From internet-drafts@ietf.org Mon Mar 12 13:35:14 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F62211E80C4; Mon, 12 Mar 2012 13:35:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.583 X-Spam-Level: X-Spam-Status: No, score=-102.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tCBy28LEojC9; Mon, 12 Mar 2012 13:35:13 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B9F611E80B8; Mon, 12 Mar 2012 13:35:13 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.00 Message-ID: <20120312203513.27167.17393.idtracker@ietfa.amsl.com> Date: Mon, 12 Mar 2012 13:35:13 -0700 Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action: draft-ietf-hip-rfc5201-bis-08.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 20:35:14 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Host Identity Protocol Working Group = of the IETF. Title : Host Identity Protocol Version 2 (HIPv2) Author(s) : Robert Moskowitz Tobias Heer Petri Jokela Thomas R. Henderson Filename : draft-ietf-hip-rfc5201-bis-08.txt Pages : 124 Date : 2012-03-12 This document specifies the details of the Host Identity Protocol (HIP). HIP allows consenting hosts to securely establish and maintain shared IP-layer state, allowing separation of the identifier and locator roles of IP addresses, thereby enabling continuity of communications across IP address changes. HIP is based on a SIGMA- compliant Diffie-Hellman key exchange, using public key identifiers from a new Host Identity namespace for mutual peer authentication. The protocol is designed to be resistant to denial-of-service (DoS) and man-in-the-middle (MitM) attacks. When used together with another suitable security protocol, such as the Encapsulated Security Payload (ESP), it provides integrity protection and optional encryption for upper-layer protocols, such as TCP and UDP. This document obsoletes RFC 5201 and addresses the concerns raised by the IESG, particularly that of crypto agility. It also incorporates lessons learned from the implementations of RFC 5201. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-hip-rfc5201-bis-08.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-hip-rfc5201-bis-08.txt From thomas.r.henderson@boeing.com Mon Mar 12 14:09:55 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 374AB21F88F8 for ; Mon, 12 Mar 2012 14:09:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -107.174 X-Spam-Level: X-Spam-Status: No, score=-107.174 tagged_above=-999 required=5 tests=[AWL=-0.575, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c+S8gNzboAPt for ; Mon, 12 Mar 2012 14:09:54 -0700 (PDT) Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69]) by ietfa.amsl.com (Postfix) with ESMTP id 9C03921F88E8 for ; Mon, 12 Mar 2012 14:09:54 -0700 (PDT) Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by blv-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id q2CL9rnN023712 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 12 Mar 2012 14:09:54 -0700 (PDT) Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q2CL9q1w008640 for ; Mon, 12 Mar 2012 14:09:52 -0700 (PDT) Received: from XCH-NWHT-07.nw.nos.boeing.com (xch-nwht-07.nw.nos.boeing.com [130.247.25.111]) by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q2CL9qlF008606 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Mon, 12 Mar 2012 14:09:52 -0700 (PDT) Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-07.nw.nos.boeing.com ([130.247.25.111]) with mapi; Mon, 12 Mar 2012 14:09:52 -0700 From: "Henderson, Thomas R" To: "hipsec@ietf.org" Date: Mon, 12 Mar 2012 14:09:51 -0700 Thread-Topic: RFC5201-bis status Thread-Index: Ac0Aj6xd/2+zixHTTSmvIt0en2sx1QAAKIBA Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CF3D4B715@XCH-NW-10V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Hipsec] RFC5201-bis status X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 21:09:55 -0000 The new version of RFC5201-bis was just published at: http://www.ietf.org/internet-drafts/draft-ietf-hip-rfc5201-bis-08.txt This version had the following changes: o Removed lingering references to SHA-1 as the mandatory hash algorithm (which was changed to SHA-256 in the -02 