From zhou.sujing@zte.com.cn Fri Feb 3 01:39:00 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C19C821F8576 for ; Fri, 3 Feb 2012 01:39:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.014 X-Spam-Level: X-Spam-Status: No, score=-100.014 tagged_above=-999 required=5 tests=[AWL=1.824, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_DOUBLE_IP_LOOSE=0.76, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vx+1imP7Wix5 for ; Fri, 3 Feb 2012 01:39:00 -0800 (PST) Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 958DC21F84E7 for ; Fri, 3 Feb 2012 01:38:59 -0800 (PST) Received: from [10.30.17.99] by mx5.zte.com.cn with surfront esmtp id 566902133923422; Fri, 3 Feb 2012 17:13:11 +0800 (CST) Received: from [10.30.3.21] by [192.168.168.15] with StormMail ESMTP id 5467.2133923422; Fri, 3 Feb 2012 17:38:47 +0800 (CST) Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse02.zte.com.cn with ESMTP id q139ch79020707 for ; Fri, 3 Feb 2012 17:38:43 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn) To: hipsec@ietf.org MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007 Message-ID: From: zhou.sujing@zte.com.cn Date: Fri, 3 Feb 2012 17:38:30 +0800 X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-02-03 17:38:46, Serialize complete at 2012-02-03 17:38:46 Content-Type: multipart/alternative; boundary="=_alternative 0034F55748257999_=" X-MAIL: mse02.zte.com.cn q139ch79020707 Subject: [Hipsec] a brief review of draft-zhang-hip-privacy-protection-04 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Feb 2012 09:39:00 -0000 This is a multipart message in MIME format. --=_alternative 0034F55748257999_= Content-Type: text/plain; charset="US-ASCII" 1. what is HI-I and HI-R, what's the diff with HIT-I and HIT-R? 2. since the key to encrypt HI-I in calculating I2 is derived from HIT-R, B-HIT-I: " Key1=SHA1 (KDH, HIT-R, B-HIT-I, 1), ... Keyn=SHA1 (KDH, HIT-R, B-HIT-I, n)," how can initiator calculate the key before he obtain R2? 3. since the key of Encrypt {HI-R} is also calculated from HI(T)-R, then how can HI(T)-R be decrypted? 4. Only knowing HIT-I or HIT-R can not verify the signature since HIT is only a hash of required public key, so public key need to be transported. 5. In an example of HIP, a puzzle is specified as: "I = Ltrunc( RHASH ( S | HIT-I | HIT-R | IP-I | IP-R ), 64)" so, HIT-I and HIT-R are needed to compute and precompute a puzzle, so how puzzle of this like be (pre)computed in R1? Regards~~~ -Sujing --=_alternative 0034F55748257999_= Content-Type: text/html; charset="US-ASCII"
1. what is HI-I and HI-R, what's the diff with HIT-I and HIT-R?
2. since the key to encrypt HI-I in calculating I2 is derived from HIT-R, B-HIT-I:
"   Key1=SHA1 (KDH, HIT-R, B-HIT-I, 1), ...
   Keyn=SHA1 (KDH, HIT-R, B-HIT-I, n),"
how can initiator calculate the key before he obtain R2?
3. since the key of Encrypt {HI-R} is also calculated from HI(T)-R,
 then how can HI(T)-R be decrypted?
4. Only knowing HIT-I or HIT-R can not verify the signature since HIT is only a hash of required public key,
so public key need to be transported.
5. In an example of HIP, a puzzle is specified as:
"I = Ltrunc( RHASH ( S | HIT-I | HIT-R | IP-I | IP-R ), 64)"
so, HIT-I and HIT-R are needed to compute and precompute a puzzle, so how puzzle of this like be (pre)computed in
R1?            

