From hipsec-bounces@lists.ietf.org Fri Feb 03 04:27:32 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4xE4-0003xK-9B; Fri, 03 Feb 2006 04:27:32 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4xE3-0003wq-An for hipsec@megatron.ietf.org; Fri, 03 Feb 2006 04:27:31 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA09002 for ; Fri, 3 Feb 2006 04:25:45 -0500 (EST) Received: from courier.cs.helsinki.fi ([128.214.9.1] helo=mail.cs.helsinki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F4xPR-0005nn-As for hipsec@ietf.org; Fri, 03 Feb 2006 04:39:19 -0500 Received: from [217.152.227.131] (hippy.infrahip.net [217.152.227.131]) (AUTH: PLAIN gurtov, SSL: TLSv1/SSLv3,256bits,AES256-SHA) by mail.cs.helsinki.fi with esmtp; Fri, 03 Feb 2006 11:27:16 +0200 id 00070181.43E321F4.000051EE Message-ID: <43E321FA.5000607@cs.helsinki.fi> Date: Fri, 03 Feb 2006 11:27:22 +0200 From: Andrei Gurtov User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en Mime-Version: 1.0 To: hipsec@ietf.org X-Spam-Score: 0.0 (/) X-Scan-Signature: 73734d43604d52d23b3eba644a169745 Cc: Subject: [Hipsec] interlock for HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1459184495==" Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --===============1459184495== Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="=_courier-20974-1138958836-0001-2" This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_courier-20974-1138958836-0001-2 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi, I suppose HIP in the current form without PKI is prone to man-in-the-middle attacks because it uses basic diffie-hellman key exchange. Have there been ideas of integrating the interlock protocol in base exchange to prevent MitM attacks? These would require one or more additional RTTs as the key material would be split over two or more messages. Andrei http://www.quadibloc.com/crypto/mi060709.htm --=_courier-20974-1138958836-0001-2 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJKzCC AvAwggJZoAMCAQICAw6O2TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNDI1MTAxMDI4WhcNMDYwNDI1MTAxMDI4 WjBgMQ8wDQYDVQQEEwZHdXJ0b3YxDzANBgNVBCoTBkFuZHJlaTEWMBQGA1UEAxMNQW5kcmVp IEd1cnRvdjEkMCIGCSqGSIb3DQEJARYVZ3VydG92QGNzLmhlbHNpbmtpLmZpMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/HBlES2QI1Dd00OrqhRWyfaw/779M7nBpaVaOwr TvumJ45t9b80teI3r5DFb7H4Ddvdsa+fYrzhhNwYyz6UHED/fvIiC3GEiYmz/9o6k8lrr8nU ch1NIgvcQvateZ9Vug5RaEy9AhRhxbITmevk+1kmpXJGxT/7IwyoN5H1Yl4P+usCBJYYK8o4 v/Dh4mpDT+drwKB7FRmXsYExDlDeY76K+E6u15rIL0KsU8NPTb3+R/0Pg/QCDeLu6/dILRhS 8nJCYZiXTPt+lqjhCRF/2kgcWknbyxssprdjxH4is1Up4m0vFLPlUAKllIW9Q1XK8z2qkMUk fUWO3WvglPc0/QIDAQABozIwMDAgBgNVHREEGTAXgRVndXJ0b3ZAY3MuaGVsc2lua2kuZmkw DAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAluIZsj/uZ3du6ZtzmvvqGEMFFAcRP N2HBHfR8H4kUmdGDYJ5U1BCUv6ELoKXXl/fyljyZnSSWWaxvUuSHldn8gWc9oGEkJoFaS+Bo 6L+8H9PzyD32AxrQSZ/UaAQsPqHRg+dy+M4ikmxVLzK+1xTFB2sIl5PmnRFsQUm2I10pbDCC AvAwggJZoAMCAQICAw6O2TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNDI1MTAxMDI4WhcNMDYwNDI1MTAxMDI4 WjBgMQ8wDQYDVQQEEwZHdXJ0b3YxDzANBgNVBCoTBkFuZHJlaTEWMBQGA1UEAxMNQW5kcmVp IEd1cnRvdjEkMCIGCSqGSIb3DQEJARYVZ3VydG92QGNzLmhlbHNpbmtpLmZpMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/HBlES2QI1Dd00OrqhRWyfaw/779M7nBpaVaOwr TvumJ45t9b80teI3r5DFb7H4Ddvdsa+fYrzhhNwYyz6UHED/fvIiC3GEiYmz/9o6k8lrr8nU ch1NIgvcQvateZ9Vug5RaEy9AhRhxbITmevk+1kmpXJGxT/7IwyoN5H1Yl4P+usCBJYYK8o4 v/Dh4mpDT+drwKB7FRmXsYExDlDeY76K+E6u15rIL0KsU8NPTb3+R/0Pg/QCDeLu6/dILRhS 8nJCYZiXTPt+lqjhCRF/2kgcWknbyxssprdjxH4is1Up4m0vFLPlUAKllIW9Q1XK8z2qkMUk fUWO3WvglPc0/QIDAQABozIwMDAgBgNVHREEGTAXgRVndXJ0b3ZAY3MuaGVsc2lua2kuZmkw DAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAluIZsj/uZ3du6ZtzmvvqGEMFFAcRP N2HBHfR8H4kUmdGDYJ5U1BCUv6ELoKXXl/fyljyZnSSWWaxvUuSHldn8gWc9oGEkJoFaS+Bo 6L+8H9PzyD32AxrQSZ/UaAQsPqHRg+dy+M4ikmxVLzK+1xTFB2sIl5PmnRFsQUm2I10pbDCC Az8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQI EwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENv bnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAi BgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5 NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9Vvy Gna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOC dz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCB kTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhh d3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNV HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQAD gYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFi w9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpb NU1341YheILcIRk13iSx0x1G/11fZU8xggM7MIIDNwIBATBpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDo7ZMAkGBSsOAwIaBQCgggGnMBgGCSqG SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA2MDIwMzA5MjcyMlowIwYJ KoZIhvcNAQkEMRYEFNGELWed9hZ7No4HnWv4f9vKqUnPMFIGCSqGSIb3DQEJDzFFMEMwCgYI KoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqG SIb3DQMCAgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMOjtkwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYT AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDo7ZMA0GCSqGSIb3DQEBAQUA BIIBAJnAPXU71afpLbEFgkQntPsXIgjS6IVmg0lBEmiEEM9RE6qkvpKCLlNtoyqvHCopsfYC RQBwMFp7jcfnxd4drEOiVij1I9x7jVa+8tIn8fHPYHHmZQFg6Np1e05XmGDITEgkHe59+1F8 zejoggHVZkPbP35DWOmyX5/vjiAjUvIGKNJ2cXzlU6wyaoxgaRRj00MMZZhZi3Vie8CVdRfU zrQGUed6vBUZYLPSSQFGzmfUTUSwPz14mzaW6h3bQhoXzBZ1ODOuXGQlbwUM80auLWOl0G/S Jg1CkZj64WyzZXYN0IeatJBewUSlCG1AoZH9CxKFxlRwBpVV8f3Z3u7qQdAAAAAAAAA= --=_courier-20974-1138958836-0001-2-- --===============1459184495== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec --===============1459184495==-- From hipsec-bounces@lists.ietf.org Fri Feb 03 06:07:33 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4ymr-0000FE-4x; Fri, 03 Feb 2006 06:07:33 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4ymp-0000BT-69 for hipsec@megatron.ietf.org; Fri, 03 Feb 2006 06:07:31 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA17066 for ; Fri, 3 Feb 2006 06:05:52 -0500 (EST) Received: from n2.nomadiclab.com ([193.234.219.2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F4yyL-0000Md-7G for hipsec@ietf.org; Fri, 03 Feb 2006 06:19:28 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 53269212C4E; Fri, 3 Feb 2006 13:07:06 +0200 (EET) Received: from [IPv6:::1] (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 089A0212C4C; Fri, 3 Feb 2006 13:07:06 +0200 (EET) In-Reply-To: <43E321FA.5000607@cs.helsinki.fi> References: <43E321FA.5000607@cs.helsinki.fi> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Pekka Nikander Subject: Re: [Hipsec] interlock for HIP Date: Fri, 3 Feb 2006 13:07:04 +0200 To: Andrei Gurtov X-Mailer: Apple Mail (2.746.2) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: 0.0 (/) X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c Content-Transfer-Encoding: 7bit Cc: hipsec@ietf.org X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org > I suppose HIP in the current form without PKI is prone to man-in- > the-middle attacks because it uses basic diffie-hellman key > exchange. Have there been ideas of integrating the interlock > protocol in base exchange to prevent MitM attacks? These would > require one or more additional RTTs as the key material would be > split over two or more messages. Excuse my ignorance, but I can't see how it would help. In general, I believe that you either need TTP, a second independent channel (like recognising your peer's voice), or quantum crypto, in order to solve the MitM problem. To be honest, I don't even understand how quantum crypto would help, but I've seen claims that it would. --Pekka _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Feb 03 08:13:05 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F50kL-0002xD-SD; Fri, 03 Feb 2006 08:13:05 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F50e0-0001T5-Lm for hipsec@megatron.ietf.org; Fri, 03 Feb 2006 08:06:37 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA22951 for ; Fri, 3 Feb 2006 08:04:41 -0500 (EST) From: Claude.Castelluccia@inrialpes.fr Received: from mx-serv.inrialpes.fr ([194.199.18.100]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F50Xn-0005C7-Kl for hipsec@ietf.org; Fri, 03 Feb 2006 08:00:09 -0500 Received: from curumo.inrialpes.fr (curumo.inrialpes.fr [194.199.18.105]) by mx-serv.inrialpes.fr (8.13.0/8.13.0) with ESMTP id k13Ckr9r011645; Fri, 3 Feb 2006 13:46:53 +0100 (MET) Received: (from nobody@localhost) by curumo.inrialpes.fr (8.11.6/8.11.3/ImagV2) id k13CknE13328; Fri, 3 Feb 2006 13:46:49 +0100 (MET) X-Authentication-Warning: curumo.inrialpes.fr: nobody set sender to ccastel@inrialpes.fr using -f Received: from 86.206.132.9 ( [86.206.132.9]) as user ccastel@imap-serv.inrialpes.fr by listes-serv.inrialpes.fr with HTTP; Fri, 3 Feb 2006 13:46:49 +0100 Message-ID: <1138970809.43e350b9b3ec8@listes-serv.inrialpes.fr> Date: Fri, 3 Feb 2006 13:46:49 +0100 To: Pekka Nikander Subject: Re: [Hipsec] interlock for HIP References: <43E321FA.5000607@cs.helsinki.fi> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 (mx-serv.inrialpes.fr [194.199.18.100]); Fri, 03 Feb 2006 13:46:54 +0100 (MET) X-SMAUG-MailScanner: Found to be clean X-SMAUG-MailScanner-From: ccastel@inrialpes.fr X-Spam-Score: 0.3 (/) X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2 Content-Transfer-Encoding: 8bit Cc: hipsec@ietf.org X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org I agree with Pekka... However if the goal is to establish a secure channel between two known HITs, Crypto Based Identifier (CBID) can also be useful to prevent MitM attack... cheers, Claude. Quoting Pekka Nikander : > > I suppose HIP in the current form without PKI is prone to man-in- > > the-middle attacks because it uses basic diffie-hellman key > > exchange. Have there been ideas of integrating the interlock > > protocol in base exchange to prevent MitM attacks? These would > > require one or more additional RTTs as the key material would be > > split over two or more messages. > > Excuse my ignorance, but I can't see how it would help. In general, > I believe that you either need TTP, a second independent channel > (like recognising your peer's voice), or quantum crypto, in order to > solve the MitM problem. To be honest, I don't even understand how > quantum crypto would help, but I've seen claims that it would. > > --Pekka > > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec > > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Feb 06 09:34:46 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F67S2-0006Jv-PO; Mon, 06 Feb 2006 09:34:46 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F67Rz-0006JQ-EB for hipsec@megatron.ietf.org; Mon, 06 Feb 2006 09:34:45 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA23227 for ; Mon, 6 Feb 2006 09:32:52 -0500 (EST) Received: from courier.cs.helsinki.fi ([128.214.9.1] helo=mail.cs.helsinki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F67e0-0004UN-U0 for hipsec@ietf.org; Mon, 06 Feb 2006 09:47:10 -0500 Received: from [217.152.227.131] (hippy.infrahip.net [217.152.227.131]) (AUTH: PLAIN gurtov, SSL: TLSv1/SSLv3,256bits,AES256-SHA) by mail.cs.helsinki.fi with esmtp; Mon, 06 Feb 2006 16:34:28 +0200 id 0006FC82.43E75E74.00000CA3 Message-ID: <43E75E80.2010407@cs.helsinki.fi> Date: Mon, 06 Feb 2006 16:34:40 +0200 From: Andrei Gurtov User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en Mime-Version: 1.0 To: Pekka Nikander Subject: Re: [Hipsec] interlock for HIP References: <43E321FA.5000607@cs.helsinki.fi> In-Reply-To: X-Spam-Score: 0.0 (/) X-Scan-Signature: 6e922792024732fb1bb6f346e63517e4 Cc: hipsec@ietf.org X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1705943762==" Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --===============1705943762== Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="=_courier-3235-1139236468-0001-2" This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_courier-3235-1139236468-0001-2 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I understood that IL cannot provide authentication, i.e. MitM attack of the form A to Z and Z to B is still possible. However, it prevents "stealth" MitM attack when A and B communicate but Z can eavesdrop. Perhaps this is already prevented with current HIP mechanisms? Andrei Pekka Nikander wrote: >> I suppose HIP in the current form without PKI is prone to man-in- >> the-middle attacks because it uses basic diffie-hellman key >> exchange. Have there been ideas of integrating the interlock >> protocol in base exchange to prevent MitM attacks? These would >> require one or more additional RTTs as the key material would be >> split over two or more messages. > > > Excuse my ignorance, but I can't see how it would help. In general, > I believe that you either need TTP, a second independent channel > (like recognising your peer's voice), or quantum crypto, in order to > solve the MitM problem. To be honest, I don't even understand how > quantum crypto would help, but I've seen claims that it would. > > --Pekka > --=_courier-3235-1139236468-0001-2 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJKzCC AvAwggJZoAMCAQICAw6O2TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNDI1MTAxMDI4WhcNMDYwNDI1MTAxMDI4 WjBgMQ8wDQYDVQQEEwZHdXJ0b3YxDzANBgNVBCoTBkFuZHJlaTEWMBQGA1UEAxMNQW5kcmVp IEd1cnRvdjEkMCIGCSqGSIb3DQEJARYVZ3VydG92QGNzLmhlbHNpbmtpLmZpMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/HBlES2QI1Dd00OrqhRWyfaw/779M7nBpaVaOwr TvumJ45t9b80teI3r5DFb7H4Ddvdsa+fYrzhhNwYyz6UHED/fvIiC3GEiYmz/9o6k8lrr8nU ch1NIgvcQvateZ9Vug5RaEy9AhRhxbITmevk+1kmpXJGxT/7IwyoN5H1Yl4P+usCBJYYK8o4 v/Dh4mpDT+drwKB7FRmXsYExDlDeY76K+E6u15rIL0KsU8NPTb3+R/0Pg/QCDeLu6/dILRhS 8nJCYZiXTPt+lqjhCRF/2kgcWknbyxssprdjxH4is1Up4m0vFLPlUAKllIW9Q1XK8z2qkMUk fUWO3WvglPc0/QIDAQABozIwMDAgBgNVHREEGTAXgRVndXJ0b3ZAY3MuaGVsc2lua2kuZmkw DAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAluIZsj/uZ3du6ZtzmvvqGEMFFAcRP N2HBHfR8H4kUmdGDYJ5U1BCUv6ELoKXXl/fyljyZnSSWWaxvUuSHldn8gWc9oGEkJoFaS+Bo 6L+8H9PzyD32AxrQSZ/UaAQsPqHRg+dy+M4ikmxVLzK+1xTFB2sIl5PmnRFsQUm2I10pbDCC AvAwggJZoAMCAQICAw6O2TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNDI1MTAxMDI4WhcNMDYwNDI1MTAxMDI4 WjBgMQ8wDQYDVQQEEwZHdXJ0b3YxDzANBgNVBCoTBkFuZHJlaTEWMBQGA1UEAxMNQW5kcmVp IEd1cnRvdjEkMCIGCSqGSIb3DQEJARYVZ3VydG92QGNzLmhlbHNpbmtpLmZpMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/HBlES2QI1Dd00OrqhRWyfaw/779M7nBpaVaOwr TvumJ45t9b80teI3r5DFb7H4Ddvdsa+fYrzhhNwYyz6UHED/fvIiC3GEiYmz/9o6k8lrr8nU ch1NIgvcQvateZ9Vug5RaEy9AhRhxbITmevk+1kmpXJGxT/7IwyoN5H1Yl4P+usCBJYYK8o4 v/Dh4mpDT+drwKB7FRmXsYExDlDeY76K+E6u15rIL0KsU8NPTb3+R/0Pg/QCDeLu6/dILRhS 8nJCYZiXTPt+lqjhCRF/2kgcWknbyxssprdjxH4is1Up4m0vFLPlUAKllIW9Q1XK8z2qkMUk fUWO3WvglPc0/QIDAQABozIwMDAgBgNVHREEGTAXgRVndXJ0b3ZAY3MuaGVsc2lua2kuZmkw DAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAluIZsj/uZ3du6ZtzmvvqGEMFFAcRP N2HBHfR8H4kUmdGDYJ5U1BCUv6ELoKXXl/fyljyZnSSWWaxvUuSHldn8gWc9oGEkJoFaS+Bo 6L+8H9PzyD32AxrQSZ/UaAQsPqHRg+dy+M4ikmxVLzK+1xTFB2sIl5PmnRFsQUm2I10pbDCC Az8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQI EwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENv bnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAi BgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5 NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9Vvy Gna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOC dz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCB kTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhh d3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNV HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQAD gYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFi w9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpb NU1341YheILcIRk13iSx0x1G/11fZU8xggM7MIIDNwIBATBpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDo7ZMAkGBSsOAwIaBQCgggGnMBgGCSqG SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA2MDIwNjE0MzQ0MFowIwYJ KoZIhvcNAQkEMRYEFGv4VmNCWJPQ5I8LuZrXaHbi+VBlMFIGCSqGSIb3DQEJDzFFMEMwCgYI KoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqG SIb3DQMCAgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMOjtkwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYT AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDo7ZMA0GCSqGSIb3DQEBAQUA BIIBAHlKtocDQCdpNVhkYbBWiefVTprzveJCi2cl02fy/ya7gGzCuq8CIqYfZU23cmRW8Ig5 R7QaSzX6eIPimWad8jfb3iLLjtwXCbjcglFM2JFjPj/vUyOIN6Xk/EblfFqtDWEq1TkgEl5f N5Wc02QBDPxhRh361b5HRX9wUSxZlq6ytajtQZMefG3CqFZBWLPJ2zgJv5BAsKiE+3xvAJDQ GodQXWDbMBOmSaj0G+Pm+IPp/XzAdUomDCKKf/gkxKDKSpq0O+0e7/As0Ott+t7A89iZ2FyX l5eeXkM27jcFmfw6Hn8oF7x4dWgnGP/xwij7zrczMzSBtXUT7MS5lQngc4oAAAAAAAA= --=_courier-3235-1139236468-0001-2-- --===============1705943762== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec --===============1705943762==-- From hipsec-bounces@lists.ietf.org Tue Feb 07 12:59:49 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6X81-0003kW-AS; Tue, 07 Feb 2006 12:59:49 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6X7x-0003jq-NT for hipsec@megatron.ietf.org; Tue, 07 Feb 2006 12:59:47 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA16311 for ; Tue, 7 Feb 2006 12:57:54 -0500 (EST) Received: from n2.nomadiclab.com ([193.234.219.2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F6XKD-0000uy-RF for hipsec@ietf.org; Tue, 07 Feb 2006 13:12:27 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 72417212C4E; Tue, 7 Feb 2006 19:59:15 +0200 (EET) Received: from [IPv6:::1] (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 05A24212C4C; Tue, 7 Feb 2006 19:59:14 +0200 (EET) In-Reply-To: <43E75E80.2010407@cs.helsinki.fi> References: <43E321FA.5000607@cs.helsinki.fi> <43E75E80.2010407@cs.helsinki.fi> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <987B4688-CFAA-4B95-8801-2CB964ABBC63@nomadiclab.com> Content-Transfer-Encoding: 7bit From: Pekka Nikander Subject: Re: [Hipsec] interlock for HIP Date: Tue, 7 Feb 2006 19:59:16 +0200 To: Andrei Gurtov X-Mailer: Apple Mail (2.746.2) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: 0.0 (/) X-Scan-Signature: d17f825e43c9aed4fd65b7edddddec89 Content-Transfer-Encoding: 7bit Cc: hipsec@ietf.org X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org > I understood that IL cannot provide authentication, i.e. MitM > attack of the form A to Z and Z to B is still possible. However, it > prevents "stealth" MitM attack when A and B communicate but Z can > eavesdrop. > Perhaps this is already prevented with current HIP mechanisms? Yes, passive attacks are already prevented by HIP. However, interlock might be interesting for any "lightweight" variant of HIP. --Pekka _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Feb 08 04:55:17 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6m2e-0004TR-1s; Wed, 08 Feb 2006 04:55:16 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6m2a-0004QF-Tm for hipsec@megatron.ietf.org; Wed, 08 Feb 2006 04:55:12 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA05316 for ; Wed, 8 Feb 2006 04:53:16 -0500 (EST) Received: from mx.laposte.net ([81.255.54.11]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F6mEp-0005Kg-UW for hipsec@ietf.org; Wed, 08 Feb 2006 05:07:58 -0500 Received: from [192.168.1.111] (212.119.9.178) by mx.laposte.net (7.2.060.1) (authenticated as julien.laganier) id 43C538AA01947827 for hipsec@ietf.org; Wed, 8 Feb 2006 10:54:29 +0100 From: Julien Laganier To: hipsec@ietf.org Date: Wed, 8 Feb 2006 10:54:27 +0100 User-Agent: KMail/1.8.2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602081054.27444.julien.IETF@laposte.net> X-Spam-Score: 0.1 (/) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 Content-Transfer-Encoding: 7bit Cc: Subject: [Hipsec] DNS draft, new pre-version X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org Folks, Based on some comments made off-line by Pekka, I made these three small changes to the DNS draft: 1) Added the following paragraph of clarification to Section 4.1. Storing HI, HIT and RVS in DNS: The rendezvous server field of the HIP resource record stored at a given domain name MAY include the domain name itself. A semantically equivalent situation occurs if no rendezvous server is stored in the HIP resource record of that domain. Such situations occurs in two cases: o The host is mobile, and the A and/or AAAA resource record(s) stored at its domain name contains the IP address(es) of its rendezvous server rather than its own one. o The host is stationary, and can be reached directly at IP address(es) contained in A and/or AAAA resource record(s) stored at its domain name. This a degenerated case of rendezvous service where the host somewhat acts as a rendezvous server for itself. 2) Removed Section 3.3 "Mixed Scenarios" example of DNS query behavior, because it was misleading in the context of the first change made. 3) Changed the remaining examples in Section 3 "Usage Scenarios" so that an Initiator always query first for HIP RR, and if no RVS is present in that RR, query for A/AAA RRs. You can review the change by yourself at these URLs: IMHO this draft is now ready for publication, so if I nobody objects I will submit the new version to the secretariat. Thanks. --julien _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Feb 08 14:08:01 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6ufZ-0007ae-QQ; Wed, 08 Feb 2006 14:08:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6ufU-0007ZR-4o for hipsec@megatron.ietf.org; Wed, 08 Feb 2006 14:08:00 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA22375 for ; Wed, 8 Feb 2006 14:06:04 -0500 (EST) Received: from machshav.com ([147.28.0.16]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F6urx-0000yi-4y for hipsec@ietf.org; Wed, 08 Feb 2006 14:20:50 -0500 Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id 931B1FB299; Wed, 8 Feb 2006 14:07:34 -0500 (EST) Received: from cs.columbia.edu (localhost [127.0.0.1]) by berkshire.machshav.com (Postfix) with ESMTP id 271603BFDDC; Wed, 8 Feb 2006 14:07:33 -0500 (EST) X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 From: "Steven M. Bellovin" To: Pekka Nikander Subject: Re: [Hipsec] interlock for HIP In-Reply-To: (Your message of "Tue, 07 Feb 2006 19:59:16 +0200.") <987B4688-CFAA-4B95-8801-2CB964ABBC63@nomadiclab.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 08 Feb 2006 14:07:33 -0500 Message-Id: <20060208190733.271603BFDDC@berkshire.machshav.com> X-Spam-Score: 0.0 (/) X-Scan-Signature: d6b246023072368de71562c0ab503126 Cc: hipsec@ietf.org X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org In message <987B4688-CFAA-4B95-8801-2CB964ABBC63@nomadiclab.com>, Pekka Nikande r writes: >> I understood that IL cannot provide authentication, i.e. MitM >> attack of the form A to Z and Z to B is still possible. However, it >> prevents "stealth" MitM attack when A and B communicate but Z can >> eavesdrop. >> Perhaps this is already prevented with current HIP mechanisms? > >Yes, passive attacks are already prevented by HIP. However, >interlock might be interesting for any "lightweight" variant of HIP. > If not used carefully, the interlock protocol provides less protection than you might think -- see http://www.cs.columbia.edu/~smb/papers/interlock.pdf --Steven M. Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Sun Feb 12 13:48:40 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8MH2-0001yh-5b; Sun, 12 Feb 2006 13:48:40 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8MH0-0001yM-Or for hipsec@megatron.ietf.org; Sun, 12 Feb 2006 13:48:38 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06681 for ; Sun, 12 Feb 2006 13:46:53 -0500 (EST) Received: from courier.cs.helsinki.fi ([128.214.9.1] helo=mail.cs.helsinki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F8MUT-0002eh-6Q for hipsec@ietf.org; Sun, 12 Feb 2006 14:02:33 -0500 Received: from [84.248.0.132] (dsl-hkigw8-fe00f800-132.dhcp.inet.fi [84.248.0.132]) (AUTH: PLAIN gurtov, SSL: TLSv1/SSLv3,256bits,AES256-SHA) by mail.cs.helsinki.fi with esmtp; Sun, 12 Feb 2006 20:48:35 +0200 id 000701C9.43EF8303.00006761 Message-ID: <43EF8313.5080606@cs.helsinki.fi> Date: Sun, 12 Feb 2006 20:48:51 +0200 From: Andrei Gurtov User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en Mime-Version: 1.0 To: Petri Jokela Subject: Re: [Hipsec] Bellovin-Rescorla analysis needed References: <437DCCB0.6090703@nomadiclab.com> In-Reply-To: <437DCCB0.6090703@nomadiclab.com> X-Spam-Score: 0.0 (/) X-Scan-Signature: a8a20a483a84f747e56475e290ee868e Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2042175888==" Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --===============2042175888== Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="=_courier-26465-1139770115-0001-2" This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_courier-26465-1139770115-0001-2 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Petri Jokela wrote: >Pekka Nikander wrote: > > >>Folks, >> >>I am sitting in SAAG and it looks like that we need to do the >>Bellovin-Rescorla hash function analysis on HIP, before we submit it to >>the IESG. Otherwise we will just get a Discuss from the security ADs. >> >> >... > > >>Any volunteers? >> >> > >How shall we proceed with this issue? Are there any people who can make >the analysis? > > Is it still needed? If yes, I could suggest a diploma topic on it or assign a summer intern on this. Andrei --=_courier-26465-1139770115-0001-2 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJKzCC AvAwggJZoAMCAQICAw6O2TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNDI1MTAxMDI4WhcNMDYwNDI1MTAxMDI4 WjBgMQ8wDQYDVQQEEwZHdXJ0b3YxDzANBgNVBCoTBkFuZHJlaTEWMBQGA1UEAxMNQW5kcmVp IEd1cnRvdjEkMCIGCSqGSIb3DQEJARYVZ3VydG92QGNzLmhlbHNpbmtpLmZpMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/HBlES2QI1Dd00OrqhRWyfaw/779M7nBpaVaOwr TvumJ45t9b80teI3r5DFb7H4Ddvdsa+fYrzhhNwYyz6UHED/fvIiC3GEiYmz/9o6k8lrr8nU ch1NIgvcQvateZ9Vug5RaEy9AhRhxbITmevk+1kmpXJGxT/7IwyoN5H1Yl4P+usCBJYYK8o4 v/Dh4mpDT+drwKB7FRmXsYExDlDeY76K+E6u15rIL0KsU8NPTb3+R/0Pg/QCDeLu6/dILRhS 8nJCYZiXTPt+lqjhCRF/2kgcWknbyxssprdjxH4is1Up4m0vFLPlUAKllIW9Q1XK8z2qkMUk fUWO3WvglPc0/QIDAQABozIwMDAgBgNVHREEGTAXgRVndXJ0b3ZAY3MuaGVsc2lua2kuZmkw DAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAluIZsj/uZ3du6ZtzmvvqGEMFFAcRP N2HBHfR8H4kUmdGDYJ5U1BCUv6ELoKXXl/fyljyZnSSWWaxvUuSHldn8gWc9oGEkJoFaS+Bo 6L+8H9PzyD32AxrQSZ/UaAQsPqHRg+dy+M4ikmxVLzK+1xTFB2sIl5PmnRFsQUm2I10pbDCC AvAwggJZoAMCAQICAw6O2TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNDI1MTAxMDI4WhcNMDYwNDI1MTAxMDI4 WjBgMQ8wDQYDVQQEEwZHdXJ0b3YxDzANBgNVBCoTBkFuZHJlaTEWMBQGA1UEAxMNQW5kcmVp IEd1cnRvdjEkMCIGCSqGSIb3DQEJARYVZ3VydG92QGNzLmhlbHNpbmtpLmZpMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/HBlES2QI1Dd00OrqhRWyfaw/779M7nBpaVaOwr TvumJ45t9b80teI3r5DFb7H4Ddvdsa+fYrzhhNwYyz6UHED/fvIiC3GEiYmz/9o6k8lrr8nU ch1NIgvcQvateZ9Vug5RaEy9AhRhxbITmevk+1kmpXJGxT/7IwyoN5H1Yl4P+usCBJYYK8o4 v/Dh4mpDT+drwKB7FRmXsYExDlDeY76K+E6u15rIL0KsU8NPTb3+R/0Pg/QCDeLu6/dILRhS 8nJCYZiXTPt+lqjhCRF/2kgcWknbyxssprdjxH4is1Up4m0vFLPlUAKllIW9Q1XK8z2qkMUk fUWO3WvglPc0/QIDAQABozIwMDAgBgNVHREEGTAXgRVndXJ0b3ZAY3MuaGVsc2lua2kuZmkw DAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAluIZsj/uZ3du6ZtzmvvqGEMFFAcRP N2HBHfR8H4kUmdGDYJ5U1BCUv6ELoKXXl/fyljyZnSSWWaxvUuSHldn8gWc9oGEkJoFaS+Bo 6L+8H9PzyD32AxrQSZ/UaAQsPqHRg+dy+M4ikmxVLzK+1xTFB2sIl5PmnRFsQUm2I10pbDCC Az8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQI EwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENv bnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAi BgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5 NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9Vvy Gna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOC dz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCB kTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhh d3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNV HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQAD gYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFi w9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpb NU1341YheILcIRk13iSx0x1G/11fZU8xggM7MIIDNwIBATBpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDo7ZMAkGBSsOAwIaBQCgggGnMBgGCSqG SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA2MDIxMjE4NDg1MVowIwYJ KoZIhvcNAQkEMRYEFDrm9UQNJ1V08yozkuiGY5INqxIkMFIGCSqGSIb3DQEJDzFFMEMwCgYI KoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqG SIb3DQMCAgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMOjtkwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYT AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDo7ZMA0GCSqGSIb3DQEBAQUA BIIBAFFq3BFd7FYkHPkkwQLioKWCXv4j++RaHH7/EP/LBA5LW/GefK5DxHQWw/jq92aiQeE4 s9wTciV3knssK98zgx/9pP1l+m921RiNv1sSvGiiu2B6Dv+KEkitV8SxVYShPEK2Af1nEBwk 2DPJWPL1sA1+CFuriEs0l8uWjQzzGCO08N4frYXp6L3pQdsqE/cY5MnAL5+wS3/05jdcyX/3 EOMa7KKopontvkB8UVceU+Y6XtW/6aqf8UFNVBAFCgF0wexafrrhKS7Cx4pCsjnAWziOni1R vI1ZFItfHaN2ddzgl4KwZiJz5gH4Y+mGhh8050vyjHEFF+hEP1tlljFp67EAAAAAAAA= --=_courier-26465-1139770115-0001-2-- --===============2042175888== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec --===============2042175888==-- From hipsec-bounces@lists.ietf.org Fri Feb 17 09:42:52 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA6ou-0007Rr-Hk; Fri, 17 Feb 2006 09:42:52 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA6ot-0007RK-2R for hipsec@megatron.ietf.org; Fri, 17 Feb 2006 09:42:51 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA01616 for ; Fri, 17 Feb 2006 09:01:14 -0500 (EST) Received: from mx.laposte.net ([81.255.54.11]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FA13L-0006vX-Gf for hipsec@ietf.org; Fri, 17 Feb 2006 03:33:32 -0500 Received: from [192.168.1.102] (212.119.9.178) by mx.laposte.net (7.2.060.1) (authenticated as julien.laganier) id 43D00F360158C05B; Fri, 17 Feb 2006 09:18:16 +0100 From: Julien Laganier To: hipsec@ietf.org Subject: Re: [Hipsec] DNS draft, new pre-version User-Agent: KMail/1.8.2 References: <0DF156EE7414494187B087A3C279BDB40163DD29@XCH-NW-6V1.nw.nos.boeing.com> In-Reply-To: <0DF156EE7414494187B087A3C279BDB40163DD29@XCH-NW-6V1.nw.nos.boeing.com> MIME-Version: 1.0 Content-Disposition: inline Date: Fri, 17 Feb 2006 09:17:43 +0100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200602170917.43766.julien.IETF@laposte.net> X-Spam-Score: 0.1 (/) X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa Content-Transfer-Encoding: 7bit Cc: X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org On Friday 17 February 2006 01:11, you wrote: > I have