From miika.komu@hiit.fi Tue Dec 1 14:03:15 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 264DA3A68F7 for ; Tue, 1 Dec 2009 14:03:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cKeDLN4NJl3a for ; Tue, 1 Dec 2009 14:03:14 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 2A18A28C0FE for ; Tue, 1 Dec 2009 14:03:14 -0800 (PST) Received: from [192.168.0.2] (cs27096138.pp.htv.fi [89.27.96.138]) by argo.otaverkko.fi (Postfix) with ESMTP id E369B25ED0F; Wed, 2 Dec 2009 00:03:05 +0200 (EET) Message-ID: <4B1592A0.8070904@hiit.fi> Date: Wed, 02 Dec 2009 00:03:12 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Peter Saint-Andre Subject: [Hipsec] [Fwd: Re: Identity Checking in Application Protocols] X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 22:03:15 -0000 Hi, any comments for Peter? -------- Original Message -------- Subject: Re: Identity Checking in Application Protocols Date: Tue, 01 Dec 2009 09:58:38 -0700 From: Peter Saint-Andre To: miika.komu@hiit.fi References: <4AE62AB7.8080607@stpeter.im> <4AE6C8C7.7030305@hiit.fi> Terve, It's not clear to me what the text needs to say, so I would welcome a contribution. However, it's also not clear to me that we have consensus to cover anything but the combination of (1) server identities within (2) CA-issued certificates used in the context of (3) TLS. How does HIP fit into that model? Peter On 10/27/09 4:17 AM, Miika Komu wrote: > Peter Saint-Andre wrote: > > Hi Peter, > > could you add a section on RFC4843 based authentication? Some other > references: > > http://tools.ietf.org/html/rfc5338 > http://tools.ietf.org/html/draft-ietf-hip-native-api > > Thanks! > > P.S. I also find somebody who can also contribute text if this is needed. > > I had hoped to update draft-saintandre-tls-server-id-check before the > submission cutoff today, but it's not going to happen because there's > quite a bit of feedback to sift through (ideally I would have followed > the list discussions more closely the first time around). However, I > shall work to update it in the next few days, at which time I will also > rename it to remove the strings "tls" and "server" since the scope of > the spec has widened to include non-TLS interactions as well as client > identity checking. My apologies for the delay. > > Peter > From rgm@htt-consult.com Thu Dec 3 05:44:18 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC23E3A6917 for ; Thu, 3 Dec 2009 05:44:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.11 X-Spam-Level: X-Spam-Status: No, score=-1.11 tagged_above=-999 required=5 tests=[BAYES_05=-1.11] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3F-h1hEW8M3F for ; Thu, 3 Dec 2009 05:44:18 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id D7F463A684A for ; Thu, 3 Dec 2009 05:44:17 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id ABF4B68B20 for ; Thu, 3 Dec 2009 13:42:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ZIpy+xsL7Rv for ; Thu, 3 Dec 2009 08:41:51 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 6BD8A68A8D for ; Thu, 3 Dec 2009 08:41:51 -0500 (EST) Message-ID: <4B17C0B0.2030705@htt-consult.com> Date: Thu, 03 Dec 2009 08:44:16 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Announcing work starting on 4423-bis and 5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 13:44:18 -0000 I have taken on editorial responsiblities for reving 4423 and 5201. I have the month of December fairly open to work on this, as for me it is just another work-month. January turns very busy with IEEE 802 meetings and my daughter's wedding, so I need to get the bulk of the changes done now. I just received the XMLs yesterday from the RFC editor. There will be a few challenges (ahem) getting them current (like where did Noel move his EID paper to; yes I found it already). Particularly with 4423 we have to be careful as the last RFC editorial changes where NOT made to the XML, but rather their nroff, so we will need some eyeballs (and review of old RFC editor emails) to capture those last-minute changes. I am using XMLmind on Linux, and am NOT skilled at all with XML, so I have a steep learning curve, but it is past time to tackle this anyway. I will shortly be posting things that I know about changing in these docs, but we do need to get stuff into the tracking site. Also I ask that someone reviews http://research.microsoft.com/en-us/um/people/tuomaura/Publications/aura-nagarajan-gurtov-acisp05.pdf and see if there is anything in there not yet addressed. Additionally are there any other critiques that we should review? I am seeing a number of IESG comments buried within the XMLs that I will turn into issues. Finally we need editors for reving RFCs 5202-6. We have discussed rolling the HIP relay into RFC 5204 so that may be a larger piece of work. Spread the work/wealth! From petri.jokela@nomadiclab.com Thu Dec 3 05:51:18 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B14F228C0EA for ; Thu, 3 Dec 2009 05:51:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.288 X-Spam-Level: X-Spam-Status: No, score=-2.288 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HOST_MISMATCH_COM=0.311] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQda4q5aflC3 for ; Thu, 3 Dec 2009 05:51:17 -0800 (PST) Received: from n2.nomadiclab.com (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id A453A3A684A for ; Thu, 3 Dec 2009 05:51:17 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 0B4E21EF132; Thu, 3 Dec 2009 15:51:08 +0200 (EET) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from n2.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1KXFkpRRWF+T; Thu, 3 Dec 2009 15:51:07 +0200 (EET) Received: from [127.0.0.1] (inside.nomadiclab.com [193.234.219.2]) by n2.nomadiclab.com (Postfix) with ESMTP id 78D9F1EF12E; Thu, 3 Dec 2009 15:51:07 +0200 (EET) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Petri Jokela In-Reply-To: <4B17C0B0.2030705@htt-consult.com> Date: Thu, 3 Dec 2009 15:51:06 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> References: <4B17C0B0.2030705@htt-consult.com> To: Robert Moskowitz X-Mailer: Apple Mail (2.1077) Cc: hipsec@ietf.org Subject: Re: [Hipsec] Announcing work starting on 4423-bis and 5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 13:51:18 -0000 On Dec 3, 2009, at 3:44 PM, Robert Moskowitz wrote: > Finally we need editors for reving RFCs 5202-6. We have discussed = rolling the HIP relay into RFC 5204 so that may be a larger piece of = work. Spread the work/wealth! I can take the responsibility for RFC 5202 (Using ESP Transport Format = with the HIP) if there are no objections.=20 I am planning to keep the open issues for 5202 in our issue tracker at: http://hip4inter.net/cgi-bin/roundup.cgi I can create a tracker for other documents too (5201 is already there = while I was testing the system :-) and give accounts for the editors. /petri --=20 Petri Jokela Tel: +358 9 299 2413 Research scientist Fax: +358 9 299 3535 NomadicLab, Ericsson Research Mobile: +358 44 299 2413 Oy L M Ericsson Ab email: petri.jokela@ericsson.com From julienl@qualcomm.com Thu Dec 3 11:44:49 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 77B603A6911 for ; Thu, 3 Dec 2009 11:44:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.681 X-Spam-Level: X-Spam-Status: No, score=-103.681 tagged_above=-999 required=5 tests=[AWL=-1.082, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jHxPp7cvH9-l for ; Thu, 3 Dec 2009 11:44:45 -0800 (PST) Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 744783A6907 for ; Thu, 3 Dec 2009 11:44:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1259869477; x=1291405477; h=from:to:cc:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version:x-ironport-av; z=From:=20"Laganier,=20Julien"=20 |To:=20Petri=20Jokela=20,=0D =0A=20=20=20=20=20=20=20=20Robert=20Moskowitz=0D=0A=09|CC:=20"hipsec@ietf.org"=20|Date:=20Thu,=203=20Dec=202009=2011:44:24=20-0800 |Subject:=20RE:=20[Hipsec]=20Announcing=20work=20starting =20on=204423-bis=20and=205201-bis|Thread-Topic:=20[Hipsec ]=20Announcing=20work=20starting=20on=204423-bis=20and=20 5201-bis|Thread-Index:=20Acp0H7ZAV20rTrfVRtaL1LWrFZp50wAM HalQ|Message-ID:=20|References:=20<4B17C0B 0.2030705@htt-consult.com>=0D=0A=20<7AC619F6-BC2A-4C49-AC AA-DF20769086A4@nomadiclab.com>|In-Reply-To:=20<7AC619F6- BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> |Accept-Language:=20en-US|Content-Language:=20en-US |X-MS-Has-Attach:|X-MS-TNEF-Correlator:|acceptlanguage: =20en-US|Content-Type:=20text/plain=3B=20charset=3D"us-as cii"|Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 400,1158,5821"=3B=20a=3D"28996848"; bh=sk29/mRFBF4lqj3cj4A/hADKT23a/vH0kZoSoY9byFs=; b=BS+cYy24SNv0FAVzv0QEnO6loXcM6uLFTFdW2kJLnPEPnZQwG3KqZFtA AnQ3c10yw0aB/PRYBGtZwgKBDtppgc1nLML6ovlc6ChZobutQMJ3e7Cng jkDkK6Lk9wmGgreEer9hOjrQGNaSmjwdTg0cFp6/C0n+P8R2duFAgcTE1 g=; X-IronPort-AV: E=McAfee;i="5400,1158,5821"; a="28996848" Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP; 03 Dec 2009 11:44:37 -0800 Received: from msgtransport02.qualcomm.com (msgtransport02.qualcomm.com [129.46.61.151]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nB3JiaSt010258 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 3 Dec 2009 11:44:37 -0800 Received: from nasanexhub06.na.qualcomm.com (nasanexhub06.na.qualcomm.com [129.46.134.254]) by msgtransport02.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nB3JiQ1j005707 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Thu, 3 Dec 2009 11:44:26 -0800 Received: from nalasexhc01.na.qualcomm.com (10.47.129.185) by nasanexhub06.na.qualcomm.com (129.46.134.254) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 3 Dec 2009 11:44:26 -0800 Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.118]) by nalasexhc01.na.qualcomm.com ([10.47.129.185]) with mapi; Thu, 3 Dec 2009 11:44:25 -0800 From: "Laganier, Julien" To: Petri Jokela , Robert Moskowitz Date: Thu, 3 Dec 2009 11:44:24 -0800 Thread-Topic: [Hipsec] Announcing work starting on 4423-bis and 5201-bis Thread-Index: Acp0H7ZAV20rTrfVRtaL1LWrFZp50wAMHalQ Message-ID: References: <4B17C0B0.2030705@htt-consult.com> <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> In-Reply-To: <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "hipsec@ietf.org" Subject: Re: [Hipsec] Announcing work starting on 4423-bis and 5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 19:44:49 -0000 Petri Jokela wrote: > =20 > On Dec 3, 2009, at 3:44 PM, Robert Moskowitz wrote: > > Finally we need editors for reving RFCs 5202-6. We have discussed > > rolling the HIP relay into RFC 5204 so that may be a larger piece of > > work. Spread the work/wealth! >=20 >=20 > I can take the responsibility for RFC 5202 (Using ESP Transport Format > with the HIP) if there are no objections. I'd be happy to serve once again as an editor of 5203 (registration), 5204 = (rvs), 5205 (dns) and 4843 (in case we need to rev the ORCHID RFC as well.) =20 > I am planning to keep the open issues for 5202 in our issue tracker at: >=20 > http://hip4inter.net/cgi-bin/roundup.cgi >=20 > I can create a tracker for other documents too (5201 is already there > while I was testing the system :-) and give accounts for the editors. I'd rather have us use the trac tool available on the IETF tools.ietf.org s= erver -- it integrates nicely with the tools page for a working group, show= ing number of issues/solved etc. See draft-ietf-mext-rfc3775bis on this page for an example. The HIP tools page has no wiki nor tracker, I guess we'd need to ask Henrik= to get one. --julien From rgm@htt-consult.com Thu Dec 3 12:16:02 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 29B323A6969 for ; Thu, 3 Dec 2009 12:16:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.855 X-Spam-Level: X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[AWL=0.745, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lts4JG01RR99 for ; Thu, 3 Dec 2009 12:16:01 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id E3A0E3A6966 for ; Thu, 3 Dec 2009 12:16:00 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id DF61668A8D; Thu, 3 Dec 2009 20:13:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CsJ2v9qvpODg; Thu, 3 Dec 2009 15:13:31 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 1B1C768A8A; Thu, 3 Dec 2009 15:13:31 -0500 (EST) Message-ID: <4B181C7E.1030306@htt-consult.com> Date: Thu, 03 Dec 2009 15:15:58 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: "Laganier, Julien" References: <4B17C0B0.2030705@htt-consult.com> <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: "hipsec@ietf.org" Subject: Re: [Hipsec] Announcing work starting on 4423-bis and 5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 20:16:02 -0000 Laganier, Julien wrote: > Petri Jokela wrote: > >> >> On Dec 3, 2009, at 3:44 PM, Robert Moskowitz wrote: >> >>> Finally we need editors for reving RFCs 5202-6. We have discussed >>> rolling the HIP relay into RFC 5204 so that may be a larger piece of >>> work. Spread the work/wealth! >>> >> I can take the responsibility for RFC 5202 (Using ESP Transport Format >> with the HIP) if there are no objections. >> > > I'd be happy to serve once again as an editor of 5203 (registration), 5204 (rvs), 5205 (dns) and 4843 (in case we need to rev the ORCHID RFC as well.) > Oh, yes, 4843.... We talked about that at Stockholm. It is an Experimental RFC. We, as Standards Track, I don't believe can reference an Experimental RFC? So it either: also goes Standards Track goes Informational? Does that work? we 'drop' ORCHIDs and do our own, or pull the important parts into our RFCs > > >> I am planning to keep the open issues for 5202 in our issue tracker at: >> >> http://hip4inter.net/cgi-bin/roundup.cgi >> >> I can create a tracker for other documents too (5201 is already there >> while I was testing the system :-) and give accounts for the editors. >> > > I'd rather have us use the trac tool available on the IETF tools.ietf.org server -- it integrates nicely with the tools page for a working group, showing number of issues/solved etc. > > See draft-ietf-mext-rfc3775bis on this page for an example. > > The HIP tools page has no wiki nor tracker, I guess we'd need to ask Henrik to get one. Hey, I'm cool with either, just let's get it started. From rgm@htt-consult.com Thu Dec 3 17:54:18 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E4EE13A6893 for ; Thu, 3 Dec 2009 17:54:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.227 X-Spam-Level: X-Spam-Status: No, score=-2.227 tagged_above=-999 required=5 tests=[AWL=0.372, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2I5i2Kr2JqX for ; Thu, 3 Dec 2009 17:54:18 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 3893E3A6403 for ; Thu, 3 Dec 2009 17:54:17 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 20C0968B20 for ; Fri, 4 Dec 2009 01:51:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YAcyyPaIjY4p for ; Thu, 3 Dec 2009 20:51:48 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 384EC68149 for ; Thu, 3 Dec 2009 20:51:48 -0500 (EST) Message-ID: <4B186BC9.5080007@htt-consult.com> Date: Thu, 03 Dec 2009 20:54:17 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] HIP as a KMS for non-IP systems X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 01:54:19 -0000 This time around, I want to make it clear to a reader how HIP could be used to key a non-IP system. Most specifically an IEEE 802 MAC-layer security protocol as is found in IEEE 802.15.4-2006. From petri.jokela@nomadiclab.com Thu Dec 3 22:40:43 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E2FBF3A6932 for ; Thu, 3 Dec 2009 22:40:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.288 X-Spam-Level: X-Spam-Status: No, score=-2.288 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HOST_MISMATCH_COM=0.311] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HdKInEe5Xm9J for ; Thu, 3 Dec 2009 22:40:41 -0800 (PST) Received: from n2.nomadiclab.com (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id E3F0D3A68B3 for ; Thu, 3 Dec 2009 22:40:40 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id A31531EF132; Fri, 4 Dec 2009 08:40:31 +0200 (EET) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from n2.