From darren.lissimore@gmail.com Tue Jun 12 13:50:00 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B44C11E8073 for ; Tue, 12 Jun 2012 13:50:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2b-HQPECsY3 for ; Tue, 12 Jun 2012 13:49:59 -0700 (PDT) Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id 44BCE21F86B1 for ; Tue, 12 Jun 2012 13:49:59 -0700 (PDT) Received: by lagv3 with SMTP id v3so5616194lag.31 for ; Tue, 12 Jun 2012 13:49:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=kUGeLJh4ElaxxWQB0SWm8KirnGKyWYKfygbe/nbxyC8=; b=DU+F6AtlHCdwtUtNQFR1QK1PCvFwRQimvdhZae5njJQsU6mWTyLPUVMWJawrhz+wR/ xUscqTMf/qwBg5eORIlshhnoofZbhTiOrHBwS1starygdr3BZPaAtdxVinP8cwiG3NWm vTsM9+44yzG96UL0PfJqgeylQW6TrZscj+ZoRSSF6f/5WdLFQrFmnW2LjBWKzaeD1hRy DKRldMgN8brbgFdRNQd03q4HeKb/cb6H3kid5EacinkjP0mudTGhtu27NK25/pWQMK/9 zuDxEX24bio59t2k5tdwrWvlz5HZ300IOxcadx3+o9R0UhVw2+FvK4p6TBclHHSWtlhN Zotw== MIME-Version: 1.0 Received: by 10.152.144.168 with SMTP id sn8mr22113881lab.1.1339534198035; Tue, 12 Jun 2012 13:49:58 -0700 (PDT) Received: by 10.112.109.5 with HTTP; Tue, 12 Jun 2012 13:49:58 -0700 (PDT) Date: Tue, 12 Jun 2012 13:49:58 -0700 Message-ID: From: Darren Lissimore To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [Hipsec] Noticed a 2012 patent application with respect to HIP and HIT handling -- has patent sillyness started for HIP? X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2012 20:50:00 -0000 Ran across this patent application while looking for a HIP reference, http://www.freepatentsonline.com/y2012/0072513.html pertains to new HIT delivery. Hope this is not the start of patent sillyness for all things HIP related. Anyone seen this can care to comment? Darren ----------------------------------------------------------- D. Lissimore=A0 =A0 =A0 =A0 =A0 =A0=A0 Cell: 778-387-4039 http://www.darrenlissimore.com Skype: darrenlissimore ----------------------------------------------------------- This communication is intended for the use of the recipient to which it is addressed, and may contain confidential, personal, and or privileged information. Please contact the sender immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communication received in error, or subsequent reply, should be deleted or destroyed. From mkomu@cs.hut.fi Tue Jun 12 22:00:01 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3448521F852C for ; Tue, 12 Jun 2012 22:00:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U6sLDPo9B+X8 for ; Tue, 12 Jun 2012 22:00:00 -0700 (PDT) Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by ietfa.amsl.com (Postfix) with ESMTP id D307221F8661 for ; Tue, 12 Jun 2012 21:59:59 -0700 (PDT) Received: from hutcs.cs.hut.fi ([130.233.192.10] helo=[127.0.0.1]) by mail.cs.hut.fi with esmtp (Exim 4.54) id 1SefgU-0007BA-2R for hipsec@ietf.org; Wed, 13 Jun 2012 07:59:58 +0300 Message-ID: <4FD81E4E.6000408@cs.hut.fi> Date: Wed, 13 Jun 2012 07:59:58 +0300 From: Miika Komu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: hip WG References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Hipsec] Noticed a 2012 patent application with respect to HIP and HIT handling -- has patent sillyness started for HIP? X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2012 05:00:01 -0000 Hi, althought the patent does not mention privacy, the patent appears to be about changing the HITs (not really about IP addresses). This further points out to the sketchy UPDATE portion of blind-based privacy: http://tools.ietf.org/html/draft-zhang-hip-privacy-protection-03#section-4.2 I should note that there's predating related prior art on changing HITs from 2004: http://hipl.infrahip.net/papers/appmob.pdf "Application Mobility with HIP": Teemu Koponen, Andrei Gurtov, Pekka Nikander On 06/12/2012 11:49 PM, Darren Lissimore wrote: > Ran across this patent application while looking for a HIP reference, > > http://www.freepatentsonline.com/y2012/0072513.html > > pertains to new HIT delivery. > > Hope this is not the start of patent sillyness for all things HIP related. > > Anyone seen this can care to comment? > > > Darren > ----------------------------------------------------------- > D. Lissimore Cell: 778-387-4039 > http://www.darrenlissimore.com > Skype: darrenlissimore > ----------------------------------------------------------- > This communication is intended for the use of the recipient to which > it is addressed, and may contain confidential, personal, and or > privileged information. Please contact the sender immediately if you > are not the intended recipient of this communication, and do not copy, > distribute, or take action relying on it. Any communication received > in error, or subsequent reply, should be deleted or destroyed. > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From hannes.tschofenig@gmx.net Wed Jun 13 04:40:11 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C1E621F865F for ; Wed, 13 Jun 2012 04:40:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.166 X-Spam-Level: X-Spam-Status: No, score=-102.166 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o0RhMsjpt-tV for ; Wed, 13 Jun 2012 04:40:08 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 1FF0821F865C for ; Wed, 13 Jun 2012 04:40:07 -0700 (PDT) Received: (qmail invoked by alias); 13 Jun 2012 11:40:06 -0000 Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.102]) [88.115.216.191] by mail.gmx.net (mp027) with SMTP; 13 Jun 2012 13:40:06 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX1/y4PA/bQvyrIasNiuylZdmdILTAkiz9Ot7CDeL2e cwZbKmqRZvz7Lv Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: <4FD81E4E.6000408@cs.hut.fi> Date: Wed, 13 Jun 2012 14:40:02 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <589134F7-A153-451C-A4F0-8129E9C322B9@gmx.net> References: <4FD81E4E.6000408@cs.hut.fi> To: Miika Komu X-Mailer: Apple Mail (2.1084) X-Y-GMX-Trusted: 0 Cc: hip WG Subject: Re: [Hipsec] Noticed a 2012 patent application with respect to HIP and HIT handling -- has patent sillyness started for HIP? X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2012 11:40:11 -0000 The subject header of the message says: "has patent sillyness started = for HIP"?=20 --> If you only search for Pekka Nikander in the patent archive you will = find lots of patents on HIP.=20 So, the answer is "yes" and a long time ago already.=20 Regarding your assessment of the patent you need to know that it does = not matter whether you think a patent is valid or not the opinion of a = judge matters in a patent dispute. Ciao Hannes On Jun 13, 2012, at 7:59 AM, Miika Komu wrote: > Hi, >=20 > althought the patent does not mention privacy, the patent appears to = be about changing the HITs (not really about IP addresses). This further = points out to the sketchy UPDATE portion of blind-based privacy: >=20 > = http://tools.ietf.org/html/draft-zhang-hip-privacy-protection-03#section-4= .2 >=20 > I should note that there's predating related prior art on changing = HITs from 2004: >=20 > http://hipl.infrahip.net/papers/appmob.pdf >=20 > "Application Mobility with HIP": Teemu Koponen, Andrei Gurtov, Pekka = Nikander >=20 > On 06/12/2012 11:49 PM, Darren Lissimore wrote: >> Ran across this patent application while looking for a HIP reference, >>=20 >> http://www.freepatentsonline.com/y2012/0072513.html >>=20 >> pertains to new HIT delivery. >>=20 >> Hope this is not the start of patent sillyness for all things HIP = related. >>=20 >> Anyone seen this can care to comment? >>=20 >>=20 >> Darren >> ----------------------------------------------------------- >> D. Lissimore Cell: 778-387-4039 >> http://www.darrenlissimore.com >> Skype: darrenlissimore >> ----------------------------------------------------------- >> This communication is intended for the use of the recipient to which >> it is addressed, and may contain confidential, personal, and or >> privileged information. Please contact the sender immediately if you >> are not the intended recipient of this communication, and do not = copy, >> distribute, or take action relying on it. Any communication received >> in error, or subsequent reply, should be deleted or destroyed. >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec >=20 > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From thomas.r.henderson@boeing.com Mon Jun 18 23:07:10 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C2FC11E8095 for ; Mon, 18 Jun 2012 23:07:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.474 X-Spam-Level: X-Spam-Status: No, score=-102.474 tagged_above=-999 required=5 tests=[AWL=0.126, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pn-SQHG5lqw2 for ; Mon, 18 Jun 2012 23:07:09 -0700 (PDT) Received: from blv-mbsout-01.boeing.com (blv-mbsout-01.boeing.com [130.76.32.231]) by ietfa.amsl.com (Postfix) with ESMTP id 661F011E8073 for ; Mon, 18 Jun 2012 23:07:09 -0700 (PDT) Received: from blv-mbsout-01.boeing.com (localhost.localdomain [127.0.0.1]) by blv-mbsout-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id q5J67SbV000573 for ; Mon, 18 Jun 2012 23:07:28 -0700 Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.16.37]) by blv-mbsout-01.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id q5J67RXE000565 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 18 Jun 2012 23:07:27 -0700 Received: from blv-av-01.boeing.com (localhost.localdomain [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q5J678AB025614 for ; Mon, 18 Jun 2012 23:07:08 -0700 Received: from XCH-NWHT-05.nw.nos.boeing.com (xch-nwht-05.nw.nos.boeing.com [130.247.25.109]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q5J678OL025611 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Mon, 18 Jun 2012 23:07:08 -0700 Received: from XCH-NW-16V.nw.nos.boeing.com ([130.247.25.238]) by XCH-NWHT-05.nw.nos.boeing.com ([130.247.25.109]) with mapi; Mon, 18 Jun 2012 23:07:08 -0700 From: "Henderson, Thomas R" To: HIP Date: Mon, 18 Jun 2012 23:07:07 -0700 Thread-Topic: [Hipsec] rfc5201-bis issue 29: Use different RSA mode OAEP/PSS Thread-Index: Ac0cao7fKg4vLJIcTbG2IB7VXw9SoQAtCW8gDDCVBjA= Message-ID: <758141CC3D829043A8C3164DD3D593EA1BD324E0A6@XCH-NW-16V.nw.nos.boeing.com> References: <758141CC3D829043A8C3164DD3D593EA1BCC77C4D3@XCH-NW-16V.nw.nos.boeing.com> <758141CC3D829043A8C3164DD3D593EA1BD24C86A9@XCH-NW-16V.nw.nos.boeing.com> In-Reply-To: <758141CC3D829043A8C3164DD3D593EA1BD24C86A9@XCH-NW-16V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-TM-AS-MML: No Subject: Re: [Hipsec] rfc5201-bis issue 29: Use different RSA mode OAEP/PSS X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 06:07:10 -0000 This message picks up a thread from April regarding one of our last remaini= ng open issues against RFC5201-bis. I started some discussion on the crypto-forum research group (CFRG) list ab= out how to handle this comment from RFC 5201: HIP defines the usage of RSA in signing and encrypting data. Current recommendations propose usage of, for example, RSA OAEP/PSS for these operations in new protocols. Changing the algorithms to more current best practice should be considered. There were a few suggestions offered specific to RSA OAEP/PSS. In the cour= se of the discussion, some other suggestions were made. I'll try to summar= ize below. For the keys used in HIP, RFC5201bis specifies these types: DSA 3 [RFC2536] (RECOMMENDED) RSA 5 [RFC3110] (REQUIRED) ECDSA 7 [RFC4754] (RECOMMENDED) ECDSA_LOW 9 [SECG] (RECOMMENDED) The feedback that I received was to follow NIST 800-131A on key strength re= garding all of these key types, and to consider not using ECDSA_LOW. There= was also a suggestion to elevate ECDSA to REQUIRED, to encourage movement = to that key type. I believe that we'd like to retain ECDSA_LOW, suitably c= aveated ("defined for devices with low computational capabilities"). For D= SA, we could replace the existing reference to a reference to FIPS 186-3 an= d also reference RFC 5114 section 2.3 with 2048-bit subgroups for use with = SHA2-256. Any opinions on either clarifying these constraints on DSA keys,= or dropping their support entirely? I am somewhat neutral about elevating= ECDSA to REQUIRED, but might lean towards accepting the CFRG suggestion he= re; would this cause anyone any pain? For RSA signature padding, the RSAASA-PSS [RFC3447] should replace the refe= rence to RFC3110 above, and explicitly state that PSS instead of PKCS1.5 pa= dding is used. I am not sure whether we need to state anything about paddi= ng for other key types; suggestions on this point would be helpful. Regarding OAEP, currently HIP specifies these ciphers for use in the ENCRYP= TED parameter (used to encrypt small blocks of data): AES-128-CBC 2 ([RFC3602]) required 3DES-CBC 3 ([RFC2451]) AES-256-CBC 4 ([RFC3602]) One piece of feedback was a recommendation to drop 3DES-CBC altogether; any= concern about that? I believe that the IESG note is suggesting to support RSA-OAEP here (RFC 40= 55). OEAP is an RSA public key-based encryption (used for key transport bu= t also for small blocks of data), while the AES-CBC ciphers are based on th= e symmetric keys drawn from the keymat. I believe we could handle this co= mment a few ways: 1) we could choose to not adopt this method, since we have symmetric keys a= vailable, and stick with AES-CBC only 2) we could add RSA-OAEP (RFC 4055) as either optional or required 3) we could also consider ECIES if we are considering RSA-OAEP, to provide = similar capability for EC keys; this was also suggested on the CFRG list I did not sense that there was a strong opinion on what to do here, other t= han agreeing that RSA-OAEP would be a good fit for this ENCRYPTED parameter= function. Any other opinions from the HIP list? - Tom > -----Original Message----- > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On > Behalf Of Henderson, Thomas R > Sent: Tuesday, April 17, 2012 9:53 PM > To: 'Tobias Heer' > Cc: HIP > Subject: Re: [Hipsec] rfc5201-bis issue 29: Use different RSA mode > OAEP/PSS >=20 >=20 >=20 > > -----Original Message----- > > From: Tobias Heer [mailto:heer@cs.rwth-aachen.de] > > Sent: Tuesday, April 17, 2012 12:20 AM > > To: Henderson, Thomas R > > Cc: HIP > > Subject: Re: [Hipsec] rfc5201-bis issue 29: Use different RSA mode > > OAEP/PSS > > > > Hi, > > > > Am 22.03.2012 um 11:39 schrieb Henderson, Thomas R: > > > > > This is the specific IESG comment: > > > > > > HIP defines the usage of RSA in signing and encrypting data. > > Current > > > recommendations propose usage of, for example, RSA OAEP/PSS for > > these > > > operations in new protocols. Changing the algorithms to more > > current > > > best practice should be considered. > > > > > > RFC 4055 defines RSASSA-PSS and RSAES-OAEP keys. Were these ever > > discussed/considered as HIP key formats? > > I cannot remember any discussion related to this. > > > > > This might be addressed by defining these as new algorithms in > 5201- > > bis. > > I agree. One could easily define a new suite. We could do that now or > > on demand. We need a new suite anyway to stay somewhat compatible > with > > the existing HIP implementations. >=20 > Since there were no other comments, I will try to move this forward by > generating a text proposal. >=20 > - Tom > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From internet-drafts@ietf.org Wed Jun 20 03:57:44 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51E3B21F8754; Wed, 20 Jun 2012 03:57:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sw6Pu21pKJHg; Wed, 20 Jun 2012 03:57:43 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B3E821F86EA; Wed, 20 Jun 2012 03:57:43 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.20 Message-ID: <20120620105743.29166.88798.idtracker@ietfa.amsl.com> Date: Wed, 20 Jun 2012 03:57:43 -0700 Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-03.