RE: [RAM] aside Re: HIP
"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Wed, 03 January 2007 17:39 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H2A54-0006l2-T9; Wed, 03 Jan 2007 12:39:14 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H2A52-0006jl-Vy for ram@iab.org; Wed, 03 Jan 2007 12:39:12 -0500
Received: from blv-smtpout-01.boeing.com ([130.76.32.69] helo=blv-smtpout-01.ns.cs.boeing.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H2A50-0006g3-KN for ram@iab.org; Wed, 03 Jan 2007 12:39:12 -0500
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by blv-smtpout-01.ns.cs.boeing.com (8.13.6/8.13.6/TEST_SMTPIN) with ESMTP id l03Hcr6l009067 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 3 Jan 2007 09:38:58 -0800 (PST)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.13.6/8.13.6/DOWNSTREAM_RELAY) with ESMTP id l03Hcqdp017261; Wed, 3 Jan 2007 09:38:52 -0800 (PST)
Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by slb-av-01.boeing.com (8.13.6/8.13.6/UPSTREAM_RELAY) with ESMTP id l03HcoKg017181; Wed, 3 Jan 2007 09:38:52 -0800 (PST)
Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 3 Jan 2007 09:38:45 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [RAM] aside Re: HIP
Date: Wed, 03 Jan 2007 09:38:12 -0800
Message-ID: <77F357662F8BFA4CA7074B0410171B6D01A2FAB9@XCH-NW-5V1.nw.nos.boeing.com>
In-Reply-To: <6CD3B854-F172-4408-AC73-8DF6D4C47240@extremenetworks.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [RAM] aside Re: HIP
Thread-Index: Accuu4gVbVpZTcDDS6+sHTnwZxFt4gAnXdRA
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: RJ Atkinson <rja@extremenetworks.com>, ram@iab.org
X-OriginalArrivalTime: 03 Jan 2007 17:38:45.0762 (UTC) FILETIME=[04D18620:01C72F5E]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Cc:
X-BeenThere: ram@iab.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing and Addressing Mailing List <ram.iab.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ram>
List-Post: <mailto:ram@iab.org>
List-Help: <mailto:ram-request@iab.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=subscribe>
Errors-To: ram-bounces@iab.org
> -----Original Message----- > From: RJ Atkinson [mailto:rja@extremenetworks.com] > Sent: Tuesday, January 02, 2007 2:15 PM > To: ram@iab.org > Subject: [RAM] aside Re: HIP > > > I think HIP is really great research. I am not quite > as enthusiastic about HIP as an operational solution. > > My main concern is that with HIP, when one's public key > is compromised (and, yes, that is always a WHEN, not an IF), > one always necessarily loses one's Identifier. This seems > pretty undesirable to me. > > HIP-like solutions that don't have issues of that sort > are pretty different from any of the currently available HIP > specifications. Yes, the HIP authors/editors left the door open > a crack, but AFAIK there isn't any proposal for how to make an > Identifier > workable if the Identifier is not derived from one's public key. Ram, Is your concern that HIP has not explicitly considered what to do when an identifier is compromised, or that solutions that actually do adequately treat situations for which an identifier is compromised are necessarily much different from HIP design? If the latter, can you provide a pointer? What do you view as the operational requirements on the security and permanence of a network-level identifier? Note that there have been differing views on this; for instance, the identifiers could be transient and anonymous, or semi-permanent and public, or even securing the channel bindings for higher-layer protocol security. Each of these use cases has different operational implications for how seriously to protect the identifier from compromise and undo the damage when compromised. To this point, HIP has deliberately avoided choosing one of the above use cases, and may be why these solutions are underdeveloped for HIP. > > Also, for moderate threat environments, I think all the > HIP cryptography is overkill and computationally expensive. I'd > prefer to have the option for a less computationally intense and > less comprehensive security mechanism for moderate threat > environments. > (Something that merely prevented off-path attacks seems possible > to me and might be interesting to have as a deployment option.) > Pekka made reference to lightweight HIP using hash chains; although I can't find the thesis, there is an expired internet draft with earlier work: http://tools.ietf.org/html/draft-nikander-multi6-hip-01 which referenced the WIMP-F hash chain proposal for multi6: http://tools.ietf.org/html/draft-ylitalo-multi6-wimp-01 Tom _______________________________________________ RAM mailing list RAM@iab.org https://www1.ietf.org/mailman/listinfo/ram
- [RAM] aside Re: HIP RJ Atkinson
- Re: [RAM] aside Re: HIP Pekka Nikander
- RE: [RAM] aside Re: HIP Henderson, Thomas R