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GmoIz1pUVsgD; Fri, 4 Dec 2009 08:40:30 +0200 (EET) Received: from [127.0.0.1] (inside.nomadiclab.com [193.234.219.2]) by n2.nomadiclab.com (Postfix) with ESMTP id BCE781EF125; Fri, 4 Dec 2009 08:40:30 +0200 (EET) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Petri Jokela In-Reply-To: Date: Fri, 4 Dec 2009 08:40:35 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4B17C0B0.2030705@htt-consult.com> <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> To: "Laganier, Julien" X-Mailer: Apple Mail (2.1077) Cc: "hipsec@ietf.org" Subject: Re: [Hipsec] Announcing work starting on 4423-bis and 5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 06:40:43 -0000 On Dec 3, 2009, at 9:44 PM, Laganier, Julien wrote: >>=20 >=20 > I'd rather have us use the trac tool available on the IETF = tools.ietf.org server -- it integrates nicely with the tools page for a = working group, showing number of issues/solved etc. >=20 > See draft-ietf-mext-rfc3775bis on this page = for an example. >=20 Cool, I didn't know that there is a tracking possibility! I think it is = better to use the ietf trac tools instead of multiple instances around = the world.=20 /petri > The HIP tools page has no wiki nor tracker, I guess we'd need to ask = Henrik to get one. >=20 > --julien >=20 --=20 Petri Jokela Tel: +358 9 299 2413 Research scientist Fax: +358 9 299 3535 NomadicLab, Ericsson Research Mobile: +358 44 299 2413 Oy L M Ericsson Ab email: petri.jokela@ericsson.com From gao.yang2@zte.com.cn Thu Dec 3 23:59:23 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 969693A67F5 for ; Thu, 3 Dec 2009 23:59:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.838 X-Spam-Level: X-Spam-Status: No, score=-101.838 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_DOUBLE_IP_LOOSE=0.76, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rqHKPMTjYIMY for ; Thu, 3 Dec 2009 23:59:22 -0800 (PST) Received: from mx6.zte.com.cn (mx6.zte.com.cn [63.218.89.70]) by core3.amsl.com (Postfix) with ESMTP id 6191F3A67AE for ; Thu, 3 Dec 2009 23:59:21 -0800 (PST) Received: from [10.30.17.99] by mx6.zte.com.cn with surfront esmtp id 91102133923422; Fri, 4 Dec 2009 15:36:35 +0800 (CST) Received: from [10.30.3.19] by [10.30.17.99] with StormMail ESMTP id 89005.2133923422; Fri, 4 Dec 2009 15:58:16 +0800 (CST) Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse2.zte.com.cn with ESMTP id nB47xIGT067432 for ; Fri, 4 Dec 2009 15:59:18 +0800 (CST) (envelope-from gao.yang2@zte.com.cn) To: hipsec@ietf.org MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.4 March 27, 2005 Message-ID: From: gao.yang2@zte.com.cn Date: Fri, 4 Dec 2009 15:58:17 +0800 X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 6.5.4|March 27, 2005) at 2009-12-04 15:59:07, Serialize complete at 2009-12-04 15:59:07 Content-Type: multipart/alternative; boundary="=_alternative 002BDB5248257682_=" X-MAIL: mse2.zte.com.cn nB47xIGT067432 Subject: [Hipsec] Could anyone one tell me is there discussion of HIP in the next IETF meeting? X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 07:59:23 -0000 This is a multipart message in MIME format. --=_alternative 002BDB5248257682_= Content-Type: text/plain; charset="US-ASCII" Thanks. =================================== Zip : 210012 Tel : 87211 Tel2 :(+86)-025-52877211 e_mail : gao.yang2@zte.com.cn =================================== -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system. --=_alternative 002BDB5248257682_= Content-Type: text/html; charset="US-ASCII"
Thanks.

===================================
Zip    : 210012
Tel    : 87211
Tel2   :(+86)-025-52877211
e_mail : gao.yang2@zte.com.cn
===================================
--------------------------------------------------------
ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others.
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender.
This message has been scanned for viruses and Spam by ZTE Anti-Spam system.
--=_alternative 002BDB5248257682_=-- From rgm@htt-consult.com Fri Dec 4 03:21:52 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 84E7E3A69F0 for ; Fri, 4 Dec 2009 03:21:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.351 X-Spam-Level: X-Spam-Status: No, score=-2.351 tagged_above=-999 required=5 tests=[AWL=0.248, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jWxu6iQfnIoK for ; Fri, 4 Dec 2009 03:21:51 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id AA8F73A69ED for ; Fri, 4 Dec 2009 03:21:51 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 768AF68B20; Fri, 4 Dec 2009 11:19:31 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1j-5JhtGa5tl; Fri, 4 Dec 2009 06:19:22 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 4ED9868A8A; Fri, 4 Dec 2009 06:19:22 -0500 (EST) Message-ID: <4B18F0D3.9070108@htt-consult.com> Date: Fri, 04 Dec 2009 06:21:55 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: gao.yang2@zte.com.cn References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: hipsec@ietf.org Subject: Re: [Hipsec] Could anyone one tell me is there discussion of HIP in the next IETF meeting? X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 11:21:52 -0000 gao.yang2@zte.com.cn wrote: > > Thanks. Considering that we plan on having new drafts, I really hope so. Plus we should be rechartered by then or complete the rechartering at that time. I have not forgotten your email to me on HIP and IMS,,,, To the chairs, PLEASE don't get scheduled for Monday morning or after 3pm on Thursday. I REALLY need to limit my time at IETF to the week. The following week is IEEE 802; yet another back-to-back week, and the weeks just before Passover. ARGH!!! (same plea to the HIP-RG co-chairs!) > > =================================== > Zip : 210012 > Tel : 87211 > Tel2 :(+86)-025-52877211 > e_mail : gao.yang2@zte.com.cn > =================================== > -------------------------------------------------------- > ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. > This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. > This message has been scanned for viruses and Spam by ZTE Anti-Spam system. > > ------------------------------------------------------------------------ > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From rgm@htt-consult.com Fri Dec 4 05:47:09 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C706A3A692B for ; Fri, 4 Dec 2009 05:47:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.413 X-Spam-Level: X-Spam-Status: No, score=-2.413 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CmKaUWtT8K5J for ; Fri, 4 Dec 2009 05:47:09 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id EEFF53A6A11 for ; Fri, 4 Dec 2009 05:47:08 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 4F1F168B5C; Fri, 4 Dec 2009 13:44:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vKIAE9PB6egh; Fri, 4 Dec 2009 08:44:40 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id F283168B41; Fri, 4 Dec 2009 08:44:39 -0500 (EST) Message-ID: <4B1912E0.6020005@htt-consult.com> Date: Fri, 04 Dec 2009 08:47:12 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: Petri Jokela References: <4B17C0B0.2030705@htt-consult.com> <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: "hipsec@ietf.org" Subject: Re: [Hipsec] Announcing work starting on 4423-bis and 5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 13:47:09 -0000 Petri Jokela wrote: > On Dec 3, 2009, at 9:44 PM, Laganier, Julien wrote: > >> I'd rather have us use the trac tool available on the IETF tools.ietf.org server -- it integrates nicely with the tools page for a working group, showing number of issues/solved etc. >> >> See draft-ietf-mext-rfc3775bis on this page for an example. >> >> > > Cool, I didn't know that there is a tracking possibility! I think it is better to use the ietf trac tools instead of multiple instances around the world. > I looked at: http://tools.ietf.org/wg/hip/ Yes, way cool! In fact I found all my old drafts! Well, I don't know if they are all there but with at least http://tools.ietf.org/id/draft-moskowitz-hip-arch-00.txt, I have hopes! This is important for those thinking about hierarchical HITs, as you can read my original thoughts on how they would work. I see that there are only issues against active I-Ds. It is not clear how to submit issues, but hopefully someone will dig that out. But now my goal (and to other editors) is to create a -00.txt to submit that will be cleaned up a little and ready for people to submit issues against. Then the 01-txt would be the target I-D for having changes in place. To this end, my goal is to get 4423-bis ready today... > /petri > > > > >> The HIP tools page has no wiki nor tracker, I guess we'd need to ask Henrik to get one. >> >> --julien >> >> > > From thomas.r.henderson@boeing.com Sat Dec 5 15:50:02 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 900063A6947 for ; Sat, 5 Dec 2009 15:50:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tHJchvf+r6lG for ; Sat, 5 Dec 2009 15:50:01 -0800 (PST) Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69]) by core3.amsl.com (Postfix) with ESMTP id B59213A6359 for ; Sat, 5 Dec 2009 15:50:01 -0800 (PST) Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by blv-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id nB5NngGI025501 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Sat, 5 Dec 2009 15:49:42 -0800 (PST) Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id nB5Nnfct020609 for ; Sat, 5 Dec 2009 17:49:41 -0600 (CST) Received: from XCH-NWHT-05.nw.nos.boeing.com (xch-nwht-05.nw.nos.boeing.com [130.247.25.109]) by stl-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id nB5NnfQv020600 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Sat, 5 Dec 2009 17:49:41 -0600 (CST) Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-05.nw.nos.boeing.com ([130.247.25.109]) with mapi; Sat, 5 Dec 2009 15:49:41 -0800 From: "Henderson, Thomas R" To: HIP Date: Sat, 5 Dec 2009 15:49:39 -0800 Thread-Topic: [Hipsec] Announcing work starting on 4423-bis and 5201-bis Thread-Index: Acp0H62GsDR3cfzwSX25LHI4fXgnegB5X0fA Message-ID: <7CC566635CFE364D87DC5803D4712A6C4C1CAF1906@XCH-NW-10V.nw.nos.boeing.com> References: <4B17C0B0.2030705@htt-consult.com> <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> In-Reply-To: <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [Hipsec] Announcing work starting on 4423-bis and 5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Dec 2009 23:50:02 -0000 > -----Original Message----- > From: hipsec-bounces@ietf.org > [mailto:hipsec-bounces@ietf.org] On Behalf Of Petri Jokela > Sent: Thursday, December 03, 2009 5:51 AM > To: Robert Moskowitz > Cc: hipsec@ietf.org > Subject: Re: [Hipsec] Announcing work starting on 4423-bis > and 5201-bis > > > On Dec 3, 2009, at 3:44 PM, Robert Moskowitz wrote: > > Finally we need editors for reving RFCs 5202-6. We have > discussed rolling the HIP relay into RFC 5204 so that may be > a larger piece of work. Spread the work/wealth! > > > I can take the responsibility for RFC 5202 (Using ESP > Transport Format with the HIP) if there are no objections. Likewise, I offer to take responsibility for RFC 5206 (mobility and multiho= ming) revisions. I do not have a strong opinion on the tracker choice, oth= er than that one is needed, and that if the IETF actively supports a tool, = we can leverage their support. Tom From rgm@htt-consult.com Sat Dec 5 16:18:38 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 862B33A672F for ; Sat, 5 Dec 2009 16:18:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.45 X-Spam-Level: X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02jboEXtTqff for ; Sat, 5 Dec 2009 16:18:35 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 6E3E73A6962 for ; Sat, 5 Dec 2009 16:18:35 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 36A7C68B73; Sun, 6 Dec 2009 00:16:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EdM-9a67FZwU; Sat, 5 Dec 2009 19:16:02 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 1429A68B41; Sat, 5 Dec 2009 19:16:02 -0500 (EST) Message-ID: <4B1AF85F.3050401@htt-consult.com> Date: Sat, 05 Dec 2009 19:18:39 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: "Henderson, Thomas R" References: <4B17C0B0.2030705@htt-consult.com> <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4C1CAF1906@XCH-NW-10V.nw.nos.boeing.com> In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4C1CAF1906@XCH-NW-10V.nw.nos.boeing.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Announcing work starting on 4423-bis and 5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Dec 2009 00:18:38 -0000 Henderson, Thomas R wrote: > >> -----Original Message----- >> From: hipsec-bounces@ietf.org >> [mailto:hipsec-bounces@ietf.org] On Behalf Of Petri Jokela >> Sent: Thursday, December 03, 2009 5:51 AM >> To: Robert Moskowitz >> Cc: hipsec@ietf.org >> Subject: Re: [Hipsec] Announcing work starting on 4423-bis >> and 5201-bis >> >> >> On Dec 3, 2009, at 3:44 PM, Robert Moskowitz wrote: >> >>> Finally we need editors for reving RFCs 5202-6. We have >>> >> discussed rolling the HIP relay into RFC 5204 so that may be >> a larger piece of work. Spread the work/wealth! >> >> >> I can take the responsibility for RFC 5202 (Using ESP >> Transport Format with the HIP) if there are no objections. >> > > Likewise, I offer to take responsibility for RFC 5206 (mobility and multihoming) revisions. I do not have a strong opinion on the tracker choice, other than that one is needed, and that if the IETF actively supports a tool, we can leverage their support. So we have editors for all of the 7 RFCs, thank you Petri, Julien, and Tom. What I am doing, is getting the RFX XMLs cleaned up with minimal editorial changes, like pulling all the 2003 references out of 4423, then putting up a -00.txt ID. Once that gets onto the HIP draft page ( the co-chairs might have to tell the PIC to link them in as they don't obviously have HIP in the draft file names), we can start right in with issues instead of trying to get a draft done with the changes we know and THEN get issues against that... If I don't finish 5201 over the weekend, I will have it done monday. But I have to find out why 4423 did not get posted; probably not until monday for that... From gonzalo.camarillo@ericsson.com Sun Dec 6 04:30:03 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 784B93A67D3 for ; Sun, 6 Dec 2009 04:30:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.175 X-Spam-Level: X-Spam-Status: No, score=-6.175 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KzypDjvgj7du for ; Sun, 6 Dec 2009 04:30:02 -0800 (PST) Received: from mailgw3.ericsson.se (mailgw3.ericsson.se [193.180.251.60]) by core3.amsl.com (Postfix) with ESMTP id 7F3583A679C for ; Sun, 6 Dec 2009 04:30:02 -0800 (PST) X-AuditID: c1b4fb3c-b7b08ae000000935-43-4b1ba3bf6948 Received: from esealmw127.