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2012 10:57:44 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Host Identity Protocol Working Group of t= he IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Author(s) : Ari Keranen Jan Melen Filename : draft-ietf-hip-native-nat-traversal-03.txt Pages : 15 Date : 2012-06-20 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-03 A diff from previous version is available at: http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-hip-native-nat-traversal-03 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From ari.keranen@nomadiclab.com Wed Jun 20 06:07:23 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C87A21F8724 for ; Wed, 20 Jun 2012 06:07:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCxqFkhK0tGW for ; Wed, 20 Jun 2012 06:07:22 -0700 (PDT) Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by ietfa.amsl.com (Postfix) with ESMTP id A367A21F875E for ; Wed, 20 Jun 2012 06:07:21 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 27F494E6E6 for ; Wed, 20 Jun 2012 16:07:20 +0300 (EEST) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6RlWFyL2rEc for ; Wed, 20 Jun 2012 16:07:19 +0300 (EEST) Received: from n212.nomadiclab.com (localhost [IPv6:::1]) by gw.nomadiclab.com (Postfix) with ESMTPSA id EC4B24E679 for ; Wed, 20 Jun 2012 16:07:18 +0300 (EEST) Message-ID: <4FE1CB05.3090802@nomadiclab.com> Date: Wed, 20 Jun 2012 16:07:17 +0300 From: Ari Keranen User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: hipsec@ietf.org References: <20120620105743.29166.88798.idtracker@ietfa.amsl.com> In-Reply-To: <20120620105743.29166.88798.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-03.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2012 13:07:23 -0000 FYI, this was just a keep-alive update. Once the 5201, 5202, and 5203 bis drafts are more mature, we're planning to do an update on this too. Cheers, Ari On 6/20/12 1:57 PM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Host Identity Protocol Working Group of the IETF. > > Title : Native NAT Traversal Mode for the Host Identity Protocol > Author(s) : Ari Keranen > Jan Melen > Filename : draft-ietf-hip-native-nat-traversal-03.txt > Pages : 15 > Date : 2012-06-20 > > Abstract: > This document specifies a new Network Address Translator (NAT) > traversal mode for the Host Identity Protocol (HIP). The new mode is > based on the Interactive Connectivity Establishment (ICE) methodology > and UDP encapsulation of data and signaling traffic. The main > difference from the previously specified modes is the use of HIP > messages for all NAT traversal procedures. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-03 > > A diff from previous version is available at: > http://tools.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-03 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From gonzalo.camarillo@ericsson.com Tue Jun 26 01:15:31 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18D6B21F8597 for ; Tue, 26 Jun 2012 01:15:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.12 X-Spam-Level: X-Spam-Status: No, score=-106.12 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r8T-p5Kmwroe for ; Tue, 26 Jun 2012 01:15:30 -0700 (PDT) Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id BCE2B21F84FD for ; Tue, 26 Jun 2012 01:15:29 -0700 (PDT) X-AuditID: c1b4fb2d-b7fc66d000006fdc-2f-4fe96fa0a653 Received: from esessmw0247.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 44.F9.28636.0AF69EF4; Tue, 26 Jun 2012 10:15:28 +0200 (CEST) Received: from [131.160.126.150] (153.88.115.8) by esessmw0247.eemea.ericsson.se (153.88.115.94) with Microsoft SMTP Server id 8.3.264.0; Tue, 26 Jun 2012 10:15:28 +0200 Message-ID: <4FE96F9F.3090800@ericsson.com> Date: Tue, 26 Jun 2012 11:15:27 +0300 From: Gonzalo Camarillo User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: HIP X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrPJMWRmVeSWpSXmKPExsUyM+Jvre6C/Jf+BvsalSymLprM7MDosWTJ T6YAxigum5TUnMyy1CJ9uwSujI9PZjMVrGOqWDHtCXMD40vGLkZODgkBE4mel5NZIGwxiQv3 1rN1MXJxCAmcYpT49riTFcJZyyjxuvEHWBWvgLbEq6knWEFsFgFVifMPeplAbDYBC4ktt+6D 1YgKBEvM674JVS8ocXLmEzBbREBSoufuUjBbWEBaYmLLDSaIzZIS99pXs4HYzAJ6ElOutjBC 2PIS29/OYQaxhYD2Ln/WwjKBkX8WkrGzkLTMQtKygJF5FaNwbmJmTnq5oV5qUWZycXF+nl5x 6iZGYKAd3PJbdwfjqXMihxilOViUxHm5kvb7CwmkJ5akZqemFqQWxReV5qQWH2Jk4uCUamCc /FJxf58FS/pXoxMrssKb9wSabRHwufB+asDvHcvFH5j0rLp2v6Y4LvnjgiUTPdZMdryrUXE2 5LHtduYJvStmzDngI3ZINGaf+JMMfbUqvn+5F1sm7TdRWmn5x+XZDabMpMAqnT0NsuZi4pfj l1p3CU7azvIs5+esZUbbmEss/0h9mHTGzT9TiaU4I9FQi7moOBEABG4RpwICAAA= Subject: [Hipsec] Status of WG items X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 08:15:31 -0000 Folks, the list has been relatively quiet lately and the energy within this WG has also been quite low in general in the last months. Could the editors of all our WG items please let this mailing list know what the status of each document is and what the next steps are? Thanks, Gonzalo From thomas.r.henderson@boeing.com Tue Jun 26 11:06:21 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53FDB21F8530 for ; Tue, 26 Jun 2012 11:06:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.505 X-Spam-Level: X-Spam-Status: No, score=-102.505 tagged_above=-999 required=5 tests=[AWL=0.094, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FJ4-sXoWTikN for ; Tue, 26 Jun 2012 11:06:20 -0700 (PDT) Received: from slb-mbsout-01.boeing.com (slb-mbsout-01.boeing.com [130.76.64.128]) by ietfa.amsl.com (Postfix) with ESMTP id DCB7E21F852C for ; Tue, 26 Jun 2012 11:06:20 -0700 (PDT) Received: from slb-mbsout-01.boeing.com (localhost.localdomain [127.0.0.1]) by slb-mbsout-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id q5QI6KHY018779 for ; Tue, 26 Jun 2012 11:06:20 -0700 Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [130.247.228.54]) by slb-mbsout-01.