7F1FC8214404@cs.rwth-aachen.de> To: HIP WG X-Mailer: Apple Mail (2.1078) Subject: Re: [Hipsec] Conflicting text in RFC5201 - RFC5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 May 2010 13:47:30 -0000 On May 26, 2010, at 12:59 PM, Samu Varjonen wrote: > Tobias Heer wrote: >> Hello, I have a question regarding some text in RFC5201 that = conflicts with the crypto agility that we envisioned. >> =09 >> The new BEX will have to start the negotiations of the DH groups = already in I1 to allow the Responder to pick a sensible DH group (there = are simple countermeasures against downgrade attacks, too, so don't = worry). >> Therefore, the I1 becomes slightly more important than it was = (although it stays unsigned and cheap). >> In Section 4.1 RFC5201 states: >> ... >> 705 The Initiator first sends a trigger packet, I1, to the = 706 Responder. The packet contains the HIT of the Initiator = 707 and possibly the HIT of the Responder, if it is known. 708 = Moreover, it contains a list of Diffie Hellman Group IDs 709 = supported by the Initiator. Note 710 that in some = cases it may be possible to replace this trigger 711 packet by = some other form of a trigger, in which case the 712 protocol = starts with the Responder sending the R1 packet. ... >> With the DH group negotiations already starting in I1 it becomes = difficult to omit the I1 (you can do it but you lose DH crypto agility). >> Moreover, I doubt that omitting the I1 works well even without = considering the DH group negotiations because some of the measures to = keep the Responder stateless until I2 rely on having information from = the I1 (IP address or HIT) for the puzzle/ opaque data field. >> My questions are: Is anyone using or does anyone intent to use this = omission of the I1? >=20 > Check out draft-ietf-hip-hiccups-02 Section 5.3 > " > A host receiving a HIP DATA packet makes decision whether to process > the packet or not. If the host, following its local policy, suspects > that this packet could be part of a DoS attack. The host MAY respond > with an R1 packet to the HIP DATA packet... > " You could adapt draft-ietf-hip-hiccups-02 Section 5.3 as follows, in = order to support the crypto agility changes introduced in RFC5201-bis: " ...If the host chooses to respond to the HIP DATA with an R1 packet, it creates a new R1 or selects a precomputed R1 according to the format described in [RFC5201] Section 5.3.2. " Add: "The host should thereby choose its preferred DH group for the DH = value." This way, the BEX can continue as supposed by hiccups, if the two hosts = agree on the DH group. Otherwise, the host, that was initially sending = the HIP DATA packet, would advertise the supported DH groups by sending = a corresponding I1. >> Is there any specification on how to do it (at least this is the only = place in 5201 where it is mentioned). >> Do we need this feature because there are cases where you cannot send = an I1? >> And finally: can we live without that note? >> Of course, even if we skip it there is nothing that will keep someone = defining it as an extension to the base specs if it is needed in the = future. >> Thanks for any input. >> Tobias Ciao, Ren=E9 -- Dipl.-Inform. Rene Hummen, Ph.D. Student Distributed Systems Group RWTH Aachen University, Germany tel: +49 241 80 20772 web: http://ds.rwth-aachen.de/members/hummen