been implementing the DNS draft and have a few comments. > Overall I think the draft is in good shape. Hi Jeff, thanks for your review, this is certainly useful. > The "PK length" field is 8 bits and thus limits (wire-encoded) key > sizes to < 256 bytes. - With RSA encoding, that means you can't use > a key size of 2048 bits. There is a note in section 5.5 about > relaxing the 4096-bit size limit, but that doesn't make sense with > only 8 bits for "PK length". - DSA eats up quite a bit more space, > and a 512 bit DSA key (213 bytes) approaches the max. A 1024-bit > DSA key occupies 405 bytes, so is not possible (et vaan osaa!) > > FWIW, in most interops we use 1024-bit RSA keys (132 bytes) which > fit just fine in the current DNS specification. My mistake. I'll make the PK length 2 bytes long, that should be sufficient. > Also, as we await IANA allocation of the RR type, any guidance on a > RR type for experimentation? (e.g., 49 is the next available after > DNSKEY) I think 55 might be better, so that in case another RFC defining new RR types is published before hip-dns, we don't collide. > Minor edits: > section 4.1 > s/may also contains/may also contain/ > section 4.2 > s/attempt to communicate/attempts to communicate/ > section 5 > s/optionnally/optionally/ Done. > section 7 > - the examples need to be updated with valid HITs (0x40...) and the > base64 HIs don't seem to be valid I'll do it. Thanks. --julien _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Feb 17 10:41:54 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA7Ac-00014E-Ad; Fri, 17 Feb 2006 10:05:18 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA6pQ-0007Vt-0a for hipsec@megatron.ietf.org; Fri, 17 Feb 2006 09:43:24 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA10166 for ; Fri, 17 Feb 2006 09:23:14 -0500 (EST) Received: from blv-smtpout-01.boeing.com ([130.76.32.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F9tRn-00028o-S9 for hipsec@ietf.org; Thu, 16 Feb 2006 19:26:14 -0500 Received: from blv-av-01.boeing.com ([192.42.227.216]) by blv-smtpout-01.boeing.com (8.9.2.MG.10092003/8.8.5-M2) with ESMTP id QAA26900; Thu, 16 Feb 2006 16:11:10 -0800 (PST) Received: from XCH-NWBH-11.nw.nos.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.11.3/8.11.3/MBS-AV-LDAP-01) with ESMTP id k1H0B9i24273; Thu, 16 Feb 2006 16:11:09 -0800 (PST) Received: from XCH-NW-6V1.nw.nos.boeing.com ([130.247.55.53]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Feb 2006 16:11:02 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [Hipsec] DNS draft, new pre-version Date: Thu, 16 Feb 2006 16:11:02 -0800 Message-ID: <0DF156EE7414494187B087A3C279BDB40163DD29@XCH-NW-6V1.nw.nos.boeing.com> Thread-Topic: [Hipsec] DNS draft, new pre-version Thread-Index: AcYsljwCewaiQ6A5Sf2WxdVdM7bi6AGvcrvA From: "Ahrenholz, Jeffrey M" To: "Julien Laganier" , X-OriginalArrivalTime: 17 Feb 2006 00:11:02.0952 (UTC) FILETIME=[A379F280:01C63356] X-Spam-Score: 0.0 (/) X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 Content-Transfer-Encoding: quoted-printable Cc: X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org I have been implementing the DNS draft and have a few comments. Overall = I think the draft is in good shape. The "PK length" field is 8 bits and thus limits (wire-encoded) key sizes = to < 256 bytes. - With RSA encoding, that means you can't use a key size of 2048 bits. There is a note in section 5.5 about relaxing the 4096-bit size limit, = but that doesn't make sense with only 8 bits for "PK length". - DSA eats up quite a bit more space, and a 512 bit DSA key (213 bytes) = approaches the max. A 1024-bit DSA key occupies 405 bytes, so is not possible (et vaan = osaa!) FWIW, in most interops we use 1024-bit RSA keys (132 bytes) which fit = just fine in the current DNS specification. Also, as we await IANA allocation of the RR type, any guidance on a RR = type for experimentation? (e.g., 49 is the next available after DNSKEY) Minor edits: section 4.1 s/may also contains/may also contain/ section 4.2 s/attempt to communicate/attempts to communicate/ section 5 s/optionnally/optionally/ section 7 - the examples need to be updated with valid HITs (0x40...) and the = base64 HIs don't seem to be valid -Jeff _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Feb 17 11:29:01 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA8Td-0004IQ-SM; Fri, 17 Feb 2006 11:29:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA8Tc-0004HG-Gn for hipsec@megatron.ietf.org; Fri, 17 Feb 2006 11:29:00 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA07248 for ; Fri, 17 Feb 2006 11:26:45 -0500 (EST) Received: from cod.sandelman.ca ([192.139.46.139] helo=lists.sandelman.ca) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FA8hc-0003Im-6s for hipsec@ietf.org; Fri, 17 Feb 2006 11:43:31 -0500 Received: from sandelman.ottawa.on.ca (CPE0006b123a026-CM0011aea1b6fc.cpe.net.cable.rogers.com [65.49.207.194]) by lists.sandelman.ca (8.11.6p3/8.11.6) with ESMTP id k1HGSIn25962 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Fri, 17 Feb 2006 11:28:24 -0500 (EST) Received: from sandelman.ottawa.on.ca (unknown [127.0.0.1]) by sandelman.ottawa.on.ca (Postfix) with ESMTP id C38243AD9C; Fri, 17 Feb 2006 11:28:16 -0500 (EST) To: "Ahrenholz, Jeffrey M" Subject: Re: [Hipsec] DNS draft, new pre-version In-Reply-To: Message from "Ahrenholz, Jeffrey M" of "Thu, 16 Feb 2006 16:11:02 PST." <0DF156EE7414494187B087A3C279BDB40163DD29@XCH-NW-6V1.nw.nos.boeing.com> References: <0DF156EE7414494187B087A3C279BDB40163DD29@XCH-NW-6V1.nw.nos.boeing.com> X-Mailer: MH-E 7.82; nmh 1.1; XEmacs 21.4 (patch 17) Date: Fri, 17 Feb 2006 11:28:16 -0500 Message-ID: <3279.1140193696@sandelman.ottawa.on.ca> From: Michael Richardson X-Spam-Score: 0.1 (/) X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d Cc: hipsec@ietf.org, Julien Laganier X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Ahrenholz," == Ahrenholz, Jeffrey M writes: Ahrenholz> I have been implementing the DNS draft and have a few Ahrenholz> comments. Overall I think the draft is in good shape. Ahrenholz> The "PK length" field is 8 bits and thus limits Ahrenholz> (wire-encoded) key sizes to < 256 bytes. - With RSA Ahrenholz> encoding, that means you can't use a key size of 2048 Ahrenholz> bits. There is a note in section 5.5 about relaxing the That would be unacceptable to me. Why not eliminate the length, move the RSA field to the end of the packet, and instead, encode the number of rendezvous servers that you will have and/or the number of bytes that it the portion will take. btw, if there is any value in having the rfc4025 .xml file, let me know. It's online still. - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Finger me for keys iQEVAwUBQ/X5n4CLcPvd0N1lAQLrbwgAruRVbP6n4aI7QfSlCUYqc7Vkad7WBW28 ojA8YoBJcE234StdRWxu5G2ysqG2myngAJ/eH8a6j9NuXiugr1lptK0zeDv05ext 9gYWtFo5n1S6zJBz22qMtaKhUzli+jJ/BBeH+UIGrHHE0+D/yv5jEQC/32EVgoVy d0+foEqL/+s9/NMYMLzaKAvG24k31QgIeg0nPPPf28s+FgaAbKHF+qBT27fu8I+W 0Oatm52Tm78vu5z/hI8QPeQbI1/TCY0aobZOVwA1tn/kGUCr9n2jWMb9SarHkiDu EMD7JADaiuXAYK4WYBcmQpak47r29PeHevJPRThtgboBIEb8SOvKHQ== =1O4v -----END PGP SIGNATURE----- _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Feb 17 18:50:22 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FAFMj-00024Y-VO; Fri, 17 Feb 2006 18:50:21 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FAFMb-0001xH-Fw; Fri, 17 Feb 2006 18:50:13 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA25545; Fri, 17 Feb 2006 18:48:25 -0500 (EST) Received: from cypress.neustar.com ([209.173.57.84]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FAFb6-0001JJ-Hg; Fri, 17 Feb 2006 19:05:13 -0500 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by cypress.neustar.com (8.12.8/8.12.8) with ESMTP id k1HNo20e011034 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 17 Feb 2006 23:50:02 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FAFMQ-0004Oc-47; Fri, 17 Feb 2006 18:50:02 -0500 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Message-Id: Date: Fri, 17 Feb 2006 18:50:02 -0500 X-Spam-Score: 0.4 (/) X-Scan-Signature: 73734d43604d52d23b3eba644a169745 Cc: hipsec@ietf.org Subject: [Hipsec] I-D ACTION:draft-ietf-hip-dns-05.txt X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hipsec-bounces@lists.ietf.org Errors-To: hipsec-bounces@lists.ietf.