Re: [IPsec] IPSECKEY Resource Record Parameter for EdDSA
Robert Moskowitz <rgm-sec@htt-consult.com> Fri, 11 October 2019 13:28 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9495612008F for <ipsec@ietfa.amsl.com>; Fri, 11 Oct 2019 06:28:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQqnkklIIaf7 for <ipsec@ietfa.amsl.com>; Fri, 11 Oct 2019 06:28:44 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46127120073 for <IPsec@ietf.org>; Fri, 11 Oct 2019 06:28:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id A2C9B6211F; Fri, 11 Oct 2019 09:28:42 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ZfXrYBAb49Rr; Fri, 11 Oct 2019 09:28:38 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 53A946211E; Fri, 11 Oct 2019 09:28:38 -0400 (EDT)
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: IPsec@ietf.org
References: <288a46b0-fa99-b070-362b-d0f0edbcab4b@htt-consult.com> <19298.1570786008@dooku.sandelman.ca>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <4e823970-3907-a854-d41d-a97e19379e01@htt-consult.com>
Date: Fri, 11 Oct 2019 09:28:36 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0
MIME-Version: 1.0
In-Reply-To: <19298.1570786008@dooku.sandelman.ca>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/CNAvwFSlXj6Gzv8Lkjdhz3WJ-Dw>
Subject: Re: [IPsec] IPSECKEY Resource Record Parameter for EdDSA
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2019 13:28:47 -0000
On 10/11/19 5:26 AM, Michael Richardson wrote: > Robert Moskowitz <rgm-sec@htt-consult.com> wrote: > > Is there an update for EDDSA (RFC 8420) for the ipseckey RR? > > > https://www.iana.org/assignments/ipseckey-rr-parameters/ipseckey-rr-parameters.xhtml > > > IANA is not showing it, so perhaps it is in a draft somewhere? > > I haven't done this. > It's marked IETF Review, so a document is needed (but necessarily standards > track). > What's your use case today? Surely not tm-rid? Yes it is tm-rid. Look for a revision to https://datatracker.ietf.org/doc/draft-moskowitz-hip-hhit-registries/ Any observer should have access to the HI on observing the HIT in the RemoteID Basic Message. This is needed to validate the signature in the Authentication Message. Only an authorized observer can query the USS for more information (as Stu alluded to) about the UAV. In the ASTM docs we cannot release yet (grumble) they propose both SAML and JSON for the query for these details by an authorized observer. Thus only the HI/HIT will be returned in the DNS query. RVS is normally restricted information. Bob
- [IPsec] IPSECKEY Resource Record Parameter for Ed… Robert Moskowitz
- Re: [IPsec] IPSECKEY Resource Record Parameter fo… Paul Wouters
- Re: [IPsec] IPSECKEY Resource Record Parameter fo… Robert Moskowitz
- Re: [IPsec] IPSECKEY Resource Record Parameter fo… Michael Richardson
- Re: [IPsec] IPSECKEY Resource Record Parameter fo… Michael Richardson
- Re: [IPsec] IPSECKEY Resource Record Parameter fo… Robert Moskowitz
- Re: [IPsec] IPSECKEY Resource Record Parameter fo… Robert Moskowitz