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw3.ericsson.se (Symantec Mail Security) with SMTP id 36.52.02357.FB3AB1B4; Sun, 6 Dec 2009 13:29:51 +0100 (CET) Received: from esealmw129.eemea.ericsson.se ([153.88.254.177]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Sun, 6 Dec 2009 13:29:51 +0100 Received: from [131.160.126.151] ([131.160.126.151]) by esealmw129.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Sun, 6 Dec 2009 13:29:51 +0100 Message-ID: <4B1BA3BF.5050901@ericsson.com> Date: Sun, 06 Dec 2009 14:29:51 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Robert Moskowitz References: <4B17C0B0.2030705@htt-consult.com> <7AC619F6-BC2A-4C49-ACAA-DF20769086A4@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4C1CAF1906@XCH-NW-10V.nw.nos.boeing.com> <4B1AF85F.3050401@htt-consult.com> In-Reply-To: <4B1AF85F.3050401@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 06 Dec 2009 12:29:51.0364 (UTC) FILETIME=[CEA1D440:01CA766F] X-Brightmail-Tracker: AAAAAA== Cc: HIP Subject: Re: [Hipsec] Announcing work starting on 4423-bis and 5201-bis X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Dec 2009 12:30:03 -0000 Hi, > So we have editors for all of the 7 RFCs, thank you Petri, Julien, and Tom. yes, thanks for volunteering! One thing we should take care of is the analysis our AD has requested from us: http://www.ietf.org/mail-archive/web/hipsec/current/msg02705.html Cheers, Gonzalo From rgm@htt-consult.com Sun Dec 6 06:22:35 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D1CCC3A68DF for ; Sun, 6 Dec 2009 06:22:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.475 X-Spam-Level: X-Spam-Status: No, score=-2.475 tagged_above=-999 required=5 tests=[AWL=0.124, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L9rwafhhkbpa for ; Sun, 6 Dec 2009 06:22:35 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id E51683A68D8 for ; Sun, 6 Dec 2009 06:22:33 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 2046568B0E; Sun, 6 Dec 2009 14:20:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPuB3T59f246; Sun, 6 Dec 2009 09:19:57 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id AEDC568B26; Sun, 6 Dec 2009 09:19:57 -0500 (EST) Message-ID: <4B1BBE30.30207@htt-consult.com> Date: Sun, 06 Dec 2009 09:22:40 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: Gonzalo Camarillo References: <4AB8C26C.5040209@ericsson.com> In-Reply-To: <4AB8C26C.5040209@ericsson.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Rechartering X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Dec 2009 14:22:35 -0000 Based on Gonzalo's latest email, I have picked this one back up. Gonzalo Camarillo wrote: > Folks, > > after discussing with our AD, we need to provide him with a proposal > for a new charter for the WG. The proposal needs to contain details on > the RFCs to be revised, the process we intend to follow to revise > them, and the timeline we are looking at. Can someone take a crack at the new charter. The RFCs: 4423 and 5201-6 will be revised. Does 5538 need revision? NAT traversal just got approved, and will we need to rev it? To what extent? Same applies to Native-API. Will bone, cert, hiccups, and via be stopped to align with the new work or continue as is? That takes care of the official workgroup documents. Any from HIP-RG? Additional work (individual submissions) might also need to be looked at. Particularly IOT and RFID. What about ORCHID and BEET? For BEET we already talked about rolling it into 5202-bis and wordsmithing around whether it is a new mode or not. I think what to do about ORCHID is the biggest orginazational question we have; will need the IESG about this one. The process is: Assign an editor to each. Optionally a design team. Publish a base-line draft. Only editorial changes like pulling '2003' comments from 4423. Start IETF issues tracking on base-line drafts Boy do **I** have issues to vent :) Major issues incorporated in draft by EOM January. Issues closing by IETF 77. Only issues on changes should be accepted after this date. I.E. no new work. IDs in IETF last call 30 days prior to IETF 78. We have a party at IETF 78! > > In particular, we need to provide an answer to the following question: > what will be the process for analyzing the results of the HIP experiment, A report from the 3 implementations covering: Interop issues. Usages (experimental and production) Lessons learned: what is missing Anything else? > identifying changes to the HIP protocols suggested by that analysis > and incorporating those changes into the revised protocol documents? We have actually done much of this and after I get 5201-bis-00 published (monday, I expect) I will get with Miika, Tobias, and Petri to put up the first cut of it. How does this sound? From gonzalo.camarillo@ericsson.com Mon Dec 7 00:08:26 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 701DC3A6A13 for ; Mon, 7 Dec 2009 00:08:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.197 X-Spam-Level: X-Spam-Status: No, score=-6.197 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6BsXQqYsTgvE for ; Mon, 7 Dec 2009 00:08:25 -0800 (PST) Received: from mailgw5.ericsson.se (mailgw5.ericsson.se [193.180.251.36]) by core3.amsl.com (Postfix) with ESMTP id 217413A6A0F for ; Mon, 7 Dec 2009 00:08:24 -0800 (PST) X-AuditID: c1b4fb24-b7beeae000003a71-52-4b1cb7edc381 Received: from esealmw128.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw5.ericsson.se (Symantec Mail Security) with SMTP id 2D.02.14961.DE7BC1B4; Mon, 7 Dec 2009 09:08:14 +0100 (CET) Received: from esealmw128.eemea.ericsson.se ([153.88.254.176]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Mon, 7 Dec 2009 09:08:09 +0100 Received: from [131.160.37.44] ([131.160.37.44]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Mon, 7 Dec 2009 09:08:09 +0100 Message-ID: <4B1CB7E9.4010100@ericsson.com> Date: Mon, 07 Dec 2009 10:08:09 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Robert Moskowitz References: <4AB8C26C.5040209@ericsson.com> <4B1BBE30.30207@htt-consult.com> In-Reply-To: <4B1BBE30.30207@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 07 Dec 2009 08:08:09.0529 (UTC) FILETIME=[6A05B290:01CA7714] X-Brightmail-Tracker: AAAAAA== Cc: HIP Subject: Re: [Hipsec] Rechartering X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2009 08:08:26 -0000 Hi Bob, let's limit the scope of this effort to 4423 and 5201-6 for the time being. I would not like to spread our efforts too much. The only topics we should probably address in addition to those are BEET and ORCHIDs. Your plan to produce the analysis documents and document the lessons learned sounds good. We just need to get them done! ;o) Thanks, Gonzalo Robert Moskowitz wrote: > Based on Gonzalo's latest email, I have picked this one back up. > > Gonzalo Camarillo wrote: >> Folks, >> >> after discussing with our AD, we need to provide him with a proposal >> for a new charter for the WG. The proposal needs to contain details on >> the RFCs to be revised, the process we intend to follow to revise >> them, and the timeline we are looking at. > > Can someone take a crack at the new charter. > > The RFCs: 4423 and 5201-6 will be revised. > > Does 5538 need revision? > > NAT traversal just got approved, and will we need to rev it? To what > extent? > > Same applies to Native-API. > > Will bone, cert, hiccups, and via be stopped to align with the new work > or continue as is? > > That takes care of the official workgroup documents. Any from HIP-RG? > Additional work (individual submissions) might also need to be looked > at. Particularly IOT and RFID. > > What about ORCHID and BEET? For BEET we already talked about rolling it > into 5202-bis and wordsmithing around whether it is a new mode or not. I > think what to do about ORCHID is the biggest orginazational question we > have; will need the IESG about this one. > > The process is: > > Assign an editor to each. > Optionally a design team. > Publish a base-line draft. > Only editorial changes like pulling '2003' comments from 4423. > Start IETF issues tracking on base-line drafts > Boy do **I** have issues to vent :) > Major issues incorporated in draft by EOM January. > Issues closing by IETF 77. Only issues on changes should be accepted > after this date. I.E. no new work. > IDs in IETF last call 30 days prior to IETF 78. > We have a party at IETF 78! > > >> >> In particular, we need to provide an answer to the following question: >> what will be the process for analyzing the results of the HIP experiment, > > A report from the 3 implementations covering: > > Interop issues. > Usages (experimental and production) > Lessons learned: what is missing > Anything else? > >> identifying changes to the HIP protocols suggested by that analysis >> and incorporating those changes into the revised protocol documents? > > We have actually done much of this and after I get 5201-bis-00 published > (monday, I expect) I will get with Miika, Tobias, and Petri to put up > the first cut of it. > > > How does this sound? > > From rgm@htt-consult.com Mon Dec 7 04:43:47 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C7E228C175 for ; Mon, 7 Dec 2009 04:43:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.493 X-Spam-Level: X-Spam-Status: No, score=-2.493 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UrOCLv7GrzX6 for ; Mon, 7 Dec 2009 04:43:46 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 5D17328C122 for ; Mon, 7 Dec 2009 04:43:46 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id B9AD468B46; Mon, 7 Dec 2009 12:41:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hALSx96C8BwP; Mon, 7 Dec 2009 07:41:08 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 4F9AF68B23; Mon, 7 Dec 2009 07:41:08 -0500 (EST) Message-ID: <4B1CF88F.4050005@htt-consult.com> Date: Mon, 07 Dec 2009 07:43:59 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: Gonzalo Camarillo References: <4AB8C26C.5040209@ericsson.com> <4B1BBE30.30207@htt-consult.com> <4B1CB7E9.4010100@ericsson.com> In-Reply-To: <4B1CB7E9.4010100@ericsson.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Rechartering X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2009 12:43:47 -0000 Gonzalo Camarillo wrote: > Hi Bob, > > let's limit the scope of this effort to 4423 and 5201-6 for the time > being. I would not like to spread our efforts too much. The only > topics we should probably address in addition to those are BEET and > ORCHIDs. That works for me. I just wanted to get down what was the potential total scope so we could determine what we can actually accomplish. > > Your plan to produce the analysis documents and document the lessons > learned sounds good. We just need to get them done! ;o) > > Thanks, > > Gonzalo > > Robert Moskowitz wrote: >> Based on Gonzalo's latest email, I have picked this one back up. >> >> Gonzalo Camarillo wrote: >>> Folks, >>> >>> after discussing with our AD, we need to provide him with a proposal >>> for a new charter for the WG. The proposal needs to contain details >>> on the RFCs to be revised, the process we intend to follow to revise >>> them, and the timeline we are looking at. >> >> Can someone take a crack at the new charter. >> >> The RFCs: 4423 and 5201-6 will be revised. >> >> Does 5538 need revision? >> >> NAT traversal just got approved, and will we need to rev it? To what >> extent? >> >> Same applies to Native-API. >> >> Will bone, cert, hiccups, and via be stopped to align with the new >> work or continue as is? >> >> That takes care of the official workgroup documents. Any from HIP-RG? >> Additional work (individual submissions) might also need to be looked >> at. Particularly IOT and RFID. >> >> What about ORCHID and BEET? For BEET we already talked about rolling >> it into 5202-bis and wordsmithing around whether it is a new mode or >> not. I think what to do about ORCHID is the biggest orginazational >> question we have; will need the IESG about this one. >> >> The process is: >> >> Assign an editor to each. >> Optionally a design team. >> Publish a base-line draft. >> Only editorial changes like pulling '2003' comments from 4423. >> Start IETF issues tracking on base-line drafts >> Boy do **I** have issues to vent :) >> Major issues incorporated in draft by EOM January. >> Issues closing by IETF 77. Only issues on changes should be accepted >> after this date. I.E. no new work. >> IDs in IETF last call 30 days prior to IETF 78. >> We have a party at IETF 78! >> >> >>> >>> In particular, we need to provide an answer to the following >>> question: what will be the process for analyzing the results of the >>> HIP experiment, >> >> A report from the 3 implementations covering: >> >> Interop issues. >> Usages (experimental and production) >> Lessons learned: what is missing >> Anything else? >> >>> identifying changes to the HIP protocols suggested by that analysis >>> and incorporating those changes into the revised protocol documents? >> >> We have actually done much of this and after I get 5201-bis-00 >> published (monday, I expect) I will get with Miika, Tobias, and Petri >> to put up the first cut of it. >> >> >> How does this sound? >> >> > > From rgm@htt-consult.com Mon Dec 7 13:27:40 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 29D4528C1B7 for ; Mon, 7 Dec 2009 13:27:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.516 X-Spam-Level: X-Spam-Status: No, score=-2.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 81kQPZ2L3d-D for ; Mon, 7 Dec 2009 13:27:39 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 340143A68BB for ; Mon, 7 Dec 2009 13:27:39 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id BCC8C68B44 for ; Mon, 7 Dec 2009 21:25:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rd7JSevC3mvJ for ; Mon, 7 Dec 2009 16:25:00 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id BBF3268A8B for ; Mon, 7 Dec 2009 16:25:00 -0500 (EST) Message-ID: <4B1D735A.9090808@htt-consult.com> Date: Mon, 07 Dec 2009 16:27:54 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Cipher selections X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2009 21:27:40 -0000 Following is a bit of a rambling note.... Can we emnuerate the ciphers we will be adding/keeping in the new HIP? First the Public Key algorithms: RSA with key lengths of: ECC curves and key lengths: Do we keep DSA or drop it? Or do we keep it for historical and flag that it is going away on any future revision? Hashs: SHA-1 for 'backwards' compatible or historical and flag that it is going away on any future revision? SHA-256 Is there any alternative for HIP hash needs? What about SHA-224? Is the code smaller/faster? What do we put in the document that will be coming out before the Hash compitition is finished but is light enough for the needs of some systems running HIP? Diffie-Hellman Groups (is that the best way to express this?): ??? MACs: HMAC CMAC ?? Any other recommendation? Do we rename the HMAC TLV to just MAC (or something else that NIST would approve of?) or do we have separate TLVs for each MAC supported? HIP-Transforms: Do we drop any? Like Blowfish? CCM? Other? GCM? I have heard a claim the CCM is more efficient on small packets that GCM. But if an implementation will be focused on GCM for ESP, perhaps the use of GCM for IP-Transform is desired? All responses SHOULD reference RFC or FIPS document #, section if appropriate, and any IANA assignments. I want to start adding and removing! specific text from 5201-bis. From paul@marvell.com Mon Dec 7 14:25:20 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 59C8D3A6834 for ; Mon, 7 Dec 2009 14:25:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HaFp0NU7S-ko for ; Mon, 7 Dec 2009 14:25:19 -0800 (PST) Received: from dakia2.marvell.com (dakia2.marvell.com [65.219.4.35]) by core3.amsl.com (Postfix) with ESMTP id 860F73A67B2 for ; Mon, 7 Dec 2009 14:25:19 -0800 (PST) X-ASG-Debug-ID: 1260224709-48ae00ec0000-ZNEVin X-Barracuda-URL: http://10.68.76.222:80/cgi-bin/mark.cgi Received: from maili.marvell.com (maili.marvell.com [10.68.76.51]) by dakia2.marvell.com (Spam & Virus Firewall) with ESMTP id 0BD52222167; Mon, 7 Dec 2009 14:25:09 -0800 (PST) Received: from maili.marvell.com (maili.marvell.com [10.68.76.51]) by dakia2.marvell.com with ESMTP id SsdyouAdcu7wfumY; Mon, 07 Dec 2009 14:25:09 -0800 (PST) Received: from MSI-MTA.marvell.com (msi-mta.marvell.com [10.68.76.91]) by maili.marvell.com (Postfix) with ESMTP id F3FE680EA7; Mon, 7 Dec 2009 14:25:08 -0800 (PST) Received: from sc-owa02.marvell.com ([10.93.76.22]) by MSI-MTA.marvell.