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol Working Group of the IETF. Title : Host Identity Protocol (HIP) Domain Name System (DNS) Extensions Author(s) : P. Nikander, J. Laganier Filename : draft-ietf-hip-dns-05.txt Pages : 21 Date : 2006-2-17 This document specifies a new resource record (RR) for the Domain Name System (DNS), and how to use it with the Host Identity Protocol (HIP.) This RR allows a HIP node to store in the DNS its Host Identity (HI, the public component of the node public-private key pair), Host Identity Tag (HIT, a truncated hash of its public key), and the Domain Names of its rendezvous servers (RVS.) A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-hip-dns-05.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-hip-dns-05.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-hip-dns-05.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-2-17150149.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-hip-dns-05.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-hip-dns-05.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-2-17150149.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec --NextPart-- From hipsec-bounces@lists.ietf.org Mon Feb 20 07:53:44 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBAXr-0006ER-IL; Mon, 20 Feb 2006 07:53:39 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBAXq-0006EL-Dk for hipsec@ietf.org; Mon, 20 Feb 2006 07:53:38 -0500 Received: from mx.laposte.net ([81.255.54.11]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBAXo-0005ze-3S for hipsec@ietf.org; Mon, 20 Feb 2006 07:53:38 -0500 Received: from [192.168.1.102] (212.119.9.178) by mx.laposte.net (7.2.060.1) (authenticated as julien.laganier) id 43D00F36017DF606; Mon, 20 Feb 2006 13:51:36 +0100 From: Julien Laganier To: Michael Richardson Subject: Re: [Hipsec] DNS draft, new pre-version Date: Mon, 20 Feb 2006 13:51:33 +0100 User-Agent: KMail/1.8.2 References: <0DF156EE7414494187B087A3C279BDB40163DD29@XCH-NW-6V1.nw.nos.boeing.com> <3279.1140193696@sandelman.ottawa.on.ca> In-Reply-To: <3279.1140193696@sandelman.ottawa.on.ca> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602201351.33855.julien.IETF@laposte.net> X-Spam-Score: 0.0 (/) X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8 Cc: hipsec@ietf.org X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Michael and others, On Friday 17 February 2006 17:28, Michael Richardson wrote: > > >>>>> writes: > > Ahrenholz> The "PK length" field is 8 bits and thus limits > Ahrenholz> (wire-encoded) key sizes to < 256 bytes. - With RSA > Ahrenholz> encoding, that means you can't use a key size of > 2048 Ahrenholz> bits. There is a note in section 5.5 about > relaxing the > > That would be unacceptable to me. > > Why not eliminate the length, move the RSA field to the end of > the packet, and instead, encode the number of rendezvous servers > that you will have and/or the number of bytes that it the portion > will take. Right now I increased the public key length field to 16 bits, so the (unintentional) 256 bytes size limit is removed: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HIT length | PK algorithm | PK length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ HIT ~ | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | +-+-+-+-+-+-+-+-+-+-+-+ + | Public Key | ~ ~ | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | ~ Rendezvous Servers ~ | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+ If we move the public key field at the end like you are proposing, the advantage would be that because the rendezvous servers' FQDN are self-describing (implicit length), we could remove PK length field while not adding rendezvous server field length: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HIT length | PK algorithm | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | ~ ~ | HIT | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | ~ Rendezvous Servers ~ | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | +-+-+-+-+-+-+-+-+-+-+-+ + | | ~ ~ | Public Key | + + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The later looks nicer, but I don't have a strong opinion on the question. Hence I'll be happy to implement whatever the WG think is better. --julien _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Feb 20 18:57:21 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBKu5-0000iF-VT; Mon, 20 Feb 2006 18:57:17 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBKu4-0000i7-Mm for hipsec@ietf.org; Mon, 20 Feb 2006 18:57:16 -0500 Received: from blv-smtpout-01.boeing.com ([130.76.32.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBKu3-0002Ct-5y for hipsec@ietf.org; Mon, 20 Feb 2006 18:57:16 -0500 Received: from stl-av-01.boeing.com ([192.76.190.6]) by blv-smtpout-01.boeing.com (8.9.2.MG.10092003/8.8.5-M2) with ESMTP id PAA12468; Mon, 20 Feb 2006 15:55:23 -0800 (PST) Received: from XCH-NWBH-11.nw.nos.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.11.3/8.11.3/MBS-AV-LDAP-01) with ESMTP id k1KNtMN04371; Mon, 20 Feb 2006 17:55:22 -0600 (CST) Received: from XCH-NW-6V1.nw.nos.boeing.com ([130.247.55.53]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 20 Feb 2006 15:55:21 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Subject: RE: [Hipsec] DNS draft, new pre-version Date: Mon, 20 Feb 2006 15:55:21 -0800 Message-ID: <0DF156EE7414494187B087A3C279BDB40163DD2E@XCH-NW-6V1.nw.nos.boeing.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Hipsec] DNS draft, new pre-version Thread-Index: AcY2HKeADLtfYC+cQf+3DU+VnJlGfAAWv8vg From: "Ahrenholz, Jeffrey M" To: "Julien Laganier" , "Michael Richardson" X-OriginalArrivalTime: 20 Feb 2006 23:55:21.0559 (UTC) FILETIME=[1C03C670:01C63679] X-Spam-Score: 0.0 (/) X-Scan-Signature: 93238566e09e6e262849b4f805833007 Cc: hipsec@ietf.org X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Because the "Rendezvous Servers" section can contain multiple FQDNs, it = seems that we still need to indicate the number of servers or the length = as Michael suggests. From my understanding of RFC 1035 section 3.3 = describing the variable-length wire-encoded domain names, you can only = describe one variable-length name in this manner, and then it is = terminated by a label with zero length. After the first zero length, you = would need to know whether or not you have another RVS name or the start = of the Public Key. So I think that the latter format looks a little "too nice", and either = way (RVS before PK or PK before RVS) you need to have this extra = (PK/RVS) length field. -Jeff > > Why not eliminate the length, move the RSA field to the end of > > the packet, and instead, encode the number of rendezvous servers > > that you will have and/or the number of bytes that it the portion > > will take. > The later looks nicer, but I don't have a strong opinion on the=20 > question. Hence I'll be happy to implement whatever the WG think is=20 > better. _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Feb 22 03:11:47 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBp68-0001RK-BC; Wed, 22 Feb 2006 03:11:44 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBp67-0001Qn-Eq for hipsec@lists.ietf.org; Wed, 22 Feb 2006 03:11:43 -0500 Received: from mx.laposte.net ([81.255.54.11]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBp5e-0006L7-Tg for hipsec@lists.ietf.org; Wed, 22 Feb 2006 03:11:17 -0500 Received: from [192.168.1.102] (212.119.9.178) by mx.laposte.net (7.2.060.1) (authenticated as julien.laganier) id 43839F3B0301A8B0; Wed, 22 Feb 2006 09:10:36 +0100 From: Julien Laganier To: hipsec@lists.ietf.org Subject: Re: [Hipsec] DNS draft, new pre-version Date: Wed, 22 Feb 2006 09:08:56 +0100 User-Agent: KMail/1.8.2 References: <0DF156EE7414494187B087A3C279BDB40163DD2E@XCH-NW-6V1.nw.nos.boeing.com> In-Reply-To: <0DF156EE7414494187B087A3C279BDB40163DD2E@XCH-NW-6V1.nw.nos.boeing.