From proberts@patriot.net Wed Jul 16 19:14:01 2003 From: proberts@patriot.net (Paul Robertson) Date: Wed Jul 16 18:14:01 2003 Subject: [Hipsec] First Post Message-ID: One for the archives, while it's just me, myself and I on the list. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts@patriot.net which may have no basis whatsoever in fact." probertson@trusecure.com Director of Risk Assessment TruSecure Corporation From andrew@indranet.co.nz Sat Jul 19 08:38:03 2003 From: andrew@indranet.co.nz (Andrew McGregor) Date: Sat Jul 19 07:38:03 2003 Subject: [Hipsec] New PyHIP release. Message-ID: <3740000.1058615553@[192.168.1.250]> --==========1808479384========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline There is a new PyHIP release at: This includes all interoperability changes from the Vienna IETF, corrected=20 documentation, and a copy of one of the python libraries required as that=20 was patched to make it work. This version moved several Mb of data between Vienna and Christchurch New=20 Zealand during the meeting, and interoperated with the HUT implementation. Mobility support is still not implemented, although the beginning=20 infrastructure is started. This requires a fairly large refactor to=20 complete (every operation that manipulates an IP address potentially=20 requires a change). Some versions of PyCrypto have an error in the 3DES algorithm that prevents = interoperability (although similar instances can communicate, they will be=20 using a different key from that which they negotiated). If you strike=20 this, upgrade PyCrypto or disable 3DES (comment out the list elements at=20 HIPState.py lines 58, 64 and 65) and use Blowfish or AES instead. Andrew --==========1808479384========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE/GTEJHamGxvX4LwIRAh2zAKD+00WpzwkK92uUSUdDziJFBqfzRwCgnyra YNva0tnwPj1L0gPI081EY5Q= =A+5y -----END PGP SIGNATURE----- --==========1808479384==========-- From rgm@htt-consult.com Wed Jul 23 14:46:00 2003 From: rgm@htt-consult.com (Robert Moskowitz) Date: Wed Jul 23 13:46:00 2003 Subject: [Hipsec] Test of new HIPSEC list Message-ID: <5.1.0.14.2.20030723110452.08ec7b20@localhost> We are opening up the new list. From rgm@htt-consult.com Wed Jul 23 14:48:01 2003 From: rgm@htt-consult.com (Robert Moskowitz) Date: Wed Jul 23 13:48:01 2003 Subject: Fwd: [Hipsec] New PyHIP release. Message-ID: <5.1.0.14.2.20030723110705.08d8cc60@localhost> This is the only message sent to the list before I did the mass subscription... >From: Andrew McGregor >To: hipsec@honor.trusecure.com, hipsec@lists.freeswan.org >Subject: [Hipsec] New PyHIP release. >Date: Sat, 19 Jul 2003 13:52:33 +0200 > > >*** PGP Signature Status: good >*** Signer: Andrew McGregor (Invalid) >*** Signed: 7/19/2003 4:52:41 AM >*** Verified: 7/23/2003 11:06:47 AM >*** BEGIN PGP VERIFIED MESSAGE *** > >There is a new PyHIP release at: > > > >This includes all interoperability changes from the Vienna IETF, corrected >documentation, and a copy of one of the python libraries required as that >was patched to make it work. > >This version moved several Mb of data between Vienna and Christchurch New >Zealand during the meeting, and interoperated with the HUT implementation. > >Mobility support is still not implemented, although the beginning >infrastructure is started. This requires a fairly large refactor to >complete (every operation that manipulates an IP address potentially >requires a change). > >Some versions of PyCrypto have an error in the 3DES algorithm that >prevents interoperability (although similar instances can communicate, >they will be using a different key from that which they negotiated). If >you strike this, upgrade PyCrypto or disable 3DES (comment out the list >elements at HIPState.py lines 58, 64 and 65) and use Blowfish or AES instead. > >Andrew > >*** END PGP VERIFIED MESSAGE *** From pekka.nikander@nomadiclab.com Fri Jul 25 03:31:02 2003 From: pekka.nikander@nomadiclab.com (Pekka Nikander) Date: Fri Jul 25 02:31:02 2003 Subject: [Hipsec] Brief update of HIP activitities at Vienna In-Reply-To: <6938661A6EDA8A4EA8D1419BCE46F24C026B57FE@xch-nw-27.nw.nos.boeing.com> References: <6938661A6EDA8A4EA8D1419BCE46F24C026B57FE@xch-nw-27.nw.nos.boeing.com> Message-ID: <3F20D354.4070601@nomadiclab.com> Henderson, Thomas R wrote: > I would be grateful if someone summarized the HIP activities at > Vienna and plans for next steps, and posted to the list. The IETF in the large is waking up to the reality that an identifier/locator separation of some kind is needed. The problem was discussed in length at the IAB Open Meeting on Monday, and mentioned at the IAB pleanary. HIP was mentioned a few times publicly, by IAB/IESG members. Not as *the* solution, but more like something that may warrant a closer look. Some IAB members contacted me and told that HIP had been discussed internally at the IAB and IESG a few times. They asked whether it might be good to run yet another BOF or maybe form a working group. As a result of this, I wrote a very specific charter proposal, and started discussions with the INT ADs. However, the ADs were too busy so that no real conclusions were reached at Vienna. However, the discussions will continue. Based on the what is going on, my best guess right now is that there will be a BOF at Minneapolis. The current idea is to have a kind of demonstration BOF, first running demons showing the current state-of-the art with HIP, i.e. mobility between