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id q5QI6IiF018749 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 26 Jun 2012 11:06:19 -0700 Received: from stl-av-01.boeing.com (localhost.localdomain [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q5QI6IT7006933; Tue, 26 Jun 2012 13:06:18 -0500 Received: from XCH-NWHT-07.nw.nos.boeing.com (xch-nwht-07.nw.nos.boeing.com [130.247.25.111]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q5QI6H3f006690 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Tue, 26 Jun 2012 13:06:18 -0500 Received: from XCH-NW-16V.nw.nos.boeing.com ([130.247.25.238]) by XCH-NWHT-07.nw.nos.boeing.com ([130.247.25.111]) with mapi; Tue, 26 Jun 2012 11:06:17 -0700 From: "Henderson, Thomas R" To: "'Gonzalo Camarillo'" , HIP Date: Tue, 26 Jun 2012 11:06:17 -0700 Thread-Topic: [Hipsec] Status of WG items Thread-Index: Ac1Tc+P4n0n+vMTjQxmGyxV2yH1l0AAT+ZPA Message-ID: <758141CC3D829043A8C3164DD3D593EA1BD324E110@XCH-NW-16V.nw.nos.boeing.com> References: <4FE96F9F.3090800@ericsson.com> In-Reply-To: <4FE96F9F.3090800@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-TM-AS-MML: No Subject: Re: [Hipsec] Status of WG items X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 18:06:21 -0000 Gonzalo, I'm the editor of 5206-bis (mobility), which recently expired. There are 1= 3 issues in the tracker, and I've been letting them sit for now in an effor= t to get the first batch of WG documents ready for WGLC (namely, 4423, 4843= , 5201, and 5202). I'll turn my attention back to 5206-bis open issues onc= e we get at least 4843, 5201, and 5202 done. I'm also a co-author on 5201-bis. We have only three open issues on that d= raft, one of which is to align 4843-bis with 5201-bis, and the other two pe= rtaining to some cryptography issues that seem close to being resolved. I = will post some suggested text to the list for these two items. I believe that we are close now to being able to request a WGLC on 4843, 52= 01, and 5202 bis documents, and I'd like to see that happen before the Vanc= ouver meeting. - Tom > -----Original Message----- > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On > Behalf Of Gonzalo Camarillo > Sent: Tuesday, June 26, 2012 1:15 AM > To: HIP > Subject: [Hipsec] Status of WG items >=20 > Folks, >=20 > the list has been relatively quiet lately and the energy within this WG > has also been quite low in general in the last months. Could the > editors of all our WG items please let this mailing list know what the > status of each document is and what the next steps are? >=20 > Thanks, >=20 > Gonzalo >=20 > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From heer@informatik.rwth-aachen.de Tue Jun 26 13:15:50 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DFA611E80DC for ; Tue, 26 Jun 2012 13:15:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.249 X-Spam-Level: X-Spam-Status: No, score=-6.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pMwnVovMMQYh for ; Tue, 26 Jun 2012 13:15:49 -0700 (PDT) Received: from mta-2.ms.rz.rwth-aachen.de (mta-2.ms.rz.rwth-aachen.de [134.130.7.73]) by ietfa.amsl.com (Postfix) with ESMTP id 8886411E80E0 for ; Tue, 26 Jun 2012 13:15:49 -0700 (PDT) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=ISO-8859-1; format=flowed Received: from mx-out-2.rwth-aachen.de ([134.130.5.187]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0M6800EM9QYAO3G0@mta-2.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Tue, 26 Jun 2012 22:15:46 +0200 (CEST) X-IronPort-AV: E=Sophos;i="4.77,480,1336341600"; d="scan'208";a="94327634" Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by mx-2.rz.rwth-aachen.de with ESMTP; Tue, 26 Jun 2012 22:15:46 +0200 Received: from [192.168.1.100] ([unknown] [77.2.94.181]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0M68003NMQY9W330@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Tue, 26 Jun 2012 22:15:46 +0200 (CEST) Message-id: <4FEA1876.900@cs.rwth-aachen.de> Date: Tue, 26 Jun 2012 22:15:50 +0200 From: Tobias Heer User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 To: hipsec@ietf.org References: <4FE96F9F.3090800@ericsson.com> <758141CC3D829043A8C3164DD3D593EA1BD324E110@XCH-NW-16V.nw.nos.boeing.com> In-reply-to: <758141CC3D829043A8C3164DD3D593EA1BD324E110@XCH-NW-16V.nw.nos.boeing.com> Cc: Julien Laganier Subject: Re: [Hipsec] Status of WG items X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 20:15:50 -0000 Hi, Am 26.06.2012 20:06, schrieb Henderson, Thomas R: > Gonzalo, > > I'm the editor of 5206-bis (mobility), which recently expired. There are 13 issues in the tracker, and I've been letting them sit for now in an effort to get the first batch of WG documents ready for WGLC (namely, 4423, 4843, 5201, and 5202). I'll turn my attention back to 5206-bis open issues once we get at least 4843, 5201, and 5202 done. > > I'm also a co-author on 5201-bis. We have only three open issues on that draft, one of which is to align 4843-bis with 5201-bis, and the other two pertaining to some cryptography issues that seem close to being resolved. I will post some suggested text to the list for these two items. > I agree with Tom. Only few issues remain for 5201-bis. All comments from the reviewers have been adressed and we are really close to finalizing the document. What remains open are the changes to the ORCHID document. Without these changes, 5201-bis is incomplete. However, these are minor changes and Julien already suggested text on the list. Therefore, I believe he can do these changes quickly. Tobias > I believe that we are close now to being able to request a WGLC on 4843, 5201, and 5202 bis documents, and I'd like to see that happen before the Vancouver meeting. > > - Tom > >> -----Original Message----- >> From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On >> Behalf Of Gonzalo Camarillo >> Sent: Tuesday, June 26, 2012 1:15 AM >> To: HIP >> Subject: [Hipsec] Status of WG items >> >> Folks, >> >> the list has been relatively quiet lately and the energy within this WG >> has also been quite low in general in the last months. Could the >> editors of all our WG items please let this mailing list know what the >> status of each document is and what the next steps are? >> >> Thanks, >> >> Gonzalo >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From thomas.r.henderson@boeing.com Tue Jun 26 22:10:27 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A40B711E8104 for ; Tue, 26 Jun 2012 22:10:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.524 X-Spam-Level: X-Spam-Status: No, score=-102.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wRvejwNQk9Zm for ; Tue, 26 Jun 2012 22:10:26 -0700 (PDT) Received: from slb-mbsout-02.boeing.com (slb-mbsout-02.boeing.com [130.76.64.129]) by ietfa.amsl.com (Postfix) with ESMTP id ACD8F11E8102 for ; Tue, 26 Jun 2012 22:10:26 -0700 (PDT) Received: from slb-mbsout-02.boeing.com (localhost.localdomain [127.0.0.1]) by slb-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id q5R5AP9H024439 for ; Tue, 26 Jun 2012 22:10:25 -0700 Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.128.218]) by slb-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id q5R5AOl6024436 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Tue, 26 Jun 2012 22:10:25 -0700 Received: from slb-av-01.boeing.com (localhost.localdomain [127.0.0.1]) by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q5R5APA6008470 for ; Tue, 26 Jun 2012 22:10:25 -0700 Received: from XCH-NWHT-04.nw.nos.boeing.com (xch-nwht-04.nw.nos.boeing.com [130.247.64.250]) by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q5R5AOeO008459 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Tue, 26 Jun 2012 22:10:25 -0700 Received: from XCH-NW-16V.nw.nos.boeing.com ([130.247.25.238]) by XCH-NWHT-04.nw.nos.boeing.com ([130.247.64.250]) with mapi; Tue, 26 Jun 2012 22:10:24 -0700 From: "Henderson, Thomas R" To: HIP Date: Tue, 26 Jun 2012 22:10:24 -0700 Thread-Topic: [Hipsec] rfc5201-bis issue 29: Use different RSA mode OAEP/PSS Thread-Index: Ac0cao7fKg4vLJIcTbG2IB7VXw9SoQAtCW8gDDCVBjABj7+r8A== Message-ID: <758141CC3D829043A8C3164DD3D593EA1BD324E11C@XCH-NW-16V.nw.nos.boeing.com> References: <758141CC3D829043A8C3164DD3D593EA1BCC77C4D3@XCH-NW-16V.nw.nos.boeing.com> <758141CC3D829043A8C3164DD3D593EA1BD24C86A9@XCH-NW-16V.nw.nos.boeing.com> <758141CC3D829043A8C3164DD3D593EA1BD324E0A6@XCH-NW-16V.nw.nos.boeing.com> In-Reply-To: <758141CC3D829043A8C3164DD3D593EA1BD324E0A6@XCH-NW-16V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-TM-AS-MML: No Subject: Re: [Hipsec] rfc5201-bis issue 29: Use different RSA mode OAEP/PSS X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 05:10:27 -0000 Regarding this open issue, which I posted about on June 18 [*], I propose t= he following changes to the RFC 5201-bis text: 1) Section 3 OLD TEXT: HIP implementations MUST support the Rivest Shamir Adelman (RSA) [RFC3110] public key algorithm, and SHOULD support the Digital Signature Algorithm (DSA) [RFC2536] algorithms, and Elliptic Curve Digital Signature Algorithm (ECDSA) for generating the HI as defined in Section 5.2.9. Additional algorithms MAY be supported. NEW TEXT: HIP implementations MUST support the Rivest Shamir Adelman (RSA) [RFC3110] public key algorithm and Elliptic Curve Digital Signature Algorithm (ECDSA) for generating the HI as defined in Section 5.2.9. Additional algorithms MAY be supported. 