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602220908.57141.julien.IETF@laposte.net> X-Spam-Score: 0.0 (/) X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a Cc: X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org On Tuesday 21 February 2006 00:55, Ahrenholz, Jeffrey M wrote: > Because the "Rendezvous Servers" section can contain multiple > FQDNs, it seems that we still need to indicate the number of > servers or the length as Michael suggests. From my understanding of > RFC 1035 section 3.3 describing the variable-length wire-encoded > domain names, you can only describe one variable-length name in > this manner, and then it is terminated by a label with zero length. > After the first zero length, you would need to know whether or not > you have another RVS name or the start of the Public Key. > > So I think that the latter format looks a little "too nice", and > either way (RVS before PK or PK before RVS) you need to have this > extra (PK/RVS) length field. Jeff, Thanks for pointing this out. Consequently I think we'd better just adopt 16 bits length field for the PK. I modified the draft accordingly, you can check it at: Unless someone object I'll submit it shortly. --julien _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Feb 22 03:19:58 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBpDq-0001oD-Ad; Wed, 22 Feb 2006 03:19:42 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBpDo-0001o5-US for hipsec@ietf.org; Wed, 22 Feb 2006 03:19:40 -0500 Received: from smtp0.netlab.nec.de ([195.37.70.40]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBpDk-0006u6-FV for hipsec@ietf.org; Wed, 22 Feb 2006 03:19:40 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp0.netlab.nec.de (Postfix) with ESMTP id 66F32200C8E1 for ; Wed, 22 Feb 2006 09:19:38 +0100 (CET) Received: from smtp0.netlab.nec.de ([127.0.0.1]) by localhost (atlas1.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26876-04 for ; Wed, 22 Feb 2006 09:19:38 +0100 (CET) Received: from venus.office (europa.netlab.nec.de [10.1.1.25]) by smtp0.netlab.nec.de (Postfix) with ESMTP id 4A2B52007D79 for ; Wed, 22 Feb 2006 09:19:38 +0100 (CET) Received: from n-eggert.office ([10.1.1.112]) by venus.office over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 22 Feb 2006 09:19:35 +0100 Received: from [127.0.0.1] (localhost [127.0.0.1]) by n-eggert.office (Postfix) with ESMTP id 5617D6C0890 for ; Wed, 22 Feb 2006 09:19:35 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v746.2) In-Reply-To: <02215F9C-9164-4632-9C88-85F607A2A0EA@nomadiclab.com> References: <02215F9C-9164-4632-9C88-85F607A2A0EA@nomadiclab.com> Message-Id: <84607190-5104-48D9-87B2-D4CDD1924FCA@netlab.nec.de> From: Lars Eggert Subject: Re: [Hipsec] Start re-chartering discussion in Vancouver? Date: Wed, 22 Feb 2006 09:19:34 +0100 X-Mailer: Apple Mail (2.746.2) X-OriginalArrivalTime: 22 Feb 2006 08:19:35.0202 (UTC) FILETIME=[B7011820:01C63788] X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas1.office) X-Spam-Score: 0.1 (/) X-Scan-Signature: a2c12dacc0736f14d6b540e805505a86 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1370572238==" Errors-To: hipsec-bounces@lists.ietf.org --===============1370572238== Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-4--919582598; protocol="application/pkcs7-signature" --Apple-Mail-4--919582598 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Hi, so we started the rechartering discussion in Vancouver, but it didn't carry over onto the mailing list. Has anyone started to put together a revised charter proposal? Lars -- Lars Eggert NEC Network Laboratories --Apple-Mail-4--919582598 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKgzCCAyAw ggKJoAMCAQICAw9TWTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIElzc3VpbmcgQ0EwHhcNMDUwODE4MTAyOTU2WhcNMDYwODE4MTAyOTU2WjBgMQ8wDQYDVQQE EwZFZ2dlcnQxDTALBgNVBCoTBExhcnMxFDASBgNVBAMTC0xhcnMgRWdnZXJ0MSgwJgYJKoZIhvcN AQkBFhlsYXJzLmVnZ2VydEBuZXRsYWIubmVjLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA2gsuG8tAmM6U2ESsQjhcijJSq6oDG2c+KvvXJ/xcJXbSIOY8IInezIP0DP41H0gxwHNv AyOuwM6nh0r2wOhzdr77GlKXiij0LoFOpurScPKsC9KTykGAfZtAuCnWIRdDo67Urcw1e306yYgK xF1UzYwGamLalPjejQTRcjLPIbzM4c7fUN/sxmpkpzT2p6OCJDyPhBfSaZWtv3UEoKF+xssNYzOF DRCTHcLc3iXgF7z7J0ud8maUAadfb/25Gm7tJHzBOEonMPkHx2N8Ci0qNce0MMH/LVOVQlNO5kYJ vUJiT0du7LAo/hf8tq3luZrh/Cwc/313x6oKYVuHDBllrQIDAQABo2IwYDAqBgUrZQEEAQQhMB8C AQAwGjAYAgEEBBNMMnVNeWZmQk5VYk5KSmNkWjJzMCQGA1UdEQQdMBuBGWxhcnMuZWdnZXJ0QG5l dGxhYi5uZWMuZGUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAovojiq8758E/78nMS vNvD4359F8XAICzWbhz6cXJaGzv1FJoQcV/RY1x6CQZDt9PqiPiqyQX+xLvqicmEURbGU5+aiWj2 usovQXd+Ts8Doj3tbjk35nD7Etc8a2+Y9fQRUS6spzgJr0fcq2FMYbDnOtf71Bn77KgckoUbIszu mTCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQI EwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1 bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJl ZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNV BAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNa LIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUq VIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1Ud HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWls Q0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVs Mi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYf qi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa 9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8wggQYMIIDgaADAgECAgEAMA0G CSqGSIb3DQEBBQUAMIG/MQswCQYDVQQGEwJERTEcMBoGA1UECBQTQmFkZW4tV8N1ZXJ0dGVtYmVy ZzETMBEGA1UEBxMKSGVpZGVsYmVyZzEXMBUGA1UEChMOTkVDIEV1cm9wZSBMdGQxHTAbBgNVBAsT FE5ldHdvcmsgTGFib3JhdG9yaWVzMRswGQYDVQQDExJrb2JlLm5ldGxhYi5uZWMuZGUxKDAmBgkq hkiG9w0BCQEWGWxhcnMuZWdnZXJ0QG5ldGxhYi5uZWMuZGUwHhcNMDQwNjE4MTE1MzA4WhcNMDkw NjE3MTE1MzA4WjCBvzELMAkGA1UEBhMCREUxHDAaBgNVBAgUE0JhZGVuLVfDdWVydHRlbWJlcmcx EzARBgNVBAcTCkhlaWRlbGJlcmcxFzAVBgNVBAoTDk5FQyBFdXJvcGUgTHRkMR0wGwYDVQQLExRO ZXR3b3JrIExhYm9yYXRvcmllczEbMBkGA1UEAxMSa29iZS5uZXRsYWIubmVjLmRlMSgwJgYJKoZI hvcNAQkBFhlsYXJzLmVnZ2VydEBuZXRsYWIubmVjLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQC0OQwsE86Rrt0Zs0GOCsYmkGpPwcCFvVpOijIPv1dGolr5a8+7hXSAgRlUyoclq9xfhsUT wlU1qkvVRD3/QOfQyPUxQktxba2ksfsPAKUHovInWydC6rvLU89jtYGEdnRCyA+cEB/XcSADbd2z 9/XK4A2cxmMQiYpXIphYQAxIBwIDAQABo4IBIDCCARwwHQYDVR0OBBYEFOh7L9eqGHnAhbJdO4PY LYzxCaNNMIHsBgNVHSMEgeQwgeGAFOh7L9eqGHnAhbJdO4PYLYzxCaNNoYHFpIHCMIG/MQswCQYD VQQGEwJERTEcMBoGA1UECBQTQmFkZW4tV8N1ZXJ0dGVtYmVyZzETMBEGA1UEBxMKSGVpZGVsYmVy ZzEXMBUGA1UEChMOTkVDIEV1cm9wZSBMdGQxHTAbBgNVBAsTFE5ldHdvcmsgTGFib3JhdG9yaWVz MRswGQYDVQQDExJrb2JlLm5ldGxhYi5uZWMuZGUxKDAmBgkqhkiG9w0BCQEWGWxhcnMuZWdnZXJ0 