draft version). o For parameter type number changes, changed "IETF Review" to "IETF Review or IESG Approval". o Updated Appendix C checksum examples to conform to HIPv2 packets. There remain nine open issues in the tracker for this draft: http://trac.tools.ietf.org/wg/hip/trac/query?component=3Drfc5201-bis I believe that three could be closed immediately as being already done, and= I will plan to do so in a week if there are no comments: #18 Selection of 160-bit ECC curve #26 IESG: Randomize hashing in signatures #28 IESG: support combined encryption modes I believe that two can be closed with some brief list discussion (will open= separate discussion threads): #30 Handle interactions with complex SPDs #32 normative text on when to have Domain Identifier There are four that seem to require more work and discussion to close out: #26 Orchid Generation Algorithm (OGA) in ORCHID document (requires coordina= tion with 4843-bis) #29 IESG: Use different RSA mode OAEP/PSS #33 reusing DH public values #35 Limiting ECC to co-factor of 1 - Tom From thomas.r.henderson@boeing.com Mon Mar 12 14:13:00 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B7FF21F8948 for ; Mon, 12 Mar 2012 14:13:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -107.121 X-Spam-Level: X-Spam-Status: No, score=-107.121 tagged_above=-999 required=5 tests=[AWL=-0.522, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EpHedtfJyPah for ; Mon, 12 Mar 2012 14:13:00 -0700 (PDT) Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by ietfa.amsl.com (Postfix) with ESMTP id 1B5E021F8951 for ; Mon, 12 Mar 2012 14:13:00 -0700 (PDT) Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id q2CLCs2L007967 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 12 Mar 2012 14:12:55 -0700 (PDT) Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q2CLDJDP007423 for ; Mon, 12 Mar 2012 16:13:19 -0500 (CDT) Received: from XCH-NWHT-08.nw.nos.boeing.com (xch-nwht-08.nw.nos.boeing.com [130.247.25.112]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q2CLDIA7007407 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Mon, 12 Mar 2012 16:13:19 -0500 (CDT) Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-08.nw.nos.boeing.com ([130.247.25.112]) with mapi; Mon, 12 Mar 2012 14:12:53 -0700 From: "Henderson, Thomas R" To: "hipsec@ietf.org" Date: Mon, 12 Mar 2012 14:12:53 -0700 Thread-Topic: rfc5201-bis issue 32: normative text on when to have Domain Identifier Thread-Index: Ac0AlOLeV9CiB0T2R8i5qGV0LWB9UA== Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CF3D4B716@XCH-NW-10V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Hipsec] rfc5201-bis issue 32: normative text on when to have Domain Identifier X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 21:13:00 -0000 http://trac.tools.ietf.org/wg/hip/trac/ticket/32 This issue requests to add normative text on when to have a domain identifi= er. I believe that this could be simply addressed by adding this statement= to section 5.2.9: "A host MAY optionally associate its Host Identifier with a single Domain I= dentifier in the HOST_ID parameter." Any comments or concerns? - Tom From thomas.r.henderson@boeing.com Mon Mar 12 14:22:44 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A88CE21F8910 for ; Mon, 12 Mar 2012 14:22:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -109.078 X-Spam-Level: X-Spam-Status: No, score=-109.078 tagged_above=-999 required=5 tests=[AWL=1.521, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wwgy5SXrs-gl for ; Mon, 12 Mar 2012 14:22:44 -0700 (PDT) Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by ietfa.amsl.com (Postfix) with ESMTP id AC76A21F88E0 for ; Mon, 12 Mar 2012 14:22:43 -0700 (PDT) Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id q2CLNtBg009511 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 12 Mar 2012 16:23:57 -0500 (CDT) Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q2CLMvYX028592 for ; Mon, 12 Mar 2012 16:22:57 -0500 (CDT) Received: from XCH-NWHT-05.nw.nos.boeing.com (xch-nwht-05.nw.nos.boeing.com [130.247.25.109]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q2CLMvoj028569 