2) Section 5.2.8, HIP cipher OLD TEXT: The following Cipher IDs are defined: Suite ID Value RESERVED 0 NULL-ENCRYPT 1 ([RFC2410]) AES-128-CBC 2 ([RFC3602]) 3DES-CBC 3 ([RFC2451]) AES-256-CBC 4 ([RFC3602]) NEW TEXT: The following Cipher IDs are defined: Suite ID Value RESERVED 0 NULL-ENCRYPT 1 ([RFC2410]) AES-128-CBC 2 ([RFC3602]) DEPRECATED 3 =20 AES-256-CBC 4 ([RFC3602]) 3) Section 5.2.9, Host Id: OLD TEXT: =20 The following HI Algorithms have been defined: Algorithm profiles Values RESERVED 0 DSA 3 [RFC2536] (RECOMMENDED) RSA 5 [RFC3110] (REQUIRED) ECDSA 7 [RFC4754] (RECOMMENDED) ECDSA_LOW 9 [SECG] (RECOMMENDED) NEW TEXT: The following HI Algorithms have been defined: Algorithm profiles Values RESERVED 0 DSA 3 [FIPS 186-3] (OPTIONAL) RSA 5 [RFC3447] (REQUIRED) ECDSA 7 [RFC4754] (REQUIRED) ECDSA_LOW 9 [SECG] (RECOMMENDED) For DSA, RSA, and ECDSA key types, profiles containing at least 112 bits of security strength (as defined by [NIST SP 800-131A]) should be used. For RSA signature padding, the PSS method of padding [RFC3447] MUST be used. ------------ Note, I decided not to bother with adding OEAP or ECIES to the cipher list,= since we already have symmetric keys available and the ENCRYPTED parameter= is lightly used. If someone would like to support it in addition to AES-C= BC, please propose a specific text proposal. - Tom [*] http://www.ietf.org/mail-archive/web/hipsec/current/msg03551.html From thomas.r.henderson@boeing.com Tue Jun 26 22:19:56 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B572611E8108 for ; Tue, 26 Jun 2012 22:19:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.536 X-Spam-Level: X-Spam-Status: No, score=-102.536 tagged_above=-999 required=5 tests=[AWL=0.063, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UHc1I3CY0yQg for ; Tue, 26 Jun 2012 22:19:55 -0700 (PDT) Received: from stl-mbsout-01.boeing.com (stl-mbsout-01.boeing.com [130.76.96.169]) by ietfa.amsl.com (Postfix) with ESMTP id 9208711E810C for ; Tue, 26 Jun 2012 22:19:54 -0700 (PDT) Received: from stl-mbsout-01.boeing.com (localhost.localdomain [127.0.0.1]) by stl-mbsout-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id q5R5Jr7x011200 for ; Wed, 27 Jun 2012 00:19:53 -0500 Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.16.37]) by stl-mbsout-01.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id q5R5JqBE011193 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Wed, 27 Jun 2012 00:19:53 -0500 Received: from blv-av-01.boeing.com (localhost.localdomain [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q5R5JqEl016351 for ; Tue, 26 Jun 2012 22:19:52 -0700 Received: from XCH-NWHT-10.nw.nos.boeing.com (xch-nwht-10.nw.nos.boeing.com [130.247.25.113]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q5R5JqZw016348 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Tue, 26 Jun 2012 22:19:52 -0700 Received: from XCH-NW-16V.nw.nos.boeing.com ([130.247.25.238]) by XCH-NWHT-10.nw.nos.boeing.com ([130.247.25.113]) with mapi; Tue, 26 Jun 2012 22:19:52 -0700 From: "Henderson, Thomas R" To: HIP Date: Tue, 26 Jun 2012 22:19:51 -0700 Thread-Topic: rfc5201-bis issue 35: limiting ECC cofactor to 1 Thread-Index: Ac1UJHnN+lenZjoJRWibWaFpgdeduw== Message-ID: <758141CC3D829043A8C3164DD3D593EA1BD324E11D@XCH-NW-16V.nw.nos.boeing.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-TM-AS-MML: No Subject: [Hipsec] rfc5201-bis issue 35: limiting ECC cofactor to 1 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 05:19:56 -0000 This was already proposed to the list a while back: http://www.ietf.org/mail-archive/web/hipsec/current/msg03462.html so I'd like to close this issue by adopting the proposed text; specifically= : 1) Section 5.2.7 (Diffie Hellman) OLD TEXT: The MODP Diffie-Hellman groups are defined in [RFC3526]. The ECDH groups 8 - 10 are defined in [RFC5903] and [RFC6090]. ECDH group 7 is covered in Appendix D. NEW TEXT: The MODP Diffie-Hellman groups are defined in [RFC3526]. The ECDH groups 7 - 9 are defined in [RFC5903] and [RFC6090]. ECDH group 10=20 is covered in Appendix D. Any ECDH used with HIP MUST have a=20 co-factor of 1. 2) Section 5.2.9 (HOST ID) OLD TEXT: ... For ECC we distinguish two different profiles: ECDSA and ECDSA_LOW. ECC contains curves approved by NIST and defined in RFC 4754 [RFC4754]. ECDSA_LOW is defined for devices with low computational capabilities and uses shorter curves from SECG [SECG]. ... For ECC we distinguish two different profiles: ECDSA and ECDSA_LOW. ECC contains curves approved by NIST and defined in RFC 4754 [RFC4754]. ECDSA_LOW is defined for devices with low computational capabilities and uses shorter curves from SECG [SECG]. Any ECDSA used with HIP MUST have a co-factor of 1. From gonzalo.camarillo@ericsson.com Wed Jun 27 00:07:07 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 951B321F85C0 for ; Wed, 27 Jun 2012 00:07:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.149 X-Spam-Level: X-Spam-Status: No, score=-106.149 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iYBIEpQNxm8B for ; Wed, 27 Jun 2012 00:07:07 -0700 (PDT) Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id 9C69621F8483 for ; Wed, 27 Jun 2012 00:07:05 -0700 (PDT) X-AuditID: c1b4fb2d-b7fc66d000006fdc-f1-4feab11848f2 Received: from esessmw0191.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 42.42.28636.811BAEF4; Wed, 27 Jun 2012 09:07:04 +0200 (CEST) Received: from [131.160.126.150] (153.88.115.8) by esessmw0191.eemea.ericsson.se (153.88.115.85) with Microsoft SMTP Server id 8.3.264.0; Wed, 27 Jun 2012 09:07:03 +0200 Message-ID: <4FEAB117.8070803@ericsson.com> Date: Wed, 27 Jun 2012 10:07:03 +0300 From: Gonzalo Camarillo User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: "Henderson, Thomas R" References: <4FE96F9F.3090800@ericsson.com> <758141CC3D829043A8C3164DD3D593EA1BD324E110@XCH-NW-16V.nw.nos.boeing.com> In-Reply-To: <758141CC3D829043A8C3164DD3D593EA1BD324E110@XCH-NW-16V.nw.nos.boeing.com> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLLMWRmVeSWpSXmKPExsUyM+Jvra7Exlf+Bq19ghZTF01mtpj24TyL A5PH74NvmD2WLPnJFMAUxWWTkpqTWZZapG+XwJXRdPoYW8FV3ordP96yNjB+4Opi5OSQEDCR mLHlJCuELSZx4d56ti5GLg4hgVOMErevfoJy1jJKfJy3kB2kildAW+L0/142EJtFQFXi8+rv jCA2m4CFxJZb91lAbFGBYIl53TdZIOoFJU7OfAJmiwhYSlz72QbWyywgKbF80y8wW1hAQ+L6 mx9gVwgJlEr8v3cVLM4pECax7uwcdojrJCXuta+G6tWTmHK1hRHClpfY/nYOM0SvtsTyZy0s ExiFZiFZPQtJyywkLQsYmVcxCucmZuaklxvqpRZlJhcX5+fpFaduYgQG8cEtv3V3MJ46J3KI UZqDRUmclytpv7+QQHpiSWp2ampBalF8UWlOavEhRiYOTqkGRrabV23CnX/o+93fGquvKhxf 6njlz3SOMrWscsWJPt9ORalH/V+xq9FuVvj7XeGPmXs8fpn2qZn5mn9VW/3uy9u65bJzm7cy dOyXmPL4beeU9twnd2fvZlq0X+VRHaNP5DJpgXzXRk2n+IVqF6MOzbL699ZTWdi60evi6ihZ GYZXqy7LL7GcqsRSnJFoqMVcVJwIAF/1Gg4wAgAA Cc: HIP Subject: Re: [Hipsec] Status of WG items X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 07:07:07 -0000 Hi Tom, thanks for the status update. Yes, we should be able to WGLC the main drafts as soon as they are