From rgm@htt-consult.com Mon Aug 6 07:19:13 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FC2021F877B for ; Mon, 6 Aug 2012 07:19:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.624 X-Spam-Level: X-Spam-Status: No, score=-1.624 tagged_above=-999 required=5 tests=[AWL=-0.884, BAYES_20=-0.74] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x1Yr6dgbj546 for ; Mon, 6 Aug 2012 07:19:12 -0700 (PDT) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by ietfa.amsl.com (Postfix) with ESMTP id 570EF21F8770 for ; Mon, 6 Aug 2012 07:19:12 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 7749C62A87 for ; Mon, 6 Aug 2012 14:18:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNAWEHwxf1wS for ; Mon, 6 Aug 2012 10:18:38 -0400 (EDT) Received: from lx120e.htt-consult.com (nc4010.htt-consult.com [208.83.67.156]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id F25E162A9A for ; Mon, 6 Aug 2012 10:18:30 -0400 (EDT) Message-ID: <501FD236.9070406@htt-consult.com> Date: Mon, 06 Aug 2012 10:18:30 -0400 From: Robert Moskowitz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0 MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Call for HIPv2 code X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2012 14:19:13 -0000 Now that we are in WGLC, we should have working code to establish that things work right. At some definition of 'right' :) From rgm@htt-consult.com Wed Aug 8 06:24:55 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C90421F84A5 for ; Wed, 8 Aug 2012 06:24:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.174 X-Spam-Level: X-Spam-Status: No, score=-1.174 tagged_above=-999 required=5 tests=[AWL=-1.175, BAYES_50=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JHFshh4rUoVS for ; Wed, 8 Aug 2012 06:24:54 -0700 (PDT) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by ietfa.amsl.com (Postfix) with ESMTP id 8A13321F848B for ; Wed, 8 Aug 2012 06:24:54 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id E3B5C62A6B for ; Wed, 8 Aug 2012 13:24:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ccX3cA5QKJ4g for ; Wed, 8 Aug 2012 09:24:22 -0400 (EDT) Received: from lx120e.htt-consult.com (nc4010.htt-consult.com [208.83.67.156]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 8B11162A9B for ; Wed, 8 Aug 2012 09:24:22 -0400 (EDT) Message-ID: <50226886.8000106@htt-consult.com> Date: Wed, 08 Aug 2012 09:24:22 -0400 From: Robert Moskowitz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0 MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Reference problem in 5201-bis wrt SECP160R1 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Aug 2012 13:24:55 -0000 For low security we have SECP160R1 from: [SECG] SECG, "Recommended Elliptic Curve Domain Parameters", SEC 2 , 2000, . I went there yesterday to look up some of the information on actual sizes and got to: http://www.secg.org/download/aid-784/sec2-v2.pdf, published Jan 27, 2010. And no SECP160R1, the smallest keysize now is SECP192R1 (sec 2.2.2). So we have a reference problem here as well as giving a developer the parameter values needed to implement SECP160R1. Corrective action options: 1) Directly supply the parameters for SECP160R1 in Appendix D and reference the version of secg they were pulled from. 2) Find a more stable source for SECP160R1 to reference. 3) Move to SECP192R1 (which I am leary of as ver 3.0 of secg could drop that!). I vote for 1) and ask whoever has the older version of secg to forward the parameters for inclusion. BTW, HIP DEX works a bit differently in that the keys generated from the ECDH exchange are only used in protecting HIP packets and a wrapped key exchange within HIP provides the keying material for session keys (eg ESP or 802.15.4 security). So in DEX, using SECP160R1 may not be as much of a risk as in BEX, so I DO plan on providing the SECP160R1 parameters in DEX. From rstruik.ext@gmail.com Wed Aug 8 11:35:30 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0804B21F8518 for ; Wed, 8 Aug 2012 11:35:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hIGWRQ9tTyYG for ; Wed, 8 Aug 2012 11:35:29 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id D3A1F21F8517 for ; Wed, 8 Aug 2012 11:35:28 -0700 (PDT) Received: by yenm5 with SMTP id m5so1224234yen.31 for ; Wed, 08 Aug 2012 11:35:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=y5nDZg/bNvDQYpLIVMquWC2jXA75yDwu44YyGB+QA4g=; b=tIFDfvtj18ZOWdvxjEbq1KaTOgaD8fn/Q4UeUWfqLRKro/lE1dIV8S2tJa2NV+zKqn H2mRtbgZTcOxioWtuu0/0A7Ii2y/MKbwOUzRVS2OC0gnFNi5MxqC4pba4DIyB3Qo6hq8 fZlhx6G+0LBpdPHCaWl4SnMVkCieVWlEo+ZIlVYcV/s/LViqKwO+KZB4EmDmyTrKt3Rp PVrdUQX8ieMBpA6TYmdrywSF1ic+IrSe+dfLGPSqowFHFUb0tWqtOvIhhnfoVetDLOqX