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Mon, 12 Mar 2012 16:22:57 -0500 (CDT) Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-05.nw.nos.boeing.com ([130.247.25.109]) with mapi; Mon, 12 Mar 2012 14:22:32 -0700 From: "Henderson, Thomas R" To: "hipsec@ietf.org" Date: Mon, 12 Mar 2012 14:22:32 -0700 Thread-Topic: rfc5201-bis issue 30: Handle interactions with complex SPDs Thread-Index: Ac0AljxAdQTZpU+VTzWnYc0NBi1itQ== Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CF3D4B717@XCH-NW-10V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Hipsec] rfc5201-bis issue 30: Handle interactions with complex SPDs X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 21:22:44 -0000 http://trac.tools.ietf.org/wg/hip/trac/ticket/30 This ticket states:=20 "Interactions with complex SPDs may result in weird effects. Need some sugg= ested text to clear this issue." I believe this tracker item is drawn from= Robert Moskowitz's IETF 80 presentation. Note that for RFC 5202, there was an IESG Note about this issue: In case of complex Security Policy Databases (SPDs) and the co- existence of HIP and security-related protocols such as IKE, implementors may encounter conditions that are unspecified in these documents. For example, when the SPD defines an IP address subnet to be protected and a HIP host is residing in that IP address area, there is a possibility that the communication is encrypted multiple times. Readers are advised to pay special attention when running HIP with complex SPD settings. Future specifications should clearly define when multiple encryption is intended, and when it should be avoided. Petri noted on the list back in January that RFC5202-bis has addressed this= issue. Therefore, I propose to close this issue for RFC5201-bis in a week= if there are no other comments. - Tom From thomas.r.henderson@boeing.com Mon Mar 12 14:25:02 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 925CE11E8112 for ; Mon, 12 Mar 2012 14:25:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -109.195 X-Spam-Level: X-Spam-Status: No, score=-109.195 tagged_above=-999 required=5 tests=[AWL=1.404, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RqjFVLesk6mG for ; Mon, 12 Mar 2012 14:25:02 -0700 (PDT) Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by ietfa.amsl.com (Postfix) with ESMTP id D23B711E80F3 for ; Mon, 12 Mar 2012 14:25:00 -0700 (PDT) Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id q2CLQLQX010886 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 12 Mar 2012 16:26:22 -0500 (CDT) Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q2CLOxjW020711 for ; Mon, 12 Mar 2012 14:24:59 -0700 (PDT) Received: from XCH-NWHT-01.nw.nos.boeing.com (xch-nwht-01.nw.nos.boeing.com [130.247.70.222]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q2CLOxvJ020703 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Mon, 12 Mar 2012 14:24:59 -0700 (PDT) Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-01.nw.nos.boeing.com ([130.247.70.222]) with mapi; Mon, 12 Mar 2012 14:24:58 -0700 From: "Henderson, Thomas R" To: "hipsec@ietf.org" Date: Mon, 12 Mar 2012 14:24:58 -0700 Thread-Topic: [Hipsec] rfc5201-bis issue 32: normative text on when to have Domain Identifier Thread-Index: Ac0AlOLeV9CiB0T2R8i5qGV0LWB9UAAAX1xA Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CF3D4B718@XCH-NW-10V.nw.nos.boeing.com> References: <7CC566635CFE364D87DC5803D4712A6C4CF3D4B716@XCH-NW-10V.nw.nos.boeing.com> In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4CF3D4B716@XCH-NW-10V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [Hipsec] rfc5201-bis issue 32: normative text on when to have Domain Identifier X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 21:25:02 -0000 > -----Original Message----- > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On > Behalf Of Henderson, Thomas R > Sent: Monday, March 12, 2012 2:13 PM > To: hipsec@ietf.org > Subject: [Hipsec] rfc5201-bis issue 32: normative text on when to have > Domain Identifier >=20 > http://trac.tools.ietf.org/wg/hip/trac/ticket/32 >=20 > This issue requests to add normative text on when to have a domain > identifier. I believe that this could be simply addressed by adding > this statement to section 5.2.9: >=20 > "A host MAY optionally associate its Host Identifier with a single > Domain Identifier in the HOST_ID parameter." >=20 Minor correction: "A host MAY optionally associate the Host Identity with a single Domain Ide= ntifier in the HOST_ID parameter." From iahmad@ee.oulu.fi Tue Mar 20 19:27:08 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E13921E803C; Tue, 20 Mar 2012 19:27:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.002 X-Spam-Level: X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A8Pmg5oz4nNn; Tue, 20 Mar 2012 19:27:07 -0700 (PDT) Received: from ee.oulu.fi (ee.oulu.fi [130.231.61.23]) by ietfa.amsl.com (Postfix) with ESMTP id 7F27C21E8050; Tue, 20 Mar 2012 19:27:07 -0700 (PDT) Received: from [82.128.189.197] (dyn3-82-128-189-197.psoas.suomi.net [82.128.189.197]) (authenticated bits=0) by ee.oulu.fi (8.14.4/8.14.4) with ESMTP id q2L2Qw0G002467 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 21 Mar 2012 04:26:58 +0200 Message-ID: <4F693C72.6040107@ee.oulu.fi> Date: Wed, 21 Mar 2012 04:26:58 +0200 From: Ijaz Ahmad User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Thunderbird/3.1.20 MIME-Version: 1.0 To: hiprg@irtf.org, hipsec@ietf.org Content-Type: multipart/alternative; boundary="------------040907020506050309030708" Subject: [Hipsec] Survey for the Comparison of Host Identity Protocol (HIP) based solutions & Mobile VPN solutions X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2012 02:27:08 -0000 This is a multi-part message in MIME format. --------------040907020506050309030708 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit *Survey for the Comparison of Host Identity Protocol (HIP) based solutions & Mobile VPN solutions* Hello, I am conducting a survey for the comparison of Host Identity Protocol (HIP) based solutions and Mobile Virtual Private Networks (MVPN) solutions as part of my Master Degree (Wireless Communication Engineering) Thesis at the University of Oulu, Finland, under the supervision of Prof. Andrei Gurtov. The goal is to know the value and efficiency of both Technologies in terms of Mobility, Security, Costs and Facilitating Conditions. Besides other methods, your opinion is welcome to know the value of the above technologies. The survey consists of small multi-choice questions only. You also have the option to write comments, if you want to justify your answers. You have open choice of answering any question; you can skip questions if you do not want to answer. But, we recommend you to answer all the questions which are relevant to you or you have some information at least. The survey can be completed within 15 minutes. Links to Survey are; Normal: http://www.webropolsurveys.com/S/404AC94E0FE0C686.par Secured: https://www.webropolsurveys.com/S/404AC94E0FE0C686.par Thanking you Ijaz Ahmad Masters Degree Student in Wireless Communication Engineering University of Oulu, Finland --------------040907020506050309030708 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit

Survey for the Comparison of Host Identity Protocol (HIP) based solutions & Mobile VPN solutions

Hello, 

I am conducting a survey for the comparison of Host Identity Protocol (HIP) based solutions and Mobile Virtual Private Networks (MVPN)  solutions as part of my Master Degree (Wireless Communication Engineering) Thesis at the University of Oulu, Finland, under the supervision of Prof. Andrei Gurtov.

The goal is to know the value and efficiency of both Technologies in terms of Mobility, Security, Costs and Facilitating Conditions. Besides other methods, your opinion is welcome to know the value of the above technologies. The survey consists of small multi-choice questions only. You also have the option to write comments, if you want to justify your answers. You have open choice of answering any question; you can skip questions if you do not want to answer. But, we recommend you to answer all the questions which are relevant to you or you have some information at least.

The survey can be completed within 15 minutes.