ready. Cheers, Gonzalo On 26/06/2012 9:06 PM, Henderson, Thomas R wrote: > Gonzalo, > > I'm the editor of 5206-bis (mobility), which recently expired. There are 13 issues in the tracker, and I've been letting them sit for now in an effort to get the first batch of WG documents ready for WGLC (namely, 4423, 4843, 5201, and 5202). I'll turn my attention back to 5206-bis open issues once we get at least 4843, 5201, and 5202 done. > > I'm also a co-author on 5201-bis. We have only three open issues on that draft, one of which is to align 4843-bis with 5201-bis, and the other two pertaining to some cryptography issues that seem close to being resolved. I will post some suggested text to the list for these two items. > > I believe that we are close now to being able to request a WGLC on 4843, 5201, and 5202 bis documents, and I'd like to see that happen before the Vancouver meeting. > > - Tom > >> -----Original Message----- >> From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On >> Behalf Of Gonzalo Camarillo >> Sent: Tuesday, June 26, 2012 1:15 AM >> To: HIP >> Subject: [Hipsec] Status of WG items >> >> Folks, >> >> the list has been relatively quiet lately and the energy within this WG >> has also been quite low in general in the last months. Could the >> editors of all our WG items please let this mailing list know what the >> status of each document is and what the next steps are? >> >> Thanks, >> >> Gonzalo >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec From rene.hummen@informatik.rwth-aachen.de Fri Jun 29 02:02:04 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E5721F8733 for ; Fri, 29 Jun 2012 02:02:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.948 X-Spam-Level: X-Spam-Status: No, score=-5.948 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2mcVi7ysd3B for ; Fri, 29 Jun 2012 02:02:03 -0700 (PDT) Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.rwth-aachen.de [134.130.7.72]) by ietfa.amsl.com (Postfix) with ESMTP id 21B1D21F872D for ; Fri, 29 Jun 2012 02:02:02 -0700 (PDT) MIME-version: 1.0 Received: from mx-out-2.rwth-aachen.de ([134.130.5.187]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0M6D001FIFRCUH20@mta-1.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Fri, 29 Jun 2012 11:02:01 +0200 (CEST) X-IronPort-AV: E=Sophos;i="4.77,497,1336341600"; d="p7s'?scan'208,217";a="94702905" Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by mx-2.rz.rwth-aachen.de with ESMTP; Fri, 29 Jun 2012 11:02:01 +0200 Received: from 77-087.eduroam.rwth-aachen.de ([unknown] [134.61.77.87]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0M6D0021TFRCJG50@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Fri, 29 Jun 2012 11:02:00 +0200 (CEST) Content-type: multipart/signed; boundary="Apple-Mail=_DD466475-E1CF-4F48-9D83-485A2D989D96"; protocol="application/pkcs7-signature"; micalg=sha1 From: =?iso-8859-1?Q?Ren=E9_Hummen?= In-reply-to: <758141CC3D829043A8C3164DD3D593EA1BD324E11C@XCH-NW-16V.nw.nos.boeing.com> Date: Fri, 29 Jun 2012 11:02:09 +0200 Message-id: References: <758141CC3D829043A8C3164DD3D593EA1BCC77C4D3@XCH-NW-16V.nw.nos.boeing.com> <758141CC3D829043A8C3164DD3D593EA1BD24C86A9@XCH-NW-16V.nw.nos.boeing.com> <758141CC3D829043A8C3164DD3D593EA1BD324E0A6@XCH-NW-16V.nw.nos.boeing.com> <758141CC3D829043A8C3164DD3D593EA1BD324E11C@XCH-NW-16V.nw.nos.boeing.com> To: HIP WG X-Mailer: Apple Mail (2.1278) Subject: Re: [Hipsec] rfc5201-bis issue 29: Use different RSA mode OAEP/PSS X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2012 09:02:04 -0000 --Apple-Mail=_DD466475-E1CF-4F48-9D83-485A2D989D96 Content-Type: multipart/alternative; boundary="Apple-Mail=_42F2D6E3-0794-42C5-80D5-08468FCE417A" --Apple-Mail=_42F2D6E3-0794-42C5-80D5-08468FCE417A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 A few comments from my side in line. On 27.06.2012, at 06:10, Henderson, Thomas R wrote: > Regarding this open issue, which I posted about on June 18 [*], I = propose the following changes to the RFC 5201-bis text: >=20 > 1) Section 3 >=20 > OLD TEXT: >=20 > HIP implementations MUST support the Rivest Shamir Adelman (RSA) > [RFC3110] public key algorithm, and SHOULD support the Digital > Signature Algorithm (DSA) [RFC2536] algorithms, and Elliptic Curve > Digital Signature Algorithm (ECDSA) for generating the HI as defined > in Section 5.2.9. Additional algorithms MAY be supported. >=20 > NEW TEXT: >=20 > HIP implementations MUST support the Rivest Shamir Adelman (RSA) > [RFC3110] public key algorithm and Elliptic Curve > Digital Signature Algorithm (ECDSA) for generating the HI as defined > in Section 5.2.9. Additional algorithms MAY be supported. ECC libraries are available for most consumer-targeting platforms = nowadays. Examples are the relic-toolkit [1] and OpenSSL. Hence, I don't = see requiring both algorithms as a major concern. However: 1) What exactly are the practical implications of requiring both RSA and = ECDSA? 2) Resource-constrained devices may only support ECC crypto. Would it = make sense to move away from RSA as REQUIRED (seeing that ECC for = PC-grade platforms is widely available) or is this perceived as too = drastical of a measure? [1] http://code.google.com/p/relic-toolkit/ > 2) Section 5.2.8, HIP cipher >=20 > OLD TEXT: >=20 > The following Cipher IDs are defined: >=20 > Suite ID Value >=20 > RESERVED 0 > NULL-ENCRYPT 1 ([RFC2410]) > AES-128-CBC 2 ([RFC3602]) > 3DES-CBC 3 ([RFC2451]) > AES-256-CBC 4 ([RFC3602]) >=20 > NEW TEXT: >=20 > The following Cipher IDs are defined: >=20 > Suite ID Value >=20 > RESERVED 0 > NULL-ENCRYPT 1 ([RFC2410]) > AES-128-CBC 2 ([RFC3602]) > DEPRECATED 3 =20 > AES-256-CBC 4 ([RFC3602]) I agree. > 3) Section 5.2.9, Host Id: >=20 > OLD TEXT: =20 >=20 > The following HI Algorithms have been defined: >=20 > Algorithm > profiles Values >=20 > RESERVED 0 > DSA 3 [RFC2536] (RECOMMENDED) > RSA 5 [RFC3110] (REQUIRED) > ECDSA 7 [RFC4754] (RECOMMENDED) > ECDSA_LOW 9 [SECG] (RECOMMENDED) >=20 > NEW TEXT: >=20 > The following HI Algorithms have been defined: >=20 > Algorithm > profiles Values >=20 > RESERVED 0 > DSA 3 [FIPS 186-3] (OPTIONAL) > RSA 5 [RFC3447] (REQUIRED) > ECDSA 7 [RFC4754] (REQUIRED) > ECDSA_LOW 9 [SECG] (RECOMMENDED) >=20 > For DSA, RSA, and ECDSA key types, profiles containing at least 112 > bits of security strength (as defined by [NIST SP 800-131A]) should > be used. For RSA signature padding, the PSS method of padding > [RFC3447] MUST be used. >=20 > ------------ >=20 > Note, I decided not to bother with adding OEAP or ECIES to the cipher = list, since we already have symmetric keys available and the ENCRYPTED = parameter is lightly used. If someone would like to support it in = addition to AES-CBC, please propose a specific text proposal. The only use case for OEAP that I can see is if the I1 or R1 should = contain confidential information for some reason. Further ahead in the = handshake, I also don't see the need to use PK crypto for the ENCRYPTED = parameter as symmetric keys are already available at this point. = However, if an extension of HIP should need confidential information in = I1 or R1, it can specify this CIPHER_ID itself. Regards, Ren=E9 -- Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and Distributed Systems RWTH Aachen University, Germany tel: +49 241 80 21462 web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ --Apple-Mail=_42F2D6E3-0794-42C5-80D5-08468FCE417A Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1
Regarding this open = issue, which I posted about on June 18 [*], I propose the following = changes to the RFC 5201-bis text:

1) Section 3

OLD = TEXT:

  HIP implementations MUST support the Rivest = Shamir Adelman (RSA)
  [RFC3110] public key algorithm, and = SHOULD support the Digital
  Signature Algorithm (DSA) = [RFC2536] algorithms, and Elliptic Curve
  Digital = Signature Algorithm (ECDSA) for generating the HI as defined
=   in Section 5.2.9.  Additional algorithms MAY be = supported.

NEW TEXT:

  HIP implementations MUST = support the Rivest Shamir Adelman (RSA)
  [RFC3110] public = key algorithm and Elliptic Curve
  Digital Signature = Algorithm (ECDSA) for generating the HI as defined
  in = Section 5.2.9.  Additional algorithms MAY be = supported.

ECC libraries are = available for most consumer-targeting platforms nowadays. Examples are = the relic-toolkit [1] and OpenSSL. Hence, I don't see requiring both = algorithms as a major concern. However:
1) What exactly are = the practical implications of requiring both RSA and ECDSA?
2) = Resource-constrained devices may only support ECC crypto. Would it make = sense to move away from RSA as REQUIRED (seeing that ECC for PC-grade = platforms is widely available) or is this perceived as too drastical of = a measure?


2) Section = 5.2.8, HIP cipher

OLD TEXT:

  The following = Cipher IDs are defined:

=        Suite ID =           Value

=        RESERVED =           0
=        NULL-ENCRYPT =       1 =     ([RFC2410])
=        AES-128-CBC =        2 =     ([RFC3602])
=        3DES-CBC =           3 =     ([RFC2451])
=        AES-256-CBC =        4 =     ([RFC3602])

NEW TEXT:

=   The following Cipher IDs are defined:

=        Suite ID =           Value

=        RESERVED =           0
=        NULL-ENCRYPT =       1 =     ([RFC2410])
=        AES-128-CBC =        2 =     ([RFC3602])
=        DEPRECATED =         3 =     
=        AES-256-CBC =        4 =     ([RFC3602])

<= div>I agree.
3) Section 5.2.9, = Host Id:

OLD TEXT:  

  The following HI = Algorithms have been defined:

=        Algorithm
=        profiles =         Values

=        RESERVED =         0
=        DSA =             &n= bsp;3 [RFC2536] (RECOMMENDED)
=        RSA =             &n= bsp;5 [RFC3110] (REQUIRED)
=        ECDSA =            7 = [RFC4754] (RECOMMENDED)
=        ECDSA_LOW =        9 [SECG] =    (RECOMMENDED)

NEW TEXT:

  The = following HI Algorithms have been defined:

=        Algorithm
=        profiles =         Values

=        RESERVED =         0
=        DSA =             &n= bsp;3 [FIPS 186-3] (OPTIONAL)
=        RSA =             &n= bsp;5 [RFC3447]    (REQUIRED)
=        ECDSA =            7 = [RFC4754]    (REQUIRED)
=        ECDSA_LOW =        9 [SECG] =       (RECOMMENDED)

 For DSA, = RSA, and ECDSA key types, profiles containing at least 112
=  bits of security strength (as defined by [NIST SP 800-131A]) = should
 be used.  For RSA signature padding, the PSS = method of padding
 [RFC3447] MUST be = used.

------------

Note, I decided not to bother with = adding OEAP or ECIES to the cipher list, since we already have symmetric = keys available and the ENCRYPTED parameter is lightly used.  If = someone would like to support it in addition to AES-CBC, please propose = a specific text proposal.

The only = use case for OEAP that I can see is if the I1 or R1 should contain = confidential information for some reason. Further ahead in the = handshake, I also don't see the need to use PK crypto for the ENCRYPTED = parameter as symmetric keys are already available at this point. = However, if an extension of HIP should need confidential information in = I1 or R1, it can specify this CIPHER_ID = itself.

Regards,
Ren=E9



--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of = Communication and Distributed Systems
RWTH Aachen University, = Germany
tel: +49 241 80 21462
web: http://www.com= sys.rwth-aachen.de/team/rene-hummen/