Regards~~~

-Sujing --=_alternative 0034F55748257999_=-- From zhou.sujing@zte.com.cn Fri Feb 3 01:45:58 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8B5D21F85FC for ; Fri, 3 Feb 2012 01:45:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.379 X-Spam-Level: X-Spam-Status: No, score=-100.379 tagged_above=-999 required=5 tests=[AWL=1.459, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_DOUBLE_IP_LOOSE=0.76, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7Ao5MkQ6Oha for ; Fri, 3 Feb 2012 01:45:57 -0800 (PST) Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 63BB421F85F4 for ; Fri, 3 Feb 2012 01:45:57 -0800 (PST) Received: from [10.30.17.100] by mx5.zte.com.cn with surfront esmtp id 566902133923422; Fri, 3 Feb 2012 17:19:50 +0800 (CST) Received: from [10.30.3.21] by [192.168.168.16] with StormMail ESMTP id 84221.2133923422; Fri, 3 Feb 2012 17:45:38 +0800 (CST) Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse02.zte.com.cn with ESMTP id q139jjqq029843 for ; Fri, 3 Feb 2012 17:45:45 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn) To: hipsec@ietf.org MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007 Message-ID: From: zhou.sujing@zte.com.cn Date: Fri, 3 Feb 2012 17:45:32 +0800 X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-02-03 17:45:48, Serialize complete at 2012-02-03 17:45:48 Content-Type: multipart/alternative; boundary="=_alternative 0035A29D48257999_=" X-MAIL: mse02.zte.com.cn q139jjqq029843 Subject: [Hipsec] a review of draft-zhang-hip-privacy-protection-04 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Feb 2012 09:45:58 -0000 This is a multipart message in MIME format. --=_alternative 0035A29D48257999_= Content-Type: text/plain; charset="US-ASCII" 1. what is HI-I and HI-R, what's the diff with HIT-I and HIT-R? 2. since the key to encrypt HI-I in calculating I2 is derived from HIT-R, B-HIT-I: " Key1=SHA1 (KDH, HIT-R, B-HIT-I, 1), ... Keyn=SHA1 (KDH, HIT-R, B-HIT-I, n)," how can initiator calculate the key before he obtain R2? 3. since the key of Encrypt {HI-R} is also calculated from HI(T)-R, then how can HI(T)-R be decrypted? 4. Only knowing HIT-I or HIT-R can not verify the signature since HIT is only a hash of required public key, so public key need to be transported. 5. In an example of HIP, a puzzle is specified as: "I = Ltrunc( RHASH ( S | HIT-I | HIT-R | IP-I | IP-R ), 64)" so, HIT-I and HIT-R are needed to compute and precompute a puzzle, so how puzzle of this like be (pre)computed in R1? Regards~~~ -Sujing --=_alternative 0035A29D48257999_= Content-Type: text/html; charset="US-ASCII"
1. what is HI-I and HI-R, what's the diff with HIT-I and HIT-R?
2. since the key to encrypt HI-I in calculating I2 is derived from HIT-R, B-HIT-I:
"   Key1=SHA1 (KDH, HIT-R, B-HIT-I, 1), ...
   Keyn=SHA1 (KDH, HIT-R, B-HIT-I, n),"
how can initiator calculate the key before he obtain R2?
3. since the key of Encrypt {HI-R} is also calculated from HI(T)-R,
 then how can HI(T)-R be decrypted?
4. Only knowing HIT-I or HIT-R can not verify the signature since HIT is only a hash of required public key,
so public key need to be transported.
5. In an example of HIP, a puzzle is specified as:
"I = Ltrunc( RHASH ( S | HIT-I | HIT-R | IP-I | IP-R ), 64)"
so, HIT-I and HIT-R are needed to compute and precompute a puzzle, so how puzzle of this like be (pre)computed in
R1?            