SmqkzuX1YdfihFEIEUOhBzSNCzsQij5JqVUMr/TH17fJjiBoxqt/MAX9snX7oVFIEuyq Vgwg== Received: by 10.42.53.208 with SMTP id o16mr856278icg.6.1344450927854; Wed, 08 Aug 2012 11:35:27 -0700 (PDT) Received: from [192.168.1.103] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.4.27]) by mx.google.com with ESMTPS id gz1sm3109692igc.16.2012.08.08.11.35.26 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 08 Aug 2012 11:35:27 -0700 (PDT) Message-ID: <5022B162.7080306@gmail.com> Date: Wed, 08 Aug 2012 14:35:14 -0400 From: Rene Struik User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: Robert Moskowitz References: <50226886.8000106@htt-consult.com> In-Reply-To: <50226886.8000106@htt-consult.com> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: hipsec@ietf.org Subject: Re: [Hipsec] Reference problem in 5201-bis wrt SECP160R1 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Aug 2012 18:35:30 -0000 Hi Bob: You are correct that SECG removed the prime curve secp160r1 from the SEC1 specification, when moving from v1.0 to v2.0. However, you can still access this under the "superseded specifications" tab: the weblink should be http://www.secg.org/download/aid-386/sec2_final.pdf. You may also find this curve specified elsewhere, e.g., (if memory serves me well) with some copy protection schemes, such as DTCP. I hope this helps. Best regards, Rene On 08/08/2012 9:24 AM, Robert Moskowitz wrote: > For low security we have SECP160R1 from: > > [SECG] SECG, "Recommended Elliptic Curve Domain > Parameters", SEC 2 , 2000, > . > > I went there yesterday to look up some of the information on actual > sizes and got to: > > http://www.secg.org/download/aid-784/sec2-v2.pdf, published Jan 27, 2010. > > And no SECP160R1, the smallest keysize now is SECP192R1 (sec 2.2.2). > > So we have a reference problem here as well as giving a developer the > parameter values needed to implement SECP160R1. > > Corrective action options: > > 1) Directly supply the parameters for SECP160R1 in Appendix D and > reference the version of secg they were pulled from. > > 2) Find a more stable source for SECP160R1 to reference. > > 3) Move to SECP192R1 (which I am leary of as ver 3.0 of secg could > drop that!). > > I vote for 1) and ask whoever has the older version of secg to forward > the parameters for inclusion. > > BTW, HIP DEX works a bit differently in that the keys generated from > the ECDH exchange are only used in protecting HIP packets and a > wrapped key exchange within HIP provides the keying material for > session keys (eg ESP or 802.15.4 security). So in DEX, using > SECP160R1 may not be as much of a risk as in BEX, so I DO plan on > providing the SECP160R1 parameters in DEX. > > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec -- email: rstruik.ext@gmail.com Skype: rstruik cell: +1 (647) 867-5658 USA Google voice: +1 (415) 690-7363 From rgm@htt-consult.com Thu Aug 9 13:13:27 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DFB821F869D for ; Thu, 9 Aug 2012 13:13:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.446 X-Spam-Level: X-Spam-Status: No, score=-1.446 tagged_above=-999 required=5 tests=[AWL=-0.706, BAYES_20=-0.74] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AeWsRnTYKxOw for ; Thu, 9 Aug 2012 13:13:26 -0700 (PDT) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by ietfa.amsl.com (Postfix) with ESMTP id 018E521F867D for ; Thu, 9 Aug 2012 13:13:20 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 6B63062A71 for ; Thu, 9 Aug 2012 20:12:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2pphBpTHeQWg for ; Thu, 9 Aug 2012 16:12:48 -0400 (EDT) Received: from lx120e.htt-consult.com (nc4010.htt-consult.com [208.83.67.156]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 55E2462A63 for ; Thu, 9 Aug 2012 16:12:48 -0400 (EDT) Message-ID: <502419BF.8010407@htt-consult.com> Date: Thu, 09 Aug 2012 16:12:47 -0400 From: Robert Moskowitz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0 MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] The world according to HIP X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Aug 2012 20:13:27 -0000 For the past 2 years, my thoughts have been evolving in how I view HIP fitting into the world. Much of it revolves around Identities, locator/ID split(s), general KMPs, and life in general. Please see http://medon.htt-consult.com/~rgm/hip/HIP%20in%20relation%20to%20the%20stack%20model%20v%201.ppt and tell me what you think of it. From rgm@htt-consult.com Fri Aug 10 08:21:09 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C86621F85C4 for ; Fri, 10 Aug 2012 