IPv4 and IPv6, hopefully some form of primitive multi-homing, and IPv4-IPv6 application interoperability. The demos would be followed by a chartering discussion. The current idea for the possible WG is to have a very restricted scope WG concentrating on finishing the current HIP work on mobility, multi-homing, NAT traversal, and DNS aspect, producing *experimental* RFCs only. The base spec should be closed (at the IESG) *before* the WG is formed, and the WG charter would explicitly forbid touching the space spec. The reason for this is to make it sure that the WG proceeds quickly and without too many political battles. The freeswan mailing list crashed once more, and this new mailing list was formed. I was too busy to much talk to the other implementors, and hence I don't know what happened on the implementation front. Maybe other's can fill in the details there. --Pekka Nikander From mkousa@cc.hut.fi Fri Jul 25 06:25:01 2003 From: mkousa@cc.hut.fi (Mika Kousa) Date: Fri Jul 25 05:25:01 2003 Subject: [Hipsec] HIP Mobility and multihoming draft has reached the repositories Message-ID: Looks like the draft mm-00 does not specify packet type values (in the common header) for the new AC*/FA* packets. During the interops we had a discussion about REA. mm-00 says that "The HIP node receiving the REA packet from a node that it trusts, may accept all addresses without making any address check for them." Maybe here could be additionally something like "All HIP nodes SHOULD perform address checks before sending AC (e.g. do not send AC to localhost or multicast addresses)". From rgm@htt-consult.com Fri Jul 25 13:19:00 2003 From: rgm@htt-consult.com (Robert Moskowitz) Date: Fri Jul 25 12:19:00 2003 Subject: [Hipsec] Brief update of HIP activitities at Vienna In-Reply-To: <3F20D354.4070601@nomadiclab.com> References: <6938661A6EDA8A4EA8D1419BCE46F24C026B57FE@xch-nw-27.nw.nos.boeing.com> <6938661A6EDA8A4EA8D1419BCE46F24C026B57FE@xch-nw-27.nw.nos.boeing.com> Message-ID: <5.1.0.14.2.20030725092436.02f5ae40@localhost> At 09:51 AM 7/25/2003 +0300, Pekka Nikander wrote: >Based on the what is going on, my best guess right now is >that there will be a BOF at Minneapolis. The current idea >is to have a kind of demonstration BOF, first running demons >showing the current state-of-the art with HIP, i.e. mobility >between IPv4 and IPv6, hopefully some form of primitive >multi-homing, and IPv4-IPv6 application interoperability. >The demos would be followed by a chartering discussion. We want to schedule this for 1st thing monday morning. That is the ONLY time I can attend. Then I have to dash to the airport to get to the IEEE 802 plenary in San Antonio. :( From pekka.nikander@nomadiclab.com Fri Jul 25 14:57:01 2003 From: pekka.nikander@nomadiclab.com (Pekka Nikander) Date: Fri Jul 25 13:57:01 2003 Subject: [Hipsec] Brief update of HIP activitities at Vienna In-Reply-To: <5.1.0.14.2.20030725092436.02f5ae40@localhost> References: <6938661A6EDA8A4EA8D1419BCE46F24C026B57FE@xch-nw-27.nw.nos.boeing.com> <6938661A6EDA8A4EA8D1419BCE46F24C026B57FE@xch-nw-27.nw.nos.boeing.com> <5.1.0.14.2.20030725092436.02f5ae40@localhost> Message-ID: <3F2173FF.2090205@nomadiclab.com> Robert Moskowitz wrote: >> Based on the what is going on, my best guess right now is >> that there will be a BOF at Minneapolis. ... > > We want to schedule this for 1st thing monday morning. That is the ONLY > time I can attend. Then I have to dash to the airport to get to the > IEEE 802 plenary in San Antonio. :( I'll try to keep this in mind. However, feel free to bug me if (when) I forget this anyway. --Pekka From thomas.r.henderson@boeing.com Mon Jul 28 12:34:00 2003 From: thomas.r.henderson@boeing.com (Henderson, Thomas R) Date: Mon Jul 28 11:34:00 2003 Subject: [Hipsec] FARA Message-ID: <6938661A6EDA8A4EA8D1419BCE46F24C026B583B@xch-nw-27.nw.nos.boeing.com> HIP participants may be interested in the following paper to be=20 presented at Sigcomm "Future Directions in Network Architecture" = workshop: =20 http://www.acm.org/sigcomm/sigcomm2003/workshop/fdna/fdna-program.html It argues for another namespace for "entities" (rather than, or in addition to, hosts) and has many architectural similarities to the HIP proposals. FARA-- Reorganizing the Addressing Architecture http://www.isi.edu/newarch/DOCUMENTS/FARA.FDNA03.pdf Tom From rgm@htt-consult.com Mon Jul 28 13:15:01 2003 From: rgm@htt-consult.com (Robert Moskowitz) Date: Mon Jul 28 12:15:01 2003 Subject: [Hipsec] FARA In-Reply-To: <6938661A6EDA8A4EA8D1419BCE46F24C026B583B@xch-nw-27.nw.nos. boeing.com> Message-ID: <5.1.0.14.2.20030728092923.030a4578@localhost> At 08:53 AM 7/28/2003 -0700, Henderson, Thomas R wrote: >HIP participants may be interested in the following paper to be >presented at Sigcomm "Future Directions in Network Architecture" workshop: >http://www.acm.org/sigcomm/sigcomm2003/workshop/fdna/fdna-program.html Recongnizable 'guilty parties'. :) >It argues for another namespace for "entities" (rather than, or in >addition to, hosts) and has many architectural similarities to >the HIP proposals. > >FARA-- Reorganizing the Addressing Architecture >http://www.isi.edu/newarch/DOCUMENTS/FARA.FDNA03.pdf Clark, Braden, and Falk are VERY familiar with HIP. Bob actually wanted me to make the previous HIP drafts as Informational RFCs so the concepts they present would not get lost. HIP is referenced in this paper. I, of course, have problems with the last paragraph before sec 3.3...