Links to Survey are;

Normal:            http://www.webropolsurveys.com/S/404AC94E0FE0C686.par
Secured:          https://www.webropolsurveys.com/S/404AC94E0FE0C686.par

Thanking you

Ijaz Ahmad
Masters Degree Student in Wireless Communication Engineering
University of Oulu, Finland

--------------040907020506050309030708-- From thomas.r.henderson@boeing.com Thu Mar 22 03:38:18 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8550F21F8697 for ; Thu, 22 Mar 2012 03:38:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -107.283 X-Spam-Level: X-Spam-Status: No, score=-107.283 tagged_above=-999 required=5 tests=[AWL=-0.684, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LM0dQlZEBXx5 for ; Thu, 22 Mar 2012 03:38:17 -0700 (PDT) Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69]) by ietfa.amsl.com (Postfix) with ESMTP id 29AD521F8699 for ; Thu, 22 Mar 2012 03:38:17 -0700 (PDT) Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by blv-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id q2MAc4KS016984 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Thu, 22 Mar 2012 03:38:06 -0700 (PDT) Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q2MAc4vX005831 for ; Thu, 22 Mar 2012 03:38:04 -0700 (PDT) Received: from XCH-NWHT-05.nw.nos.boeing.com (xch-nwht-05.nw.nos.boeing.com [130.247.25.109]) by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q2MAc3Hw005821 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Thu, 22 Mar 2012 03:38:03 -0700 (PDT) Received: from XCH-NW-16V.nw.nos.boeing.com ([130.247.25.238]) by XCH-NWHT-05.nw.nos.boeing.com ([130.247.25.109]) with mapi; Thu, 22 Mar 2012 03:38:03 -0700 From: "Henderson, Thomas R" To: "hipsec@ietf.org" Date: Thu, 22 Mar 2012 03:38:02 -0700 Thread-Topic: RFC5201-bis status Thread-Index: Ac0Aj6xd/2+zixHTTSmvIt0en2sx1QAAKIBAAeFfkMA= Message-ID: <758141CC3D829043A8C3164DD3D593EA1BCC77C4D2@XCH-NW-16V.nw.nos.boeing.com> References: <7CC566635CFE364D87DC5803D4712A6C4CF3D4B715@XCH-NW-10V.nw.nos.boeing.com> In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4CF3D4B715@XCH-NW-10V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [Hipsec] RFC5201-bis status X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2012 10:38:19 -0000 > -----Original Message----- > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On > Behalf Of Henderson, Thomas R > Sent: Monday, March 12, 2012 2:10 PM > To: hipsec@ietf.org > Subject: [Hipsec] RFC5201-bis status >=20 > The new version of RFC5201-bis was just published at: > http://www.ietf.org/internet-drafts/draft-ietf-hip-rfc5201-bis-08.txt >=20 > This version had the following changes: >=20 > o Removed lingering references to SHA-1 as the mandatory hash > algorithm (which was changed to SHA-256 in the -02 draft > version). >=20 > o For parameter type number changes, changed "IETF Review" to "IETF > Review or IESG Approval". >=20 > o Updated Appendix C checksum examples to conform to HIPv2 packets. >=20 > There remain nine open issues in the tracker for this draft: > http://trac.tools.ietf.org/wg/hip/trac/query?component=3Drfc5201-bis >=20 > I believe that three could be closed immediately as being already done, > and I will plan to do so in a week if there are no comments: >=20 > #18 Selection of 160-bit ECC curve > #26 IESG: Randomize hashing in signatures > #28 IESG: support combined encryption modes >=20 > I believe that two can be closed with some brief list discussion (will > open separate discussion threads): >=20 > #30 Handle interactions with complex SPDs > #32 normative text on when to have Domain Identifier I have now closed the above issues. We have closed 10 of the 14 issues aga= inst RFC5201-bis, and the four below remain. There are no open issues logg= ed against RFC5202-bis. =20 >=20 > #26 Orchid Generation Algorithm (OGA) in ORCHID document (requires > coordination with 4843-bis) This is a matter of coordinating changes that have been made to 5201 into t= he revised 4843-bis. I will have some time next week to review this and ma= ke a proposal. > #29 IESG: Use different RSA mode OAEP/PSS Will open separate thread on this. > #33 reusing DH public values Tobias has proposed text here: http://trac.tools.ietf.org/wg/hip/trac/tick= et/33 Are there any comments or should we adopt the proposed text and close this = issue? > #35 Limiting ECC to co-factor of 1 Bob has proposed text here: http://trac.tools.ietf.org/wg/hip/trac/ticket/= 