08:21:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.321 X-Spam-Level: X-Spam-Status: No, score=-2.321 tagged_above=-999 required=5 tests=[AWL=0.278, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uA-z3Oqa4iFj for ; Fri, 10 Aug 2012 08:21:08 -0700 (PDT) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by ietfa.amsl.com (Postfix) with ESMTP id 6600121F858E for ; Fri, 10 Aug 2012 08:21:07 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 604EC62A6C for ; Fri, 10 Aug 2012 15:20:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XfLKgMHZpKs5 for ; Fri, 10 Aug 2012 11:20:31 -0400 (EDT) Received: from lx120e.htt-consult.com (nc4010.htt-consult.com [208.83.67.156]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 06B1662AA5 for ; Fri, 10 Aug 2012 11:20:30 -0400 (EDT) Message-ID: <502526BE.2080404@htt-consult.com> Date: Fri, 10 Aug 2012 11:20:30 -0400 From: Robert Moskowitz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0 MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Minor TLA conflict X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2012 15:21:09 -0000 in State Machine, EC - Exchange Compete And of course this is also Elliptic Curve. Now in BEX we never reference just EC, only ECDH and ECDSA. But I already have one commenter on this one. From rgm@htt-consult.com Tue Aug 14 14:07:42 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6021121E809D for ; Tue, 14 Aug 2012 14:07:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.341 X-Spam-Level: X-Spam-Status: No, score=-2.341 tagged_above=-999 required=5 tests=[AWL=0.258, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwW23jEfHzNY for ; Tue, 14 Aug 2012 14:07:41 -0700 (PDT) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by ietfa.amsl.com (Postfix) with ESMTP id 862BC21F861E for ; Tue, 14 Aug 2012 14:07:41 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 44F7062A6B for ; Tue, 14 Aug 2012 21:07:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QlSrw4KXih+1 for ; Tue, 14 Aug 2012 17:06:56 -0400 (EDT) Received: from lx120e.htt-consult.com (nc4010.htt-consult.com [208.83.67.156]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id CDB1262AAA for ; Tue, 14 Aug 2012 17:06:20 -0400 (EDT) Message-ID: <502ABDCC.3010000@htt-consult.com> Date: Tue, 14 Aug 2012 17:06:20 -0400 From: Robert Moskowitz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0 MIME-Version: 1.0 To: hipsec@ietf.org References: <32A53FD55709804D8533DD5D308A40A20406F75701@FHDP1LUMXC7V33.us.one.verizon.com> In-Reply-To: <32A53FD55709804D8533DD5D308A40A20406F75701@FHDP1LUMXC7V33.us.one.verizon.com> X-Forwarded-Message-Id: <32A53FD55709804D8533DD5D308A40A20406F75701@FHDP1LUMXC7V33.us.one.verizon.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] FW: New Version Notification for draft-moskowitz-hip-dex-00.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Aug 2012 21:07:42 -0000 I have renamed the HIP DEX draft as HIPRG is closed. This is for now an individual submission. For HIP DEX coders, there is one important change: The ENCRYPT_KEY parameter now uses AES-CTR as a couple of Andrei's students correctly pointed out to me. I moved some lines around in the CKDF section so it should be clearer. More on this later. -----Original Message----- From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: Tuesday, August 14, 2012 4:58 PM To: Moskowitz, Robert Subject: New Version Notification for draft-moskowitz-hip-dex-00.txt A new version of I-D, draft-moskowitz-hip-dex-00.txt has been successfully submitted by Robert Moskowitz and posted to the IETF repository. Filename: draft-moskowitz-hip-dex Revision: 00 Title: HIP Diet EXchange (DEX) Creation date: 2012-08-14 WG ID: Individual Submission Number of pages: 39 URL: http://www.ietf.org/internet-drafts/draft-moskowitz-hip-dex-00.txt Status: http://datatracker.ietf.org/doc/draft-moskowitz-hip-dex Htmlized: http://tools.ietf.org/html/draft-moskowitz-hip-dex-00 Abstract: This document specifies the details of the Host Identity Protocol Diet EXchange (HIP DEX). HIP DEX is a variant of the HIP Base EXchange (HIP BEX) [rfc5201-bis] specifically designed to use as few crypto primitives as possible yet still deliver the same class of security features as HIP BEX. The design goal of HIP DEX is to be usable by sensor devices that are memory and processor constrained. Like HIP BEX it is expected to be used together with another suitable security protocol, such as the Encapsulated Security Payload (ESP). HIP DEX can also be used directly as a keying mechanism for a MAC layer security protocol as is supported by IEEE 802.15.4 [IEEE.802-15-4.2011]. The IETF Secretariat