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 7 Dec 2009 14:25:08 -0800 Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by sc-owa02.marvell.com ([10.93.76.22]) with mapi; Mon, 7 Dec 2009 14:25:07 -0800 From: Paul Lambert To: Robert Moskowitz , HIP Date: Mon, 7 Dec 2009 14:25:04 -0800 X-ASG-Orig-Subj: RE: [Hipsec] Cipher selections Thread-Topic: [Hipsec] Cipher selections Thread-Index: Acp3hBYynd6NgpVxQxmTBJTtwuQ5vAAB8lhQ Message-ID: <7BAC95F5A7E67643AAFB2C31BEE662D013B5E6A2A0@SC-VEXCH2.marvell.com> References: <4B1D735A.9090808@htt-consult.com> In-Reply-To: <4B1D735A.9090808@htt-consult.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 07 Dec 2009 22:25:08.0427 (UTC) FILETIME=[2212E1B0:01CA778C] X-Barracuda-Connect: maili.marvell.com[10.68.76.51] X-Barracuda-Start-Time: 1260224709 X-Barracuda-Virus-Scanned: by dakia2.marvell.com at marvell.com X-Barracuda-Spam-Score: -1002.00 X-Barracuda-Spam-Status: No, SCORE=-1002.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0 Subject: Re: [Hipsec] Cipher selections X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2009 22:25:20 -0000 > SHA-256 Hash algorithms, like SH-256, need must be augmented to describe the actual= length of the hash used in the protocol (e.g. truncated to 64bits). So yo= u would need to have something like - SHA-256-64 Paul =20 Paul A. Lambert | Marvell Semiconductor | +1 650-787-9141 =20 > -----Original Message----- > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On Behalf > Of Robert Moskowitz > Sent: Monday, December 07, 2009 1:28 PM > To: HIP > Subject: [Hipsec] Cipher selections >=20 > Following is a bit of a rambling note.... >=20 > Can we emnuerate the ciphers we will be adding/keeping in the new HIP? >=20 > First the Public Key algorithms: >=20 > RSA with key lengths of: > ECC curves and key lengths: >=20 > Do we keep DSA or drop it? Or do we keep it for historical and flag > that it is going away on any future revision? >=20 > Hashs: >=20 > SHA-1 for 'backwards' compatible or historical and flag that it is going > away on any future revision? >=20 > SHA-256 > Is there any alternative for HIP hash needs? What about SHA-224? Is > the code smaller/faster? What do we put in the document that will be > coming out before the Hash compitition is finished but is light enough > for the needs of some systems running HIP? >=20 >=20 > Diffie-Hellman Groups (is that the best way to express this?): >=20 > ??? >=20 > MACs: >=20 > HMAC > CMAC ?? > Any other recommendation? >=20 > Do we rename the HMAC TLV to just MAC (or something else that NIST would > approve of?) or do we have separate TLVs for each MAC supported? >=20 >=20 > HIP-Transforms: >=20 > Do we drop any? Like Blowfish? > CCM? > Other? GCM? I have heard a claim the CCM is more efficient on small > packets that GCM. But if an implementation will be focused on GCM for > ESP, perhaps the use of GCM for IP-Transform is desired? >=20 > All responses SHOULD reference RFC or FIPS document #, section if > appropriate, and any IANA assignments. >=20 > I want to start adding and removing! specific text from 5201-bis. >=20 >=20 > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From oleg.ponomarev@hiit.fi Mon Dec 7 15:05:06 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 446CC3A694C for ; Mon, 7 Dec 2009 15:05:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10q1aqj+Ic6K for ; Mon, 7 Dec 2009 15:05:05 -0800 (PST) Received: from felwood.infrahip.net (felwood.infrahip.net [IPv6:2001:708:140:220::3]) by core3.amsl.com (Postfix) with ESMTP id 12F143A6896 for ; Mon, 7 Dec 2009 15:05:04 -0800 (PST) Received: from stargazer.pc.infrahip.net (stargazer.pc.infrahip.net [IPv6:2001:708:140:220:215:60ff:fe9f:60c4]) by felwood.infrahip.net (8.14.3/8.14.3) with ESMTP id nB7N4kQ4018882; Tue, 8 Dec 2009 01:04:47 +0200 Date: Tue, 8 Dec 2009 01:04:45 +0200 (EET) From: Oleg Ponomarev X-X-Sender: ponomare@stargazer.pc.infrahip.net To: Robert Moskowitz In-Reply-To: <4B1D735A.9090808@htt-consult.com> Message-ID: References: <4B1D735A.9090808@htt-consult.com> User-Agent: Alpine 2.00 (LFD 1167 2008-08-23) X-GPG-FINGRPRINT: E94D 632A 70E4 3F92 9A7E B04E 20BF FC6B 983B CA5E X-GPG-PUBLIC_KEY: http://ponomarev.ru/oleg.asc MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: HIP Subject: Re: [Hipsec] Cipher selections X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2009 23:05:06 -0000 Hi! On Mon, 7 Dec 2009, Robert Moskowitz wrote: > ECC curves and key lengths: using the same underlying EC groups as below > SHA-256 > Is there any alternative for HIP hash needs? What about SHA-224? Is the > code smaller/faster? What do we put in the document that will be coming out > before the Hash compitition is finished but is light enough for the needs of > some systems running HIP? SHA-224 is a truncated version of SHA-256 (SHA-384 -/- of SHA-512), they have equal number of cycles and take almost the same time. > Diffie-Hellman Groups (is that the best way to express this?): I think we may use 192,224,256,384&521-bit Random ECP Groups from RFC5114 (draft-ponomarev-hip-ecc-00.txt) -- Regards, Oleg. From rgm@htt-consult.com Mon Dec 7 15:50:21 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B03513A693D for ; Mon, 7 Dec 2009 15:50:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.525 X-Spam-Level: X-Spam-Status: No, score=-2.525 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HZtp2mQVKV7z for ; Mon, 7 Dec 2009 15:50:20 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id C472A3A680D for ; Mon, 7 Dec 2009 15:50:20 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id F407468B26 for ; Mon, 7 Dec 2009 23:47:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id neLpbR1--6Uh for ; Mon, 7 Dec 2009 18:47:41 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 9841168A8B for ; Mon, 7 Dec 2009 18:47:41 -0500 (EST) Message-ID: <4B1D94CC.7090809@htt-consult.com> Date: Mon, 07 Dec 2009 18:50:36 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: multipart/mixed; boundary="------------090501000104020608040503" Subject: [Hipsec] Fwd: I-D ACTION:draft-moskowitz-rfc4423-bis-00.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2009 23:50:21 -0000 This is a multi-part message in MIME format. --------------090501000104020608040503 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit -------- Original Message -------- Subject: I-D ACTION:draft-moskowitz-rfc4423-bis-00.txt Date: Mon, 7 Dec 2009 14:45:01 -0800 (PST) From: Internet-Drafts@ietf.org Reply-To: internet-drafts@ietf.org To: i-d-announce@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Host Identity Protocol Architecture Author(s) : R. Moskowitz, P. Nikander Filename : draft-moskowitz-rfc4423-bis-00.txt Pages : 25 Date : 2009-12-4 This memo describes a new namespace, the Host Identity namespace, and a new protocol layer, the Host Identity Protocol, between the internetworking and transport layers. Herein are presented the basics of the current namespaces, their strengths and weaknesses, and how a new namespace will add completeness to them. The roles of this new namespace in the protocols are defined. This document obsoletes RFC 4423 and addresses the concerns raised by the IESG, particularly that of crypto agility. It also incorporates lessons learned from the implementations of RFC 5201. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-moskowitz-rfc4423-bis-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --------------090501000104020608040503 Content-Type: Message/External-body; name="draft-moskowitz-rfc4423-bis-00.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="draft-moskowitz-rfc4423-bis-00.txt" Content-Type: text/plain Content-ID: <2009-12-7143822.I-D@ietf.org> --------------090501000104020608040503 Content-Type: text/plain; name="Attached Message Part" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="Attached Message Part" _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt --------------090501000104020608040503-- From rgm@htt-consult.com Mon Dec 7 15:50:43 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 204C33A680D for ; Mon, 7 Dec 2009 15:50:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.531 X-Spam-Level: X-Spam-Status: No, score=-2.531 tagged_above=-999 required=5 tests=[AWL=0.068, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0R7wBN88nAM6 for ; Mon, 7 Dec 2009 15:50:42 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id EA64E3A693D for ; Mon, 7 Dec 2009 15:50:41 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 2782868B46 for ; Mon, 7 Dec 2009 23:48:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4+sz1Rsg3HTz for ; Mon, 7 Dec 2009 18:48:01 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id B90C368B44 for ; Mon, 7 Dec 2009 18:48:01 -0500 (EST) Message-ID: <4B1D94E0.6090901@htt-consult.com> Date: Mon, 07 Dec 2009 18:50:56 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: multipart/mixed; boundary="------------020505050602030400040302" Subject: [Hipsec] Fwd: I-D ACTION:draft-moskowitz-rfc5201-bis-00.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2009 23:50:43 -0000 This is a multi-part message in MIME format. --------------020505050602030400040302 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit -------- Original Message -------- Subject: I-D ACTION:draft-moskowitz-rfc5201-bis-00.txt Date: Mon, 7 Dec 2009 14:45:01 -0800 (PST) From: Internet-Drafts@ietf.org Reply-To: internet-drafts@ietf.org To: i-d-announce@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Host Identity Protocol Author(s) : R. Moskowitz, P. Nikander, P. Jokela, T. Henderson Filename : draft-moskowitz-rfc5201-bis-00.txt Pages : 103 Date : 2009-12-7 This document specifies the details of the Host Identity Protocol (HIP). HIP allows consenting hosts to securely establish and maintain shared IP-layer state, allowing separation of the identifier and locator roles of IP addresses, thereby enabling continuity of communications across IP address changes. HIP is based on a Sigma- compliant Diffie-Hellman key exchange, using public key identifiers from a new Host Identity namespace for mutual peer authentication. The protocol is designed to be resistant to denial-of-service (DoS) and man-in-the-middle (MitM) attacks. When used together with another suitable security protocol, such as the Encapsulated Security Payload (ESP), it provides integrity protection and optional encryption for upper-layer protocols, such as TCP and UDP. This document obsoletes RFC 5201 and addresses the concerns raised by the IESG, particularly that of crypto agility. It also incorporates lessons learned from the implementations of RFC 5201. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-moskowitz-rfc5201-bis-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --------------020505050602030400040302 Content-Type: Message/External-body; name="draft-moskowitz-rfc5201-bis-00.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="draft-moskowitz-rfc5201-bis-00.txt" Content-Type: text/plain Content-ID: <2009-12-7143313.I-D@ietf.org> --------------020505050602030400040302 Content-Type: text/plain; name="Attached Message Part" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="Attached Message Part" _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt --------------020505050602030400040302-- From rgm@htt-consult.com Tue Dec 8 05:45:42 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2C05028C12E for ; Tue, 8 Dec 2009 05:45:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.537 X-Spam-Level: X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id es+UUSe3FSZx for ; Tue, 8 Dec 2009 05:45:41 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 40FE828C12C for ; Tue, 8 Dec 2009 05:45:41 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id B1BFB68A8B for ; Tue, 8 Dec 2009 13:43:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kZodhqMQuWOn for ; Tue, 8 Dec 2009 08:43:00 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 03A916818E for ; Tue, 8 Dec 2009 08:42:59 -0500 (EST) Message-ID: <4B1E5897.4050702@htt-consult.com> Date: Tue, 08 Dec 2009 08:45:59 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Who maintains Hip Status Pages X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2009 13:45:42 -0000 http://tools.ietf.org/wg/hip/ How do I get my two IDs there so that I can start posting issues to them? From rgm@htt-consult.com Tue Dec 8 07:53:53 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1384428C16B for ; Tue, 8 Dec 2009 07:53:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.542 X-Spam-Level: X-Spam-Status: No, score=-2.542 tagged_above=-999 required=5 tests=[AWL=0.057, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wCcw7nvbJrq3 for ; Tue, 8 Dec 2009 07:53:52 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 3BF0228C11F for ; Tue, 8 Dec 2009 07:53:52 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 62E1468B57 for ; Tue, 8 Dec 2009 15:51:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SI9kiXvTrdsz for ; Tue, 8 Dec 2009 10:51:11 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 471E168B63 for ; Tue, 8 Dec 2009 10:51:10 -0500 (EST) Message-ID: <4B1E76A2.5010401@htt-consult.com> Date: Tue, 08 Dec 2009 10:54:10 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Use of hash in HIP, and making changes X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2009 15:53:53 -0000 This is only looking at 5201: SHA1 (or SHA-1, lack of text consistancy) is used for the following purposes: HIT generation. This uses the second pre-image resistance hash requirement. HIP-TRANSFORMs, as part of an HMAC. HMAC, as in the HMAC HIP Parameters (and I think also NOTIFY and ECHO?). HIP_SIGNATURE, when using RSA/SHA1. HIP KEYMAT, the RHASH is SHA1 PUZZLE, RHASH again. ============================================ So I have two meta questions: So we need hashes, can a MAC provide the needed functions? Can we simplify the code base. For example, GMAC makes claims to meet the same security goals as HMAC without the underlying hash. So if you are implementing GCM for your ESP and HIP transforms, you get GMAC along with it and can use it where you would use HMAC and supposedly even a MAC? Hmm, I wonder if I got that right. More document reading.... ============================================ So I think the biggest barrier to dropping hashes for switching to MACs is HIP_SIGNATURE. We are supposedly using PKIX functions here and I don't recall reading anywhere of a MAC alternative. So in fact we are limited to what is handed to use from the PK community. Breaking new ground is not so good of a thought? An alternative to HMAC makes sense. My reading of NIST modes shows two: CMAC and GMAC. CMAC is an evolution of CBC-MAC and GMAC is a 'reduction?' of GCM. There are some security concerns about GMAC on the NIST resource, but they seem 'avoidable' here. There are viable alternatives to HMAC's use of a hash as in CMAC and GMAC. I might think that both KEYMAT and PUZZLE could be based on them instead of RHASH. But that still leaves the HIT and HIP_SIG, and I don't see them being replaced by anything other than another hash. This means SHA-256 until 2012Q4. Any other views on this? From rgm@htt-consult.com Tue Dec 8 08:26:03 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B135428C1D8 for ; Tue, 8 Dec 2009 08:26:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.546 X-Spam-Level: X-Spam-Status: No, score=-2.