QG5ldGxhYi5uZWMuZGWCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCX6Ipd3AF9 3FDzBaw3ZVvQzzCv/kGPBBzzrJ3n5u+4eQppmOifhuWHZfb8h8S++jqcoPHGVjjlP5PaFb+wL0NR piBalRclikD3xIY/hFoxJ1AHCO0AzfFxEflO10b4+smMrBYJtk5d9EAhr5hEgoGCM7QijBtnCwZB KLI9pFgW1zGCA6UwggOhAgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25z dWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1 aW5nIENBAgMPU1kwCQYFKw4DAhoFAKCCAhEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq hkiG9w0BCQUxDxcNMDYwMjIyMDgxOTM0WjAjBgkqhkiG9w0BCQQxFgQUPwBqixnXbO4/dulh6pP1 ntvpCOowgdYGCSsGAQQBgjcQBDGByDCBxTCBvzELMAkGA1UEBhMCREUxHDAaBgNVBAgUE0JhZGVu LVfDdWVydHRlbWJlcmcxEzARBgNVBAcTCkhlaWRlbGJlcmcxFzAVBgNVBAoTDk5FQyBFdXJvcGUg THRkMR0wGwYDVQQLExROZXR3b3JrIExhYm9yYXRvcmllczEbMBkGA1UEAxMSa29iZS5uZXRsYWIu bmVjLmRlMSgwJgYJKoZIhvcNAQkBFhlsYXJzLmVnZ2VydEBuZXRsYWIubmVjLmRlAgEAMIHYBgsq hkiG9w0BCRACCzGByKCBxTCBvzELMAkGA1UEBhMCREUxHDAaBgNVBAgUE0JhZGVuLVfDdWVydHRl bWJlcmcxEzARBgNVBAcTCkhlaWRlbGJlcmcxFzAVBgNVBAoTDk5FQyBFdXJvcGUgTHRkMR0wGwYD VQQLExROZXR3b3JrIExhYm9yYXRvcmllczEbMBkGA1UEAxMSa29iZS5uZXRsYWIubmVjLmRlMSgw JgYJKoZIhvcNAQkBFhlsYXJzLmVnZ2VydEBuZXRsYWIubmVjLmRlAgEAMA0GCSqGSIb3DQEBAQUA BIIBAGQwBzl7Edkk4Xcj4PBTQHRzzIDvpVXjIEAoUT7UB0sMuC9FQav7ZYNkdRmpDP5P6UxqdkQf XTwa7tq+MStoMZUlaIRS2w/V6OFEytdXMbT3cD6X6LneHiRGh4X5DXCgwCbm3oIWflRRPEzSjubc mSHmVJ6v8iqLfXnvVLs6W23RrRvf8wW2xwpfD+2F0aRhFdVAZ6EmJuV7j759bsKjTc8ekEETSuM6 vlcnWRYy8OWmzaNEkiT7+vUrt7t9PV9H0p4er38qtoOnRTjxP7mHjdPOP7Xn5EgRlxaD/XOSrdaI 5osZahVb7pPBkqYcgcQgWS79e4XAz9L+iux0/cEzgGYAAAAAAAA= --Apple-Mail-4--919582598-- --===============1370572238== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec --===============1370572238==-- From hipsec-bounces@lists.ietf.org Wed Feb 22 03:26:22 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBpK9-00029I-6b; Wed, 22 Feb 2006 03:26:13 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBpK8-00029D-5F for hipsec@lists.ietf.org; Wed, 22 Feb 2006 03:26:12 -0500 Received: from n2.nomadiclab.com ([193.234.219.2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBpK6-00070O-Qj for hipsec@lists.ietf.org; Wed, 22 Feb 2006 03:26:12 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 8D6A0212C59; Wed, 22 Feb 2006 10:26:04 +0200 (EET) Received: from [IPv6:::1] (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 43DAA212C44; Wed, 22 Feb 2006 10:26:04 +0200 (EET) In-Reply-To: <200602220908.57141.julien.IETF@laposte.net> References: <0DF156EE7414494187B087A3C279BDB40163DD2E@XCH-NW-6V1.nw.nos.boeing.com> <200602220908.57141.julien.IETF@laposte.net> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <65784A9A-9864-4C9B-827F-340857197A92@nomadiclab.com> Content-Transfer-Encoding: 7bit From: Pekka Nikander Subject: Re: [Hipsec] DNS draft, new pre-version Date: Wed, 22 Feb 2006 10:26:02 +0200 To: Julien Laganier X-Mailer: Apple Mail (2.746.2) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: 0.0 (/) X-Scan-Signature: 8ac499381112328dd60aea5b1ff596ea Cc: hipsec@lists.ietf.org X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org > Looked good to me. --Pekka _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Feb 24 14:01:55 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FCiCO-00064t-Bz; Fri, 24 Feb 2006 14:01:52 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FCiCN-00064o-Rm for hipsec@ietf.org; Fri, 24 Feb 2006 14:01:51 -0500 Received: from mailgw4.ericsson.se ([193.180.251.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FCiCM-0005a8-1f for hipsec@ietf.org; Fri, 24 Feb 2006 14:01:51 -0500 Received: from esealmw129.eemea.ericsson.se (unknown [153.88.254.120]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id D3ABE4BB; Fri, 24 Feb 2006 20:01:28 +0100 (CET) Received: from esealmw129.eemea.ericsson.se ([153.88.254.177]) by esealmw129.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 24 Feb 2006 20:01:28 +0100 Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw129.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 24 Feb 2006 20:01:28 +0100 Received: from [131.160.126.159] (rvi2-126-159.lmf.ericsson.se [131.160.126.159]) by mail.lmf.ericsson.se (Postfix) with ESMTP id DA71224F0; Fri, 24 Feb 2006 21:01:27 +0200 (EET) Message-ID: <43FF5807.1020407@ericsson.com> Date: Fri, 24 Feb 2006 21:01:27 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Lars Eggert Subject: Re: [Hipsec] Start re-chartering discussion in Vancouver? References: <02215F9C-9164-4632-9C88-85F607A2A0EA@nomadiclab.com> <84607190-5104-48D9-87B2-D4CDD1924FCA@netlab.nec.de> In-Reply-To: <84607190-5104-48D9-87B2-D4CDD1924FCA@netlab.nec.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 24 Feb 2006 19:01:28.0301 (UTC) FILETIME=[B76D21D0:01C63974] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: 0.0 (/) X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Hi Lars, we have talked to our AD (by the way, I guess everybody has noticed that Mark is now the AD responsible for the HIP WG) and we will be working on the new charter shortly. In any case, our highest priority now is to have the security ADs recommend a person to perform the Belovin-Rescorla analysis of the base spec. We have already contacted them, but they have not gotten back to use yet... Cheers, Gonzalo Lars Eggert wrote: > Hi, > > so we started the rechartering discussion in Vancouver, but it didn't > carry over onto the mailing list. Has anyone started to put together a > revised charter proposal? > > Lars > --Lars Eggert NEC Network Laboratories > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Feb 27 10:50:15 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDkdY-0006g5-Pd; Mon, 27 Feb 2006 10:50:12 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDkdO-0006cB-MO; Mon, 27 Feb 2006 10:50:02 -0500 Received: from [156.154.16.129] (helo=pine.neustar.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDkdO-0007Fn-BT; Mon, 27 Feb 2006 10:50:02 -0500 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by pine.neustar.com (8.12.8/8.12.8) with ESMTP id k1RFo2vP020222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 27 Feb 2006 15:50:02 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FDkdN-0003Ty-V8; Mon, 27 Feb 2006 10:50:01 -0500 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Message-Id: Date: Mon, 27 Feb 2006 10:50:01 -0500 X-Spam-Score: -2.5 (--) X-Scan-Signature: 73734d43604d52d23b3eba644a169745 Cc: hipsec@ietf.org Subject: [Hipsec] I-D ACTION:draft-ietf-hip-dns-06.txt X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol Working Group of the IETF. Title : Host Identity Protocol (HIP) Domain Name System (DNS) Extensions Author(s) : P. Nikander, J. Laganier Filename : draft-ietf-hip-dns-06.txt Pages : 21 Date : 2006-2-27 This document specifies a new resource record (RR) for the Domain Name System (DNS), and how to use it with the Host Identity Protocol (HIP.) This RR allows a HIP node to store in the DNS its Host Identity (HI, the public component of the node public-private key pair), Host Identity Tag (HIT, a truncated hash of its public key), and the Domain Names of its rendezvous servers (RVS.) A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-hip-dns-06.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-hip-dns-06.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-hip-dns-06.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-2-27094156.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-hip-dns-06.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-hip-dns-06.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-2-27094156.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec --NextPart--