= --Apple-Mail=_42F2D6E3-0794-42C5-80D5-08468FCE417A-- --Apple-Mail=_DD466475-E1CF-4F48-9D83-485A2D989D96 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIN7zCCBCEw ggMJoAMCAQICAgDHMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNEZXV0 c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQD ExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAeFw0wNjEyMTkxMDI5MDBaFw0xOTA2MzAyMzU5 MDBaMFoxCzAJBgNVBAYTAkRFMRMwEQYDVQQKEwpERk4tVmVyZWluMRAwDgYDVQQLEwdERk4tUEtJ MSQwIgYDVQQDExtERk4tVmVyZWluIFBDQSBHbG9iYWwgLSBHMDEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDpm8NnhfkNrvWNVMOWUDU9YuluTO2U1wBblSJ01CDrNI/W7MAxBAuZgeKm FNJSoCgjhIt0iQReW+DieMF4yxbLKDU5ey2QRdDtoAB6fL9KDhsAw4bpXCsxEXsM84IkQ4wcOItq aACa7txPeKvSxhObdq3u3ibo7wGvdA/BCaL2a869080UME/15eOkyGKbghoDJzANAmVgTe3RCSMq ljVYJ9N2xnG2kB3E7f81hn1vM7PbD8URwoqDoZRdQWvY0hD1TP3KUazZve+Sg7va64sWVlZDz+HV Ez2mHycwzUlU28kTNJpxdcVs6qcLmPkhnSevPqM5OUhqjK3JmfvDEvK9AgMBAAGjgdkwgdYwcAYD VR0fBGkwZzBloGOgYYZfaHR0cDovL3BraS50ZWxlc2VjLmRlL2NnaS1iaW4vc2VydmljZS9hZl9E b3dubG9hZEFSTC5jcmw/LWNybF9mb3JtYXQ9WF81MDkmLWlzc3Vlcj1EVF9ST09UX0NBXzIwHQYD VR0OBBYEFEm3xs/oPR9/6kR7Eyn38QpwPt5kMB8GA1UdIwQYMBaAFDHDeRu69VPXF+CJei0XbAqz K50zMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMA0GCSqGSIb3DQEBBQUAA4IB AQA74Vp3wEgX3KkY7IGvWonwvSiSpspZGBJw7Cjy565/lizn8l0ZMfYTK3S9vYCyufdnyTmieTvh ERHua3iRM347XyYndVNljjNj7s9zw7CSI0khUHUjoR8Y4pSFPT8z6XcgjaK95qGFKUD2P3MyWA0J a6bahWzAP7uNZmRWJE6uDT8yNQFb6YyC2XJZT7GGhfF0hVblw/hc843uR7NTBXDn5U2KaYMo4RMJ hp5eyOpYHgwf+aTUWgRo/Sg+iwK2WLX2oSw3VwBnqyNojWOl75lrXP1LVvarQIc01BGSbOyHxQoL BzNytG8MHVQs2FHHzL8w00Ny8TK/jM5JY6gA9/IcMIIE2jCCA8KgAwIBAgIEDuQh4zANBgkqhkiG 9w0BAQUFADBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldUSCBBYWNoZW4xFzAVBgNVBAMTDlJX VEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3RoLWFhY2hlbi5kZTAeFw0wOTEwMDEx MjQ1MDdaFw0xMjA5MzAxMjQ1MDdaMDkxCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtSV1RIIEFhY2hl bjEUMBIGA1UEAxMLUmVuZSBIdW1tZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw KpV77WtQa3ZIx+dWRTgR8wxSUsQoSEY2Do5wNPJ/m3hO3P7e8FfVKSaTimKHvRPiRvCX+HW2ldMA f33GWtJTrN6hbSHzQTpq84uQOp/R8ad094wdKbenITaOWISEAjymgA0gS1RpvxaOv5r9uw1Th2ci kjWEOA3tIXCFwFwfMzA/QllikzSkbmm8a6RryOUyQCqCpt9GGS0i1KC+NIa/GP883S4W4En9PxA+ VJ4hJFwjnIt0E+wUigPBQvLHxRqBT/sXSJxsSZO/uNR99dxKeQmdd4Uob5olMA94uZX/rbeZdgDu 49qSIlx/bEFzJTQzH7yDATed6nXGDojAVHeBAgMBAAGjggHDMIIBvzAJBgNVHRMEAjAAMAsGA1Ud DwQEAwIF4DApBgNVHSUEIjAgBggrBgEFBQcDAgYIKwYBBQUHAwQGCisGAQQBgjcUAgIwHQYDVR0O BBYEFN+tg8k5s/o7Bjed1LmJouNUa4NUMB8GA1UdIwQYMBaAFG7VPsAcL3HJPL9JTu9qVUjs0fI4 MCgGA1UdEQQhMB+BHXJlbmUuaHVtbWVuQGNzLnJ3dGgtYWFjaGVuLmRlMHkGA1UdHwRyMHAwNqA0 oDKGMGh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvcnd0aC1jYS9wdWIvY3JsL2NhY3JsLmNybDA2oDSg MoYwaHR0cDovL2NkcDIucGNhLmRmbi5kZS9yd3RoLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIGUBggr BgEFBQcBAQSBhzCBhDBABggrBgEFBQcwAoY0aHR0cDovL2NkcDEucGNhLmRmbi5kZS9yd3RoLWNh L3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDBABggrBgEFBQcwAoY0aHR0cDovL2NkcDIucGNhLmRmbi5k ZS9yd3RoLWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDANBgkqhkiG9w0BAQUFAAOCAQEAmXPLNSHW Ze3V4Rq3P2pcaBIlY4Z/nJ1jH3u6yBD3gGZrthpu1o0g45hOWbcvkkcQwvEXKlnWeiVXJsQ2XElz ydNFQprK9GFRZvuOJUkMdR87uupqLESpoue7kmTVCFcqg8c/Q9D5KTbTTtrGDydcqKy+MWbrbtGb lg0R8ZJmnIlb+8RLCqa4MbYq2M2kiImYzDrczlPWvy3SHiPASNFf31XDLFP26QlO3USacm/E+CfM sgQFudf9BqE6yW8qoqx0x1xyMdo5tWyT1MUKsDA/cGADc+r2orBNBsZ7AjdPi85fJS3NE2PGhMEZ BCsvt/EC/yIQK7O3DwELk0VlVaE/uDCCBOgwggPQoAMCAQICBAnydOAwDQYJKoZIhvcNAQEFBQAw WjELMAkGA1UEBhMCREUxEzARBgNVBAoTCkRGTi1WZXJlaW4xEDAOBgNVBAsTB0RGTi1QS0kxJDAi BgNVBAMTG0RGTi1WZXJlaW4gUENBIEdsb2JhbCAtIEcwMTAeFw0wNzAyMTQxMTQ5MzhaFw0xOTAy MTMwMDAwMDBaMF4xCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtSV1RIIEFhY2hlbjEXMBUGA1UEAxMO UldUSCBBYWNoZW4gQ0ExIDAeBgkqhkiG9w0BCQEWEWNhQHJ3dGgtYWFjaGVuLmRlMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDAIZOPI3HpS3zVCOZLzL/gheeMSZy+Mf3CUJzdjSHeg id36rNLIjtnsSAAn83Y8TlKUOmRTp+aXU704u7LZ5PFgGj/3fSxXfJPRm8Y4e8Ydy/tGt2nPv7Ry XF+euJ7VMRrVRjLkoRKFGmVE+X8Pe0y9+lCfDqly66qXQCnBSmifqYEadoEy4+DDVDD4wOBpbLaY 6C50/vqhZu7f2UvdvxNzqjSVMBx+gt+b0q6FbHJoPmu18U+lOCTvfTGMTXEyDM4T0vWLaft9NsO4 udXWgY69IRRjytJy0leoL++8wUhSewFRiScQUlMw59MZAy2L2cKmnmJI/JAwdqEnkcnxowIDAQAB o4IBsDCCAawwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFG7VPsAcL3HJ PL9JTu9qVUjs0fI4MB8GA1UdIwQYMBaAFEm3xs/oPR9/6kR7Eyn38QpwPt5kMBwGA1UdEQQVMBOB EWNhQHJ3dGgtYWFjaGVuLmRlMIGIBgNVHR8EgYAwfjA9oDugOYY3aHR0cDovL2NkcDEucGNhLmRm bi5kZS9nbG9iYWwtcm9vdC1jYS9wdWIvY3JsL2NhY3JsLmNybDA9oDugOYY3aHR0cDovL2NkcDIu cGNhLmRmbi5kZS9nbG9iYWwtcm9vdC1jYS9wdWIvY3JsL2NhY3JsLmNybDCBogYIKwYBBQUHAQEE gZUwgZIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZ2xvYmFsLXJvb3QtY2Ev cHViL2NhY2VydC9jYWNlcnQuY3J0MEcGCCsGAQUFBzAChjtodHRwOi8vY2RwMi5wY2EuZGZuLmRl L2dsb2JhbC1yb290LWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDANBgkqhkiG9w0BAQUFAAOCAQEA F4d+xiwLHCB61akGKxuT/3WFC8QLHlOsblyp0qVU5zFlRX9U7Tf6dg/vF0yrZfwOFpWGvZ6fjjW5 VnEtZybLmH+zfcKzuMwhHFQTSyABwmN2VxviKDR8IF6kmKlx86wEGY5Eia9UX2xROJ41MtJzYbQu dR19KJ4Fn6jg3Os+2hfcHttOteTIfCpPLqMeF4Iyy1f1Iz1ZcEQJ7mCHhdMMnL0Oo8/zyTLjq10o aano6WokV6isfKD1wJQnJ6KkS5UHNS9IsEBwZ9BJurQ5jB3GoW3/UgTlomfPjtGr+JcvAkPeaJM/ YbaPVBK11CMzXmtgEFwbZSMiyyoFbmD3+ItyMjGCAt4wggLaAgEBMGYwXjELMAkGA1UEBhMCREUx FDASBgNVBAoTC1JXVEggQWFjaGVuMRcwFQYDVQQDEw5SV1RIIEFhY2hlbiBDQTEgMB4GCSqGSIb3 DQEJARYRY2FAcnd0aC1hYWNoZW4uZGUCBA7kIeMwCQYFKw4DAhoFAKCCAU0wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIwNjI5MDkwMjA5WjAjBgkqhkiG9w0BCQQx FgQU8nrfAW80dr75yQ5liH3GEVo5YgUwdQYJKwYBBAGCNxAEMWgwZjBeMQswCQYDVQQGEwJERTEU MBIGA1UEChMLUldUSCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcN AQkBFhFjYUByd3RoLWFhY2hlbi5kZQIEDuQh4zB3BgsqhkiG9w0BCRACCzFooGYwXjELMAkGA1UE BhMCREUxFDASBgNVBAoTC1JXVEggQWFjaGVuMRcwFQYDVQQDEw5SV1RIIEFhY2hlbiBDQTEgMB4G CSqGSIb3DQEJARYRY2FAcnd0aC1hYWNoZW4uZGUCBA7kIeMwDQYJKoZIhvcNAQEBBQAEggEAIBSJ l7ec2RvPyac+mM1f2QnGsexzRBzvXLceEmDWfML9whUyiWIfA7HJyslNwEULdyKn/oPdUdH4T6at kT4hI1TjlxUeVqSRUMbr+RcWG3gNk+3cS4NsPPZmtYoiTjUMLQrklgWcQ/tJjQ6xUEgdIq3yncUs f5kFOK+scJd+RR6M9jN/qoVTzfGweYrQvLk+PSImlJcX0o6k3OlZLjVcLZnFLn0h1VNORpJU/2Rx 0KhqYvtH6Xp1IrMDsNuPwbq0sBxEg0DZzwpFraWGK0FVw0x7JYXZOICWS510MN+liSj5dlhB+xHM OcoSrhAHuAe3YAnMAxWUzkT9UI2SLaVvqwAAAAAAAA== --Apple-Mail=_DD466475-E1CF-4F48-9D83-485A2D989D96--