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QdzK70sQEv8r for ; Tue, 8 Dec 2009 08:26:03 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id D7A6F28C1D3 for ; Tue, 8 Dec 2009 08:26:02 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 9AC2668B0E for ; Tue, 8 Dec 2009 16:23:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u2gg3oA4OFYt for ; Tue, 8 Dec 2009 11:23:21 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 7F8CF68235 for ; Tue, 8 Dec 2009 11:23:21 -0500 (EST) Message-ID: <4B1E7E2D.7020308@htt-consult.com> Date: Tue, 08 Dec 2009 11:26:21 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Revised Charter X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2009 16:26:03 -0000 Here is my crack at a new charter: The Host Identity Protocol (HIP) provides a method of separating the end-point identifier and locator roles of IP addresses. It introduces a new Host Identity (HI) name space, based on public keys. The public keys are typically, but not necessarily, self generated. The experimental specifications for the architecture and protocol details for these mechanisms consist of: HIP Architecture (RFC 4423) Host Identity Protocol (RFC 5201) The purpose of this Working Group is to take the lessons learned from the HIP experimental protocol and develop a Standards Track specification for HIP. o A report from the 3 implementations covering: Interop issues. Usages (experimental and production) Lessons learned: what is missing o Update RFCs 4423 and 5201-6 based on what we know now and issues raised. o If necessary, update the NAT traversal RFC (tbd). o If necessary, update the native HIP socket API RFC (tbd). o Specify a framework to build HIP-based overlays. This framework will describe how HIP can perform some of the tasks needed to build an overlay and how technologies developed somewhere else (e.g., a peer protocol developed in the P2PSIP WG) can complement HIP by performing the tasks HIP was not designed to perform. o Specify how to generate ORCHIDs from other node identifiers including both cryptographic ones (leading to cryptographic delegation) and non-cryptographic ones (e.g., identifiers defined by a peer protocol). o Specify how to carry certificates in the base exchange. This was removed from the base HIP spec so that the mechanism is specified in a stand-alone spec. o Specify how to carry upper-layer data over specified HIP packets. These include some of the existing HIP packets and possibly new HIP packets (e.g., a HIP packet that occurs outside a HIP base exchange). ============================================ Just some edits on the current charter..... From julienl@qualcomm.com Tue Dec 8 09:30:43 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE3D928C17C for ; Tue, 8 Dec 2009 09:30:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.581 X-Spam-Level: X-Spam-Status: No, score=-105.581 tagged_above=-999 required=5 tests=[AWL=1.018, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oWElxnA9Wves for ; Tue, 8 Dec 2009 09:30:42 -0800 (PST) Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by core3.amsl.com (Postfix) with ESMTP id 9325F3A68E6 for ; Tue, 8 Dec 2009 09:30:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1260293432; x=1291829432; h=from:to:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version:x-ironport-av; z=From:=20"Laganier,=20Julien"=20 |To:=20Robert=20Moskowitz=20,=20HIP =20|Date:=20Tue,=208=20Dec=202009=2009:3 0:27=20-0800|Subject:=20RE:=20[Hipsec]=20Who=20maintains =20Hip=20Status=20Pages|Thread-Topic:=20[Hipsec]=20Who=20 maintains=20Hip=20Status=20Pages|Thread-Index:=20Acp4DLeq Ir5tzwfBTw6+xx4mvE1BIQAHyQ3A|Message-ID:=20|References:=20<4B1E5897.4050702@htt-consult.com> |In-Reply-To:=20<4B1E5897.4050702@htt-consult.com> |Accept-Language:=20en-US|Content-Language:=20en-US |X-MS-Has-Attach:|X-MS-TNEF-Correlator:|acceptlanguage: =20en-US|Content-Type:=20text/plain=3B=20charset=3D"us-as cii"|Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 400,1158,5826"=3B=20a=3D"29377805"; bh=Hc+Fx3sujFuzQHOJH/oQaUgI33XdHOg8XadfLP2mfKo=; b=map/bX0DQxQGpkBlPQZlEur7dTC0XsqiVfU4nDIOwp8pp29EOLDcSO1r 4UCqSEHanAv7SmR7v8UPXN4zGDtB/0YcF4Wv1D/vR+99TfoOcEZEWI2m8 ddfWbyYfmQyXxnbr9HnfyDfw9KyzAnD13y7lwSMBdGGgXQ2UGCLELD129 w=; X-IronPort-AV: E=McAfee;i="5400,1158,5826"; a="29377805" Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine01.qualcomm.com with ESMTP; 08 Dec 2009 09:30:32 -0800 Received: from totoro.qualcomm.com (totoro.qualcomm.com [129.46.61.158]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nB8HUVfq022769 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 8 Dec 2009 09:30:32 -0800 Received: from nasanexhub04.na.qualcomm.com (nasanexhub04.qualcomm.com [129.46.134.222]) by totoro.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nB8HUR6w026894 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 8 Dec 2009 09:30:31 -0800 (PST) Received: from nalasexhub03.na.qualcomm.com (10.47.130.45) by nasanexhub04.na.qualcomm.com (129.46.134.222) with Microsoft SMTP Server (TLS) id 8.2.176.0; Tue, 8 Dec 2009 09:30:29 -0800 Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.118]) by nalasexhub03.na.qualcomm.com ([10.47.130.45]) with mapi; Tue, 8 Dec 2009 09:30:29 -0800 From: "Laganier, Julien" To: Robert Moskowitz , HIP Date: Tue, 8 Dec 2009 09:30:27 -0800 Thread-Topic: [Hipsec] Who maintains Hip Status Pages Thread-Index: Acp4DLeqIr5tzwfBTw6+xx4mvE1BIQAHyQ3A Message-ID: References: <4B1E5897.4050702@htt-consult.com> In-Reply-To: <4B1E5897.4050702@htt-consult.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [Hipsec] Who maintains Hip Status Pages X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2009 17:30:43 -0000 Hi Bob, I understand you can't get issues before the draft are working group drafts= with the proper name: draft-ietf-hip-rfc5201-bis-00.txt If you want to have them listed in the related draft section of the web pag= e, they need the wg name (hip) somewhere in the filename, e.g., : draft-moskowitz-hip-rfc5201-bis-00.txt --julien > -----Original Message----- > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On > Behalf Of Robert Moskowitz > Sent: Tuesday, December 08, 2009 5:46 AM > To: HIP > Subject: [Hipsec] Who maintains Hip Status Pages >=20 > http://tools.ietf.org/wg/hip/ >=20 > How do I get my two IDs there so that I can start posting issues to > them? >=20 >=20 > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From rgm@htt-consult.com Tue Dec 8 09:44:53 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A7C8A28C1C1 for ; Tue, 8 Dec 2009 09:44:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.549 X-Spam-Level: X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TbfPN1oQwCAM for ; Tue, 8 Dec 2009 09:44:52 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 0363D28C1C2 for ; Tue, 8 Dec 2009 09:44:52 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 6694068B7D; Tue, 8 Dec 2009 17:42:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tlNobs5p7Fiw; Tue, 8 Dec 2009 12:41:59 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id EAC6368B57; Tue, 8 Dec 2009 12:41:58 -0500 (EST) Message-ID: <4B1E909B.20207@htt-consult.com> Date: Tue, 08 Dec 2009 12:44:59 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: "Laganier, Julien" References: <4B1E5897.4050702@htt-consult.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Who maintains Hip Status Pages X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2009 17:44:53 -0000 Laganier, Julien wrote: > Hi Bob, > > I understand you can't get issues before the draft are working group drafts with the proper name: > > draft-ietf-hip-rfc5201-bis-00.txt > > If you want to have them listed in the related draft section of the web page, they need the wg name (hip) somewhere in the filename, e.g., : > > draft-moskowitz-hip-rfc5201-bis-00.txt > hmmm... Then how did draft-zhipeng-pkix-drm-proxy-architecture get on the page. But taking a look at that draft, I can't figure out what it has to do with the HIP workgroup. Oh, I see, look at author's name: zhipeng !!!! I think this is a 'bug' in the IETF tools. After our IT people figure out why I did not get the key verification emails, I will get with the IETF Secretariat to change the draft name. > --julien > > >> -----Original Message----- >> From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On >> Behalf Of Robert Moskowitz >> Sent: Tuesday, December 08, 2009 5:46 AM >> To: HIP >> Subject: [Hipsec] Who maintains Hip Status Pages >> >> http://tools.ietf.org/wg/hip/ >> >> How do I get my two IDs there so that I can start posting issues to >> them? >> >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec >> > > From thomas.r.henderson@boeing.com Tue Dec 8 10:27:50 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D85353A6A44 for ; Tue, 8 Dec 2009 10:27:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZuRrCLbHFCJT for ; Tue, 8 Dec 2009 10:27:50 -0800 (PST) Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 09ED33A6A41 for ; Tue, 8 Dec 2009 10:27:50 -0800 (PST) Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by slb-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id nB8IRNI4018532 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Dec 2009 10:27:25 -0800 (PST) Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id nB8IRNhP021401; Tue, 8 Dec 2009 10:27:23 -0800 (PST) Received: from XCH-NWHT-10.nw.nos.boeing.com (xch-nwht-10.nw.nos.boeing.com [130.247.25.113]) by slb-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id nB8IRMap021389 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Tue, 8 Dec 2009 10:27:23 -0800 (PST) Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-10.nw.nos.boeing.com ([130.247.25.113]) with mapi; Tue, 8 Dec 2009 10:27:22 -0800 From: "Henderson, Thomas R" To: "'Robert Moskowitz'" , HIP Date: Tue, 8 Dec 2009 10:27:21 -0800 Thread-Topic: [Hipsec] Revised Charter Thread-Index: Acp4LGhvgIN1klufReSlhUYMFAZ3hwABejrg Message-ID: <7CC566635CFE364D87DC5803D4712A6C4C1CAF1917@XCH-NW-10V.nw.nos.boeing.com> References: <4B1E7E2D.7020308@htt-consult.com> In-Reply-To: <4B1E7E2D.7020308@htt-consult.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [Hipsec] Revised Charter X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2009 18:27:51 -0000 > -----Original Message----- > From: hipsec-bounces@ietf.org > [mailto:hipsec-bounces@ietf.org] On Behalf Of Robert Moskowitz > Sent: Tuesday, December 08, 2009 8:26 AM > To: HIP > Subject: [Hipsec] Revised Charter > > Here is my crack at a new charter: > > The Host Identity Protocol (HIP) provides a method of separating the > end-point identifier and locator roles of IP addresses. It introduces > a new Host Identity (HI) name space, based on public keys. The public > keys are typically, but not necessarily, self generated. > > The experimental specifications for the architecture and > protocol details > for these mechanisms consist of: > > HIP Architecture (RFC 4423) > Host Identity Protocol (RFC 5201) ^^ suggest to also add RFC4843 and 5202-06 to the list above, and also draft-i= etf-hip-nat-traversal (in RFC Ed Queue). > > The purpose of this Working Group is to take the lessons learned from > the HIP experimental protocol and develop a Standards Track ^^^^ Can we specify "Draft Standard" here? Or are people planning "Proposed Sta= ndard"? > specification > for HIP. > > o A report from the 3 implementations covering: > > Interop issues. > Usages (experimental and production) > Lessons learned: what is missing Is the above report the one that is required to submit to the Area Director= to achieve Draft Standard status? Please note that we have a significant amount of general experience with HI= P documented in the RG Experiment Report (which we are aiming to finalize d= uring the current meeting cycle) but it is not formatted according to RFC20= 26 outline for what is needed to go to Draft Standard (i.e. specific intero= p report). http://tools.ietf.org/html/draft-irtf-hip-experiment-06 > > o Update RFCs 4423 and 5201-6 based on what we know now and > issues raised. > > > o If necessary, update the NAT traversal RFC (tbd). > > > o If necessary, update the native HIP socket API RFC (tbd). > > o Specify a framework to build HIP-based overlays. This framework will > describe how HIP can perform some of the tasks needed to build an > overlay and how technologies developed somewhere else (e.g., a peer > protocol developed in the P2PSIP WG) can complement HIP by performing > the tasks HIP was not designed to perform. > > o Specify how to generate ORCHIDs from other node identifiers > including both cryptographic ones (leading to cryptographic > delegation) and non-cryptographic ones (e.g., identifiers defined by a > peer protocol). > > o Specify how to carry certificates in the base exchange. This was > removed from the base HIP spec so that the mechanism is specified in a > stand-alone spec. > > o Specify how to carry upper-layer data over specified HIP > packets. These include some of the existing HIP packets and possibly > new HIP packets (e.g., a HIP packet that occurs outside a HIP base > exchange). > From rgm@htt-consult.com Tue Dec 8 15:28:48 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B83043A68E4 for ; Tue, 8 Dec 2009 15:28:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.552 X-Spam-Level: X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[AWL=0.047, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y3SeIqOgsWS7 for ; Tue, 8 Dec 2009 15:28:48 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 1AC4C3A682B for ; Tue, 8 Dec 2009 15:28:44 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 4BDF368B64 for ; Tue, 8 Dec 2009 23:26:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5LA2V3f3tC5t for ; Tue, 8 Dec 2009 18:26:02 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 8AEF568B5B for ; Tue, 8 Dec 2009 18:26:02 -0500 (EST) Message-ID: <4B1EE141.7060609@htt-consult.com> Date: Tue, 08 Dec 2009 18:29:05 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Renaming the HMAC HIP Parameter X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2009 23:28:48 -0000 We called it HMAC and HMAC_2 as all we allowed was HMAC as the keyed Message Authentication Code. But now there is CMAC and GMAC. So what should I use in the ID replace HMAC? MAC or kMAC ??? Then we will have to negotiate the MAC along with the HIP-TRANSFORM and which will be a MUST implement? I