35 Are there any comments or should we adopt the proposed text and close this = issue? - Tom From thomas.r.henderson@boeing.com Thu Mar 22 03:39:33 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9236A21F8680 for ; Thu, 22 Mar 2012 03:39:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -107.243 X-Spam-Level: X-Spam-Status: No, score=-107.243 tagged_above=-999 required=5 tests=[AWL=-0.644, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6M1I0mb+nSwo for ; Thu, 22 Mar 2012 03:39:33 -0700 (PDT) Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69]) by ietfa.amsl.com (Postfix) with ESMTP id 24B8821F855D for ; Thu, 22 Mar 2012 03:39:33 -0700 (PDT) Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by blv-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id q2MAdW1q017155 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Thu, 22 Mar 2012 03:39:32 -0700 (PDT) Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q2MAdV5x006677 for ; Thu, 22 Mar 2012 03:39:31 -0700 (PDT) Received: from XCH-NWHT-01.nw.nos.boeing.com (xch-nwht-01.nw.nos.boeing.com [130.247.70.222]) by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q2MAdVBW006673 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Thu, 22 Mar 2012 03:39:31 -0700 (PDT) Received: from XCH-NW-16V.nw.nos.boeing.com ([130.247.25.238]) by XCH-NWHT-01.nw.nos.boeing.com ([130.247.70.222]) with mapi; Thu, 22 Mar 2012 03:39:31 -0700 From: "Henderson, Thomas R" To: "hipsec@ietf.org" Date: Thu, 22 Mar 2012 03:39:30 -0700 Thread-Topic: rfc5201-bis issue 29: Use different RSA mode OAEP/PSS Thread-Index: Ac0IGA+5md9pObQlSjOvk0FMGxTbzA== Message-ID: <758141CC3D829043A8C3164DD3D593EA1BCC77C4D3@XCH-NW-16V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Hipsec] rfc5201-bis issue 29: Use different RSA mode OAEP/PSS X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2012 10:39:33 -0000 This is the specific IESG comment: HIP defines the usage of RSA in signing and encrypting data. Current recommendations propose usage of, for example, RSA OAEP/PSS for these operations in new protocols. Changing the algorithms to more current best practice should be considered. RFC 4055 defines RSASSA-PSS and RSAES-OAEP keys. Were these ever discussed= /considered as HIP key formats? This might be addressed by defining these = as new algorithms in 5201-bis. If someone with expertise on this topic cou= ld clarify what is needed to address this comment, or could provide a point= er to how other IETF standards have addressed this, I would appreciate it. = Otherwise, I will try to sketch out a proposed solution. - Tom From mkomu@cs.hut.fi Thu Mar 22 04:28:10 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAB3721F8673 for ; Thu, 22 Mar 2012 04:28:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.569 X-Spam-Level: X-Spam-Status: No, score=-6.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q9-ms+LODuGg for ; Thu, 22 Mar 2012 04:28:10 -0700 (PDT) Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by ietfa.amsl.com (Postfix) with ESMTP id 2031021F865A for ; Thu, 22 Mar 2012 04:28:09 -0700 (PDT) Received: from hutcs.cs.hut.fi ([130.233.192.10] helo=[127.0.0.1]) by mail.cs.hut.fi with esmtp (Exim 4.54) id 1SAgBc-0002AL-GF for hipsec@ietf.org; Thu, 22 Mar 2012 13:28:08 +0200 Message-ID: <4F6B0CC7.5060703@cs.hut.fi> Date: Thu, 22 Mar 2012 13:28:07 +0200 From: Miika Komu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120310 Thunderbird/11.0 MIME-Version: 1.0 To: hip WG References: <7CC566635CFE364D87DC5803D4712A6C4CF3D4B715@XCH-NW-10V.nw.nos.boeing.com> <758141CC3D829043A8C3164DD3D593EA1BCC77C4D2@XCH-NW-16V.nw.nos.boeing.com> In-Reply-To: <758141CC3D829043A8C3164DD3D593EA1BCC77C4D2@XCH-NW-16V.nw.nos.boeing.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Hipsec] RFC5201-bis status X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2012 11:28:10 -0000 Hi, On 03/22/2012 12:38 PM, Henderson, Thomas R wrote: >> #33 reusing DH public values > Tobias has proposed text here:http://trac.tools.ietf.org/wg/hip/trac/ticket/33 > > Are there any comments or should we adopt the proposed text and close this issue? > >> > #35 Limiting ECC to co-factor of 1 > Bob has proposed text here:http://trac.tools.ietf.org/wg/hip/trac/ticket/35 > > Are there any comments or should we adopt the proposed text and close this issue? I am not an expert on the topic, but proposals seem fine to me.