Regards~~~

-Sujing --=_alternative 0035A29D48257999_=-- From thomas.r.henderson@boeing.com Fri Feb 3 08:28:01 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79B2B21F84D3 for ; Fri, 3 Feb 2012 08:28:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -108.085 X-Spam-Level: X-Spam-Status: No, score=-108.085 tagged_above=-999 required=5 tests=[AWL=-1.486, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wsr17WWHcGao for ; Fri, 3 Feb 2012 08:28:01 -0800 (PST) Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by ietfa.amsl.com (Postfix) with ESMTP id 0B97521F848A for ; Fri, 3 Feb 2012 08:28:01 -0800 (PST) Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id q13GRxE0029869 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Fri, 3 Feb 2012 08:28:00 -0800 (PST) Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q13GRxdU017252 for ; Fri, 3 Feb 2012 08:27:59 -0800 (PST) Received: from XCH-NWHT-07.nw.nos.boeing.com (xch-nwht-07.nw.nos.boeing.com [130.247.25.111]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q13GRxOS017245 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Fri, 3 Feb 2012 08:27:59 -0800 (PST) Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-07.nw.nos.boeing.com ([130.247.25.111]) with mapi; Fri, 3 Feb 2012 08:27:59 -0800 From: "Henderson, Thomas R" To: "hipsec@ietf.org" Date: Fri, 3 Feb 2012 08:27:59 -0800 Thread-Topic: open issues with bis drafts Thread-Index: AczaZS8jatEJ9ZXIQVWtKBdl5FTwbACCtO1wAYfApFA= Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CF2319E53@XCH-NW-10V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Hipsec] open issues with bis drafts X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Feb 2012 16:28:01 -0000 I'm interested in trying to wrap up the remaining open issues on the four d= rafts that are first on our charter to take to WGLC: - 4423-bis - 4843-bis - 5201-bis - 5202-bis We have been using the IETF tools WG issue tracker for RFC 5201-bis and RFC= 5206-bis, but not for the others as much. =20 I think the following major (i.e., requiring either list discussion or some= outside help to resolve) remain for these drafts: 1) 4423-bis I had some comments on this draft back in April 2011. To fully resolve the= m requires some agreement on basic principles or terminology, which I belie= ve hasn't been resolved yet. I think the main issue is this sentence in th= e introduction: "There is exactly one Host Identifier for each Host Identity." This gets into issues of separating the abstract notion of identity from ke= ying material, and key lifecycle management. I had proposed relaxing the a= bove to say that there may be multiple host identifiers for each host ident= ity. But we may have different notions of what is a host identity. Changes to the above sentence or the terminology would have a ripple effect= elsewhere in the draft. In general, it may be helpful to lean on establis= hed PKI terminology (RFC 2459?) where we can. 2) 4843-bis This draft has been expired for a while. The main issue I'm aware of is th= e status of the IANA allocation. It expires in 2014. Are we getting a per= manent one? The Orchid Generation Algorithm needs to go to this document once it is fin= alized in 5201. 3) 5201-bis - issue 26: IESG: randomize hashing in signatures - issue 28: IESG: support combined encryption modes =20 - issue 29: IESG: Use different RSA mode OAEP/PSS=20 - issue 35: Limiting ECC to co-factor of 1=20 On some of these remaining issues, the crypto-forum research group (CFRG) m= ay be able to help. Tobias also brought to my attention that the IPv6 HIP example packet (I1) h= as incorrect checksum, wrong version number, and is missing the DH_GROUP_LI= ST parameter. =20 4) 5202-bis No open issues. I'd like to enter the above missing items into the tracker and try to close= them this month if possible. Any comments or other issues at this point? - Tom From petri.jokela@nomadiclab.com Tue Feb 14 03:44:04 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 293FE21F87B5 for ; Tue, 14 Feb 2012 03:44:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hGkfkgQVlq6H for ; Tue, 14 Feb 2012 03:44:03 -0800 (PST) Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by ietfa.amsl.com (Postfix) with ESMTP id 74C5B21F87AD for ; Tue, 14 Feb 2012 03:44:03 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 37AB74E6E9 for ; Tue, 14 Feb 2012 13:44:02 +0200 (EET) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9PoBrvteN7n for ; Tue, 14 Feb 2012 13:44:01 +0200 (EET) Received: from [IPv6:::1] (inside.nomadiclab.com [10.0.0.2]) by gw.nomadiclab.com (Postfix) with ESMTP id 24AD34E6E8 for ; Tue, 14 Feb 2012 13:44:00 +0200 (EET) From: Petri Jokela Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Tue, 14 Feb 2012 13:44:00 +0200 Message-Id: To: hipsec@ietf.org Mime-Version: 1.0 (Apple Message framework v1257) X-Mailer: Apple Mail (2.1257) Subject: [Hipsec] HIP ESP draft submitted X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2012 11:44:04 -0000 Hi, I just submitted the -02 version of HIP ESP draft: http://www.ietf.org/id/draft-jokela-hip-rfc5202-bis-02.txt Petri -- Petri Jokela Research scientist NomadicLab, Ericsson Research Oy L M Ericsson Ab E-mail: petri.jokela@ericsson.com Mobile: +358 44 299 2413