can see arguements for any of them as the MUST with the others as MAY. GMAC could give coding savings when used with GCM. HMAC gives interoperablity with older stuff. Votes and hums please? From rgm@htt-consult.com Tue Dec 8 18:35:49 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DE68A3A67FE for ; Tue, 8 Dec 2009 18:35:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.555 X-Spam-Level: X-Spam-Status: No, score=-2.555 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7-FyyBVP+95A for ; Tue, 8 Dec 2009 18:35:47 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 89F3D3A672F for ; Tue, 8 Dec 2009 18:35:43 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 4C34768B5B for ; Wed, 9 Dec 2009 02:33:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8-Mnv6tJgcN for ; Tue, 8 Dec 2009 21:32:59 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 542EC68B21 for ; Tue, 8 Dec 2009 21:32:59 -0500 (EST) Message-ID: <4B1F0D12.2070104@htt-consult.com> Date: Tue, 08 Dec 2009 21:36:02 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: [Hipsec] Changing HIP BEX to support crypto agility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2009 02:35:49 -0000 As we brought up here on the list back in August, adding crypto agility results in some important changes to the BEX. The negotiation of the Hash, MAC, and PK added to the DH affords some downgrade attacks. Tobias Heer and Stefan Götz worked out the following after a set of discussions with them and Miika Kumo in the HIIT office back on Aug 5. When we had the discussion we had not included the MAC as variable. We missed that one, so the text below will have to be updated to support different MACs as well. I also will follow this with discussions we had on changes to the DNS format for HIP. ======================================================================== Hi, this is a summary based on discussions with Robert Moskowitz, Tobias Heer, Stefan Götz and Miika Komu at HIIT during week 32. We discussed about the problems associated with HIP algorithm agility and different alternative solutions. After several design iterations (of which not all are described in this email), Tobias came up with a solution which we all agreed on. We'd suggest the working group to adopt it to get HIP on standards track. All discussion is welcome! Problems ======== HIP algorithms are attached quite statically to the HIP protocol and namespace. We need a better way to deal with deprecating broken algorithms and inclusion of new ones. Some examples below: a) Although SHA1 is not broken yet, there will be a need to replace it with something stronger (SHA256?) in the future. b) We may want to support other public key algorithms such as elliptic curve DSA. c) We may want to support shared key generation with elliptic curve Diffie-Hellman instead of the normal D-H. This leads us to the following new challenges: 1.) We have several signature algos now and it cannot be assumed that every host supports every algo. 2.) We have several hash algos for HITs now and it cannot be assumed that every host supports every algo. 3.) We have several DH groups now and it we cannot fit all in the R1 packet. In effect, several hash and signature algorithms lead to a multitude of HITs per each host. Several signature algorithms lead to a multitude of HIs per host. Opportunistic HIP introduces additional challenges with the HIT algorithm selection. The I1 lacks a Responder HIT, so unless we encode the PK and Hash of the Initiator into its HIT, we have a decision problem for the Responder. Even if we do that, why did the Initiator select THAT combination, perhaps the Responder does not support it, but supports a different combination used by the Initiator. There is also a referral related issue, where the Initiator learned of a HIT through some application-layer protocol or just by caching. The problem arises if we don't encode the algorithm in HIT but rather just encode this in DNS. When application connects to HIT and the system does know the related algorithms, the connection can just fail due to algorithm mismatch. This problem might arise for example in hipbone environments. Negotiation of Diffie-Hellman algorithm must be started already in the I1 message to avoid overly large R1 packets filled with different D-H parameters. This introduces the possibility for a man-in-the-middle attack where the attacker mounts a downgrade attack on the Initiator and Responder. The attacker can alter the I1 because it is unprotected. Thus, the attacker can cause the Responder to offer unnecessarily too weak algorithms or key lengths in R1 and enforce the parties to use unnecessarily too weak crypto. Solution 1: application selects algorithms ========================================== The basic problem is that the Initiator and the Responder must select a combination of algorithms supported by both hosts. Some of these algorithms can be selected during the BEX (see DH below) but some must be selected before the BEX since the applications may bind to source and destination HITs before the system performs the BEX. In particular, the applications selects the destination HIT (=hash algo + signature algo). Hence, the application must make a "good" choice here. "Good" means here that the application selects a combination of hash and signature algorithms supported by both hosts. We can't really shift the selection burden to the applications. It might work on native HIP applications, but we should be able to use HIP with legacy applications as well. So shifting the problem to the applications is not a good solution. Solution 2: resolver selects algorithms ======================================= As a first approximation, the Initiator learns of the ciphers supported by the Responder from DNS or some other service, selects its HIT that matches the selected Responder's HIT and off it goes. The local DNS resolver can filter the HITs and only provide locally HITs supported by both hosts to the application. Hence, the application can make a "good" choice. This requires the availability of additional information about HITs in the DNS system. Specifically, the hash function and signature algorithm must either be provided as additional information through the DNS system or must be encoded within the HIT itself (which increases chances for HIT collisions). The main 'challenge' is selecting the DH mode, since including the DH modes in DNS or in the bits of the HIT is not feasible (too many resulting HITs). The suggested solution ====================== We reuse the solution 2 and include hash and public key algorithm support in the DNS resource records, but also signal algorithms in the base exchange to support scenarios without name look up infrastructure. I1 packet has to be modified to include the hash, public keys and diffie-hellman algorithms supported by the Initiator in a new "algo" parameter. The parameter should indicate which hash and public key algorithm the Initiator used to generate its HIT. The Responder receives the I1 packet and compares the algorithms contained in the I1 parameter with its supported algorithms. It sends back an R1 generated using the hash, public-key and diffie- hellman algorithms supported by both of the hosts. The R1 always includes two diffie-hellman keys and the signature covers the whole packet as in the current RFC5201 specification. The R1 also lists also the algorithms supported by the Responder in a new "algo" parameter. This parameter is in the signed part of the R1. The parameter also denotes which hash, public-key and diffie-Hellman algorithms were used to produce the R1. It should be noticed that a Responder implementing precomputed spools of R1 packets has to maintain a large selection of R1s to support the various combinations of algorithms. This approach also works with opportunistic I1 packets as well. In such a case, the Responder can select its source HIT for the R1 based on the algo parameter in I1. Protection against the dowgrade attack ====================================== If the offered DHs in R1 are strong enough for the Initiator, everything proceeds as the current BEX. In the case of a detected downgrade attack, the {DHlist} in the R1 supports a better algorithm than the one chosen in R1. In such a case, the Initiator sends another I1 in which it limits the choice of the supported algos to the strongest matching algorithm. It the attack case would look like this: I1 {DHlist: 1,2,3} (attack) --------------------------> R1 {DHlist: 1,2,3} DHparameters-1 <------------------------- (Initiator realizes that there is an attack) I1 {DHlist: 3} --------------------------> R1 {DHlist: 1,2,3} DHparameters-3 <------------------------- I2 --------------------------> R2 <------------------------- The MITM attacker could still modify the packets but that would only lead to a situation in which the BEX would never finish (or would be aborted after some retries). The attacker could also just drop the packets which would lead to DoS (which is impossible to protect against) but the attacker cannot mount an undetected downgrade attack any more. As a drawback, this leads to an 6-way BEX which may seem bad at first. However, since this only happens in an attack scenario and since the attack can be handled (so it is not interesting to mount anymore), we assume the additional messages are not a problem at all. Since Malice cannot be successful with a downgrade attack against I1, these sorts of attacks will only occur as 'nuisance' attacks. So, the base exchange would still be usually just four packets even though implementations must be prepared to protect themselves against the downgrade attack. Also, a benefit of this approach is that it will only have minimal impact on the state machines specifications and their implementations (check the DHlists, restart if necessary). HI bindings =================== A host may now have a number of HIs (several signature algorithms). This results in the question how to bind these HIs together. Until now we have only discussed a DNS-(sec)-based binding but other bindings are also possible (certificates, etc). However, the question of signature-algo compatibility remains. If the signature algorithm of the certificate is not understood, the binding is useless. In general, it would probably make sense to not use crypto agility as a "comfort tool" that enables to use of any arbitrary combination of algorithms but as a tool that enables to increase the security of the system whenever the currently used algorithms are threatened. Otherwise we will end up with hosts that have a large number of HIs and even more HITs. From rgm@htt-consult.com Tue Dec 8 19:52:46 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 54EA93A69D6 for ; Tue, 8 Dec 2009 19:52:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.558 X-Spam-Level: X-Spam-Status: No, score=-2.558 tagged_above=-999 required=5 tests=[AWL=0.041, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IeTC0WKGvBGP for ; Tue, 8 Dec 2009 19:52:45 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 531F53A69D3 for ; Tue, 8 Dec 2009 19:52:44 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 891BF68B62 for ; Wed, 9 Dec 2009 03:50:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BCnIHI5xNswz for ; Tue, 8 Dec 2009 22:50:01 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 23FCE68B5B for ; Tue, 8 Dec 2009 22:50:01 -0500 (EST) Message-ID: <4B1F1F21.6030905@htt-consult.com> Date: Tue, 08 Dec 2009 22:53:05 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Changing HIP DNS (rfc5205) to support the new crypto agility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2009 03:52:46 -0000 The following is from a series of notes Miika, Tobias, and I had from early August. A HIP system will have multiple HIs to announce to the world, but it will have a preference in their use. Plus it may have different HIs for some processes. And each of these HIs will be subject to multiple Hashes for HIT generation. The current DNS RR for HIs contains (per rfc 5205): HIT length PK length HIT PK RVS list I could never figure out why we have HIT length, it has been suggested that it is there just to make sure that we can easily scale to 256-bit HITs without changing DNS record format? Anyway, this does not matter because we want to get rid of the HIT in the record anyway and replace it with a hash list. It is required that the client can generate any HIT from the Hash list. The current HIP definition supports at least 2 HIs, DSA and RSA based, but there is nothing in the DNS information to guide the Initiator in deciding which to use, it is assumed that the decision is strictly a local decision on the part of the Initator, following the HIP KISS principle. But with a potential for a lot more HIs, the Responder should be allowed to guide the Initiator in its preferences. To do this at first I as thinking of the MX model where the preference is indicated by its weight. Then I remembered that we have also discussed HIs associated with a process or port, and realized that the SRV model is the correct one. So we add two more fields to the RR: HI preference (ie weight) Port number (as in SRV) So we end up with: Weight Port(s) PK length PK HIT list [RVS list] Experienced DNS people will have to work out how this is structured. There was also a proposal that we could store the complete LOCATOR parameter of the host in the DNS: http://www.ietf.org/id/draft-ponomarev-hip-dns-locators-01.txt As I think about this, I see DNS explosions as each HI has to tell how it is located. So we SHOULD provide a default RVS/Locator record that applies to all HIs. This can either be YARR, or you set weight, port and HIlength all to zero and have NULL PK and HITlist. Alternatively you could support different default RVS/Locator per port, where Weight and HIlength are zero, but not port. Miika also suggested that the host MAY add its real IP addresses. No need to use RVS if you've got fixed public IP addresses. I countered that you get that anyway from the A and/or AAAA records? But Miika replied that A/AAAA records can't contain port numbers. It will be better for virtualization, object-to-object communications and NAT traversal to include the port numbers. Hence, he would suggest to switch to SRV records that include both HIT and locator information. So what do you all think? How would you structure the DNS information and what would the new HIP RR(s) look like? From rgm@htt-consult.com Wed Dec 9 05:38:25 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1F4BE3A69A5 for ; Wed, 9 Dec 2009 05:38:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.26 X-Spam-Level: X-Spam-Status: No, score=-2.26 tagged_above=-999 required=5 tests=[AWL=-0.261, BAYES_00=-2.599, J_CHICKENPOX_17=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IkPLsx0PvvT8 for ; Wed, 9 Dec 2009 05:38:24 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 676993A67C2 for ; Wed, 9 Dec 2009 05:38:24 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 8783E68B5A for ; Wed, 9 Dec 2009 13:35:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C7um6x5csVCI for ; Wed, 9 Dec 2009 08:35:40 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id C002D6818E for ; Wed, 9 Dec 2009 08:35:40 -0500 (EST) Message-ID: <4B1FA868.5020102@htt-consult.com> Date: Wed, 09 Dec 2009 08:38:48 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] HIs per process/port X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2009 13:38:25 -0000 Is there any push-back in adding support for specifically supporting HIs associated with a process and/or port? This is kind of denied currently, but there is wording in various places that hints you can. I believe at the Stockholm meeting that the Ericsson crew said they do support this now. I don't want to go through the work to add the text and then have people coming at me with guns a'blazing. I mean I DO wear my Kevlar suit, but.... ;) Oh, I did not envision HIP having per process/port policy, but there appears to be an interest in this and it is NOT too hard to do, but it DOES change the DNS model from a MX-style to a SRV format. From miika.komu@hiit.fi Wed Dec 9 06:08:52 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F6F83A69DF for ; Wed, 9 Dec 2009 06:08:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_17=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bP0YrJNtbSmr for ; Wed, 9 Dec 2009 06:08:51 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id B1FD73A6883 for ; Wed, 9 Dec 2009 06:08:50 -0800 (PST) Received: from [193.167.187.26] (halko.pc.infrahip.net [193.167.187.26]) by argo.otaverkko.fi (Postfix) with ESMTP id C4A3725ED22; Wed, 9 Dec 2009 16:08:39 +0200 (EET) Message-ID: <4B1FAF67.2090303@hiit.fi> Date: Wed, 09 Dec 2009 16:08:39 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Robert Moskowitz References: <4B1FA868.5020102@htt-consult.com> In-Reply-To: <4B1FA868.5020102@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] HIs per process/port X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2009 14:08:52 -0000 Robert Moskowitz wrote: Hi, I am not sure, but there may be some (semantical?) problems in supporting SRV records with the native HIP API. Namely, getaddrinfo() does not support SRV records? This does not mean that it's not implementable though, it's more like that AF_HIP would just require a SRV look up instead of HI RR. This is not a problem for DNS proxies (for legacy apps) at all. > Is there any push-back in adding support for specifically supporting HIs > associated with a process and/or port? > > This is kind of denied currently, but there is wording in various places > that hints you can. I believe at the Stockholm meeting that the > Ericsson crew said they do support this now. > > I don't want to go through the work to add the text and then have people > coming at me with guns a'blazing. I mean I DO wear my Kevlar suit, > but.... ;) > > Oh, I did not envision HIP having per process/port policy, but there > appears to be an interest in this and it is NOT too hard to do, but it > DOES change the DNS model from a MX-style to a SRV format. > > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From rgm@htt-consult.com Wed Dec 9 12:02:44 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B3F463A6848 for ; Wed, 9 Dec 2009 12:02:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.547 X-Spam-Level: X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Be4Q+jfc1XLW for ; Wed, 9 Dec 2009 12:02:44 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id CF5213A6A57 for ; Wed, 9 Dec 2009 12:02:43 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 66C0E68B24 for ; Wed, 9 Dec 2009 20:00:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zveCHYADFOv6 for ; Wed, 9 Dec 2009 14:59:59 -0500 (EST) Received: from nc2400.htt-consult.com (h155.home.htt [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 615196818E for ; Wed, 9 Dec 2009 14:59:59 -0500 (EST) Message-ID: <4B200204.1000508@htt-consult.com> Date: Wed, 09 Dec 2009 15:01:08 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] No changes to KEYMAT at this time X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2009 20:02:44 -0000 Well, I did some investigation, and stuck my neck out a bit and asked on the cfrg list... Not all MACs can be used for KDFs. This discussion has actually been going on for some time on the cfrg list. There is work, being led by Hugo Krawczyk (or it appears that Hugo is leading and others are at best chasing him) to develop a new 'uniform' KDF. At this time I do not want to hitch HIP's timeline to that getting done, but I am open to other opinions on this matter. This means that for now, HMAC stays in the spec and thus code base. Although there are other very good MACs like CMAC and GMAC, HMAC is not being pushed away. Further, if Hugo's HKDF moves forward as an RFC and NIST acceptance, and HIP adopts it, we still have HMAC. ERGO: KEYMAT remains unchanged, based on HMAC, and uses RHASH as currently specified. HIP exchange continues to use HMAC and this is not negotiable, that is there are no alternatives to HMAC, like CMAC or GMAC. Thus the HIP parameters, HMAC and HMAC_2 remain as is and also any HIP parameters that have HMAC buried within them. Thus 'crypto agility' is limited to HASH, DH, and PK selection. We are adding HASH and improving on how we handle DH and PK. Does this work for others here? And in light of the discussion on the cfrg list does this address the IESG's 'crypo agility' concerns? From rgm@htt-consult.com Wed Dec 9 13:04:45 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7314D28C1D0 for ; Wed, 9 Dec 2009 13:04:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.549 X-Spam-Level: X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mJrJ9HRvhqfB for ; Wed, 9 Dec 2009 13:04:44 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 5E06D28C1CE for ; Wed, 9 Dec 2009 13:04:44 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id C2A9468B24 for ; Wed, 9 Dec 2009 21:02:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a4Qhb-Y43dkO for ; Wed, 9 Dec 2009 16:01:58 -0500 (EST) Received: from nc2400.htt-consult.com (h155.home.htt [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 5484768235 for ; Wed, 9 Dec 2009 16:01:58 -0500 (EST) Message-ID: <4B20108B.4060706@htt-consult.com> Date: Wed, 09 Dec 2009 16:03:07 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP References: <4B200204.1000508@htt-consult.com> In-Reply-To: <4B200204.1000508@htt-consult.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Hipsec] No changes to KEYMAT at this time X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2009 21:04:45 -0000 Robert Moskowitz wrote: > Well, I did some investigation, and stuck my neck out a bit and asked > on the cfrg list... > > Not all MACs can be used for KDFs. This discussion has actually been > going on for some time on the cfrg list. > > There is work, being led by Hugo Krawczyk (or it appears that Hugo is > leading and others are at best chasing him) to develop a new 'uniform' > KDF. At this time I do not want to hitch HIP's timeline to that > getting done, but I am open to other opinions on this matter. I am reading the HKDF draft: draft-krawczyk-hkdf-00.txt which expires in 10 days, I suspect Hugo will fix this. Anyway it states: This document specifies a simple HMAC-based [HMAC] KDF, named HKDF, which can be used as a building block in various protocols and applications, and is already used in several IETF protocols, including [IKEv2], [PANA], and [EAP-AKA]. So will someone take a close look at this and see what it would take for HIP to use HKDF? What are the diffs between what we have and HKDF? > > This means that for now, HMAC stays in the spec and thus code base. > Although there are other very good MACs like CMAC and GMAC, HMAC is > not being pushed away. Further, if Hugo's HKDF moves forward as an RFC > and NIST acceptance, and HIP adopts it, we still have HMAC. > > ERGO: > > KEYMAT remains unchanged, based on HMAC, and uses RHASH as currently > specified. > > HIP exchange continues to use HMAC and this is not negotiable, that is > there are no alternatives to HMAC, like CMAC or GMAC. Thus the HIP > parameters, HMAC and HMAC_2 remain as is and also any HIP parameters > that have HMAC buried within them. > > Thus 'crypto agility' is limited to HASH, DH, and PK selection. We are > adding HASH and improving on how we handle DH and PK. > > Does this work for others here? And in light of the discussion on the > cfrg list does this address the IESG's 'crypo agility' concerns? From rgm@htt-consult.com Wed Dec 9 13:33:10 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A86A13A693B for ; Wed, 9 Dec 2009 13:33:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.552 X-Spam-Level: X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[AWL=0.047, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDzDaKSEumC5 for ; Wed, 9 Dec 2009 13:33:09 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id AE8BD3A692C for ; Wed, 9 Dec 2009 13:33:09 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id C2BDB68B53 for ; Wed, 9 Dec 2009 21:30:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iyHFk5Hn-Vw for ; Wed, 9 Dec 2009 16:30:24 -0500 (EST) Received: from nc2400.htt-consult.com (h155.home.htt [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 231C668B52 for ; Wed, 9 Dec 2009 16:30:24 -0500 (EST) Message-ID: <4B20172F.7090800@htt-consult.com> Date: Wed, 09 Dec 2009 16:31:27 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org References: <4B1D94CC.7090809@htt-consult.com> In-Reply-To: <4B1D94CC.7090809@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Renamed: Fwd: I-D ACTION:draft-moskowitz-rfc4423-bis-00.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2009 21:33:10 -0000 This has been renamed to: draft-moskowitz-hip-rfc4423-bis-00.txt and a similar change to rfc5201-bis However, it is NOT showing up on the HIP activity page.... Robert Moskowitz wrote: > > -------- Original Message -------- > Subject: I-D ACTION:draft-moskowitz-rfc4423-bis-00.txt > Date: Mon, 7 Dec 2009 14:45:01 -0800 (PST) > From: Internet-Drafts@ietf.org > Reply-To: internet-drafts@ietf.org > To: i-d-announce@ietf.org > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : Host Identity Protocol Architecture > Author(s) : R. Moskowitz, P. Nikander > Filename : draft-moskowitz-rfc4423-bis-00.txt > Pages : 25 > Date : 2009-12-4 > > This memo describes a new namespace, the Host Identity namespace, and > a new protocol layer, the Host Identity Protocol, between the > internetworking and transport layers. Herein are presented the > basics of the current namespaces, their strengths and weaknesses, and > how a new namespace will add completeness to them. The roles of this > new namespace in the protocols are defined. > > This document obsoletes RFC 4423 and addresses the concerns raised by > the IESG, particularly that of crypto agility. It also incorporates > lessons learned from the implementations of RFC 5201. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-moskowitz-rfc4423-bis-00.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From miika.komu@hiit.fi Fri Dec 11 03:50:12 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D59AD3A682E for ; Fri, 11 Dec 2009 03:50:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.999 X-Spam-Level: X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_50=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9mfruQ2n8Q1L for ; Fri, 11 Dec 2009 03:50:12 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id F31AE3A67EC for ; Fri, 11 Dec 2009 03:50:11 -0800 (PST) Received: from [193.167.187.26] (halko.pc.infrahip.net [193.167.187.26]) by argo.otaverkko.fi (Postfix) with ESMTP id 09B5A25ED06 for ; Fri, 11 Dec 2009 13:49:59 +0200 (EET) Message-ID: <4B2231E6.4020706@hiit.fi> Date: Fri, 11 Dec 2009 13:49:58 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 11:50:12 -0000 Hi, we've done some concrete work on NAT traversal with ICE, but what about Teredo? I think RFC5201 and RFC5206 should have some statements about Teredo-based addresses? From andrew@indranet.co.nz Fri Dec 11 03:52:21 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E972B3A6774 for ; Fri, 11 Dec 2009 03:52:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.054 X-Spam-Level: X-Spam-Status: No, score=-0.054 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1, RELAY_IS_203=0.994] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HahG3QC+byxO for ; Fri, 11 Dec 2009 03:52:20 -0800 (PST) Received: from mail.indranet.co.nz (unknown [203.97.93.68]) by core3.amsl.com (Postfix) with ESMTP id 315193A6827 for ; Fri, 11 Dec 2009 03:52:20 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.indranet.co.nz (Postfix) with ESMTP id B19111182D34; Sat, 12 Dec 2009 00:52:07 +1300 (NZDT) X-Virus-Scanned: amavisd-new at indranet.co.nz Received: from mail.indranet.co.nz ([127.0.0.1]) by localhost (XServe-2.acheron.indranet.co.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SjCyQWZ14vvW; Sat, 12 Dec 2009 00:52:07 +1300 (NZDT) Received: from [192.168.1.100] (121-74-10-191.telstraclear.net [121.74.10.191]) by mail.indranet.co.nz (Postfix) with ESMTP id 1CA941182D2C; Sat, 12 Dec 2009 00:52:07 +1300 (NZDT) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Andrew McGregor In-Reply-To: <4B2231E6.4020706@hiit.fi> Date: Sat, 12 Dec 2009 00:52:05 +1300 Content-Transfer-Encoding: quoted-printable Message-Id: <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> References: <4B2231E6.4020706@hiit.fi> To: miika.komu@hiit.fi X-Mailer: Apple Mail (2.1077) Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 11:52:21 -0000 Why? It just works, if Teredo is available it's just another IPv6 = address. Andrew On 12/12/2009, at 12:49 AM, Miika Komu wrote: > Hi, >=20 > we've done some concrete work on NAT traversal with ICE, but what = about Teredo? I think RFC5201 and RFC5206 should have some statements = about Teredo-based addresses? > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec >=20 From miika.komu@hiit.fi Fri Dec 11 04:03:05 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8FC5B3A67EC for ; Fri, 11 Dec 2009 04:03:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.799 X-Spam-Level: X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[AWL=0.800, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NmxTe65PYB3q for ; Fri, 11 Dec 2009 04:03:04 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id AE8CC3A6781 for ; Fri, 11 Dec 2009 04:03:04 -0800 (PST) Received: from [193.167.187.26] (halko.pc.infrahip.net [193.167.187.26]) by argo.otaverkko.fi (Postfix) with ESMTP id DB39E25ED10; Fri, 11 Dec 2009 14:02:52 +0200 (EET) Message-ID: <4B2234EC.3070102@hiit.fi> Date: Fri, 11 Dec 2009 14:02:52 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Andrew McGregor References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> In-Reply-To: <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 12:03:05 -0000 Andrew McGregor wrote: Hi, it should be short section then, right?) I basically agree with you. Based on our experimentation, it works but there are some caveats regarding to pairing of addressing. So, sending of packets from src->dst: Teredo->Teredo: works Teredo->IPv6: does not work without a (commercial) relay service IPv6->Teredo: works IPv6->IPv6: (works :) Samu, please comment if I got the two middle ones in wrong order. Also, at least the miredo implementation on linux is good, but not perfect. Some performance-related issues and sometimes HIP packets just don't go through (usually restarting of miredo works). > Why? It just works, if Teredo is available it's just another IPv6 address. > > Andrew > > On 12/12/2009, at 12:49 AM, Miika Komu wrote: > >> Hi, >> >> we've done some concrete work on NAT traversal with ICE, but what about Teredo? I think RFC5201 and RFC5206 should have some statements about Teredo-based addresses? >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec >> > From andrew@indranet.co.nz Fri Dec 11 04:05:27 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A79A3A686D for ; Fri, 11 Dec 2009 04:05:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.054 X-Spam-Level: X-Spam-Status: No, score=-0.054 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1, RELAY_IS_203=0.994] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KSlZcxjRUATd for ; Fri, 11 Dec 2009 04:05:26 -0800 (PST) Received: from mail.indranet.co.nz (unknown [203.97.93.68]) by core3.amsl.com (Postfix) with ESMTP id BED013A6848 for ; Fri, 11 Dec 2009 04:05:26 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.indranet.co.nz (Postfix) with ESMTP id 0D6F81182ED2; Sat, 12 Dec 2009 01:05:15 +1300 (NZDT) X-Virus-Scanned: amavisd-new at indranet.co.nz Received: from mail.indranet.co.nz ([127.0.0.1]) by localhost (XServe-2.acheron.indranet.co.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pTxgzi3RkvpZ; Sat, 12 Dec 2009 01:05:14 +1300 (NZDT) Received: from [192.168.1.100] (121-74-10-191.telstraclear.net [121.74.10.191]) by mail.indranet.co.nz (Postfix) with ESMTP id 872C21182ECA; Sat, 12 Dec 2009 01:05:14 +1300 (NZDT) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Andrew McGregor In-Reply-To: <4B2234EC.3070102@hiit.fi> Date: Sat, 12 Dec 2009 01:05:13 +1300 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> <4B2234EC.3070102@hiit.fi> To: miika.komu@hiit.fi X-Mailer: Apple Mail (2.1077) Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 12:05:27 -0000 Ok, but in any case, candidate address probing deals with those issues. Andrew On 12/12/2009, at 1:02 AM, Miika Komu wrote: > Andrew McGregor wrote: >=20 > Hi, >=20 > it should be short section then, right?) >=20 > I basically agree with you. Based on our experimentation, it works but = there are some caveats regarding to pairing of addressing. So, sending = of packets from src->dst: >=20 > Teredo->Teredo: works > Teredo->IPv6: does not work without a (commercial) relay service > IPv6->Teredo: works > IPv6->IPv6: (works :) >=20 > Samu, please comment if I got the two middle ones in wrong order. >=20 > Also, at least the miredo implementation on linux is good, but not = perfect. Some performance-related issues and sometimes HIP packets just = don't go through (usually restarting of miredo works). >=20 >> Why? It just works, if Teredo is available it's just another IPv6 = address. >> Andrew >> On 12/12/2009, at 12:49 AM, Miika Komu wrote: >>> Hi, >>>=20 >>> we've done some concrete work on NAT traversal with ICE, but what = about Teredo? I think RFC5201 and RFC5206 should have some statements = about Teredo-based addresses? >>> _______________________________________________ >>> Hipsec mailing list >>> Hipsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/hipsec >>>=20 >=20 >=20 From rgm@htt-consult.com Fri Dec 11 04:44:02 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 939B03A6969 for ; Fri, 11 Dec 2009 04:44:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.554 X-Spam-Level: X-Spam-Status: No, score=-2.554 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wh4XQz7RxbN7 for ; Fri, 11 Dec 2009 04:44:01 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id A97603A68D9 for ; Fri, 11 Dec 2009 04:44:01 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id E8BAE68B20; Fri, 11 Dec 2009 12:41:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V27AzEM+WtJJ; Fri, 11 Dec 2009 07:41:36 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id D62ED68A8A; Fri, 11 Dec 2009 07:41:36 -0500 (EST) Message-ID: <4B223ECB.7040702@htt-consult.com> Date: Fri, 11 Dec 2009 07:44:59 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: miika.komu@hiit.fi References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> <4B2234EC.3070102@hiit.fi> In-Reply-To: <4B2234EC.3070102@hiit.fi> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 12:44:02 -0000 Miika Komu wrote: > Andrew McGregor wrote: > > Hi, > > it should be short section then, right?) > > I basically agree with you. Based on our experimentation, it works but > there are some caveats regarding to pairing of addressing. So, sending > of packets from src->dst: > > Teredo->Teredo: works > Teredo->IPv6: does not work without a (commercial) relay service What about your own Miredo relay? > IPv6->Teredo: works > IPv6->IPv6: (works :) > > Samu, please comment if I got the two middle ones in wrong order. > > Also, at least the miredo implementation on linux is good, but not > perfect. Some performance-related issues and sometimes HIP packets > just don't go through (usually restarting of miredo works). > >> Why? It just works, if Teredo is available it's just another IPv6 >> address. >> >> Andrew >> >> On 12/12/2009, at 12:49 AM, Miika Komu wrote: >> >>> Hi, >>> >>> we've done some concrete work on NAT traversal with ICE, but what >>> about Teredo? I think RFC5201 and RFC5206 should have some >>> statements about Teredo-based addresses? >>> _______________________________________________ >>> Hipsec mailing list >>> Hipsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/hipsec >>> >> > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From miika.komu@hiit.fi Fri Dec 11 04:47:46 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A27A3A6875 for ; Fri, 11 Dec 2009 04:47:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.066 X-Spam-Level: X-Spam-Status: No, score=-2.066 tagged_above=-999 required=5 tests=[AWL=0.533, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uu993d7yXC0p for ; Fri, 11 Dec 2009 04:47:45 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 5F0AE3A67CC for ; Fri, 11 Dec 2009 04:47:45 -0800 (PST) Received: from [193.167.187.26] (halko.pc.infrahip.net [193.167.187.26]) by argo.otaverkko.fi (Postfix) with ESMTP id 82D2325ED06; Fri, 11 Dec 2009 14:47:33 +0200 (EET) Message-ID: <4B223F65.9090509@hiit.fi> Date: Fri, 11 Dec 2009 14:47:33 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Robert Moskowitz References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> <4B2234EC.3070102@hiit.fi> <4B223ECB.7040702@htt-consult.com> In-Reply-To: <4B223ECB.7040702@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 12:47:46 -0000 Robert Moskowitz wrote: Hi, > Miika Komu wrote: >> Andrew McGregor wrote: >> >> Hi, >> >> it should be short section then, right?) >> >> I basically agree with you. Based on our experimentation, it works but >> there are some caveats regarding to pairing of addressing. So, sending >> of packets from src->dst: >> >> Teredo->Teredo: works >> Teredo->IPv6: does not work without a (commercial) relay service > > What about your own Miredo relay? works also, but you need the relay. I don't know if miredo supports this. From rgm@htt-consult.com Fri Dec 11 05:17:18 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C11F83A6833 for ; Fri, 11 Dec 2009 05:17:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.555 X-Spam-Level: X-Spam-Status: No, score=-2.555 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eBoVYOz-DUrm for ; Fri, 11 Dec 2009 05:17:16 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 262233A6929 for ; Fri, 11 Dec 2009 05:17:15 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id C744C68B41; Fri, 11 Dec 2009 13:15:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9+0aumUf-MZl; Fri, 11 Dec 2009 08:14:52 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id CFF8368B20; Fri, 11 Dec 2009 08:14:52 -0500 (EST) Message-ID: <4B224698.2040607@htt-consult.com> Date: Fri, 11 Dec 2009 08:18:16 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: miika.komu@hiit.fi References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> <4B2234EC.3070102@hiit.fi> <4B223ECB.7040702@htt-consult.com> <4B223F65.9090509@hiit.fi> In-Reply-To: <4B223F65.9090509@hiit.fi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 13:17:18 -0000 Miika Komu wrote: > Robert Moskowitz wrote: > > Hi, > >> Miika Komu wrote: >>> Andrew McGregor wrote: >>> >>> Hi, >>> >>> it should be short section then, right?) >>> >>> I basically agree with you. Based on our experimentation, it works >>> but there are some caveats regarding to pairing of addressing. So, >>> sending of packets from src->dst: >>> >>> Teredo->Teredo: works >>> Teredo->IPv6: does not work without a (commercial) relay service >> >> What about your own Miredo relay? > > works also, but you need the relay. I don't know if miredo supports this. Been a while since I set mine up; that system is down now. Take a look at the current specs and see what you can do with it. One of my transition scenarios was for a corp to run their own Teredo relay. From julienl@qualcomm.com Fri Dec 11 13:06:55 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 982933A659A for ; Fri, 11 Dec 2009 13:06:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.283 X-Spam-Level: X-Spam-Status: No, score=-103.283 tagged_above=-999 required=5 tests=[AWL=-1.284, BAYES_00=-2.599, J_CHICKENPOX_17=0.6, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wHgXSL5l50f4 for ; Fri, 11 Dec 2009 13:06:54 -0800 (PST) Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 805213A657C for ; Fri, 11 Dec 2009 13:06:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1260565603; x=1292101603; h=from:to:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version; z=From:=20"Laganier,=20Julien"=20 |To:=20Robert=20Moskowitz=20,=20HIP =20|Date:=20Fri,=2011=20Dec=202009=2013: 03:36=20-0800|Subject:=20RE:=20[Hipsec]=20HIs=20per=20pro cess/port|Thread-Topic:=20[Hipsec]=20HIs=20per=20process/ port|Thread-Index:=20Acp41N3vJ4kvTg4cQXCKpAMVfII1ZgBxWBBA |Message-ID:=20|References:=20<4B1FA868.50 20102@htt-consult.com>|In-Reply-To:=20<4B1FA868.5020102@h tt-consult.com>|Accept-Language:=20en-US |Content-Language:=20en-US|X-MS-Has-Attach: |X-MS-TNEF-Correlator:|acceptlanguage:=20en-US |Content-Type:=20text/plain=3B=20charset=3D"us-ascii" |Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0; bh=m08fm9OPazxF7aa06sCmi1vTNnNlzV6/8yQESisv4x4=; b=xPnMez3NU7QMYHczgQrvCRKkIMRsQL9qMobzgGTh7M3mAcv2YstiH7/S 96iuxBVVE/wYXjqy1O57V6i/Ce2f0QOncpGDaxA7Ap2wn8YChs0BcYEVZ FFmY1dWqCzt3fFbHMkH/fitw/CtwpcXz7FHN/RbwFCU6clezZeExnDmCY E=; X-IronPort-AV: E=McAfee;i="5400,1158,5829"; a="29685687" Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP; 11 Dec 2009 13:06:27 -0800 Received: from ironstorm.qualcomm.com (ironstorm.qualcomm.com [172.30.39.153]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nBBL6PxY004994 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Fri, 11 Dec 2009 13:06:25 -0800 X-IronPort-AV: E=Sophos;i="4.47,384,1257148800"; d="scan'208";a="22369616" Received: from nasanexhub04.qualcomm.com (HELO nasanexhub04.na.qualcomm.com) ([129.46.134.222]) by ironstorm.qualcomm.com with ESMTP/TLS/RC4-MD5; 11 Dec 2009 13:06:24 -0800 Received: from nasanex14h01.na.qualcomm.com (10.46.94.107) by nasanexhub04.na.qualcomm.com (129.46.134.222) with Microsoft SMTP Server (TLS) id 8.2.176.0; Fri, 11 Dec 2009 13:03:38 -0800 Received: from nalasexhc01.na.qualcomm.com (10.47.129.185) by nasanex14h01.na.qualcomm.com (10.46.94.107) with Microsoft SMTP Server (TLS) id 14.0.639.21; Fri, 11 Dec 2009 13:03:38 -0800 Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.118]) by nalasexhc01.na.qualcomm.com ([10.47.129.185]) with mapi; Fri, 11 Dec 2009 13:03:38 -0800 From: "Laganier, Julien" To: Robert Moskowitz , HIP Date: Fri, 11 Dec 2009 13:03:36 -0800 Thread-Topic: [Hipsec] HIs per process/port Thread-Index: Acp41N3vJ4kvTg4cQXCKpAMVfII1ZgBxWBBA Message-ID: References: <4B1FA868.5020102@htt-consult.com> In-Reply-To: <4B1FA868.5020102@htt-consult.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [Hipsec] HIs per process/port X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 21:06:55 -0000 Hi Robert - To me service location based on DNS seems to be orthogonal to the HIP layer= . Assuming the DNS service location is in place, e.g., Domain-Based Applica= tion Service Location Using SRV RRs and the Dynamic Delegation Discovery Se= rvice (DDDS) [RFC3958], it seems we do not need to change anything at the H= IP layer. The serving application would only bind() to the service specific= HI. Am I missing something? --julien=20 =20 Robert Moskowitz wrote: >=20 > Is there any push-back in adding support for specifically supporting > HIs associated with a process and/or port? >=20 > This is kind of denied currently, but there is wording in various > places that hints you can. I believe at the Stockholm meeting that the > Ericsson crew said they do support this now. >=20 > I don't want to go through the work to add the text and then have > people > coming at me with guns a'blazing. I mean I DO wear my Kevlar suit, > but.... ;) >=20 > Oh, I did not envision HIP having per process/port policy, but there > appears to be an interest in this and it is NOT too hard to do, but it > DOES change the DNS model from a MX-style to a SRV format. >=20 >=20 > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From miika.komu@hiit.fi Sat Dec 12 00:10:13 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C36053A67EF for ; Sat, 12 Dec 2009 00:10:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_17=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id shjKXjYJQGJQ for ; Sat, 12 Dec 2009 00:10:13 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id E638C3A67A2 for ; Sat, 12 Dec 2009 00:10:12 -0800 (PST) Received: from [192.168.0.2] (cs27096138.pp.htv.fi [89.27.96.138]) by argo.otaverkko.fi (Postfix) with ESMTP id 40ED325ED06; Sat, 12 Dec 2009 10:10:00 +0200 (EET) Message-ID: <4B234FEC.20902@hiit.fi> Date: Sat, 12 Dec 2009 10:10:20 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: "Laganier, Julien" References: <4B1FA868.5020102@htt-consult.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] HIs per process/port X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2009 08:10:13 -0000 Laganier, Julien wrote: Hi, should this be mentioned in the revised DNS RFC? > Hi Robert - > > To me service location based on DNS seems to be orthogonal to the HIP layer. Assuming the DNS service location is in place, e.g., Domain-Based Application Service Location Using SRV RRs and the Dynamic Delegation Discovery Service (DDDS) [RFC3958], it seems we do not need to change anything at the HIP layer. The serving application would only bind() to the service specific HI. > > Am I missing something? > > --julien > > Robert Moskowitz wrote: >> Is there any push-back in adding support for specifically supporting >> HIs associated with a process and/or port? >> >> This is kind of denied currently, but there is wording in various >> places that hints you can. I believe at the Stockholm meeting that the >> Ericsson crew said they do support this now. >> >> I don't want to go through the work to add the text and then have >> people >> coming at me with guns a'blazing. I mean I DO wear my Kevlar suit, >> but.... ;) >> >> Oh, I did not envision HIP having per process/port policy, but there >> appears to be an interest in this and it is NOT too hard to do, but it >> DOES change the DNS model from a MX-style to a SRV format. >> >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From root@core3.amsl.com Sat Dec 12 16:00:01 2009 Return-Path: X-Original-To: hipsec@ietf.org Delivered-To: hipsec@core3.amsl.com Received: by core3.amsl.com (Postfix, from userid 0) id A319D3A6878; Sat, 12 Dec 2009 16:00:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20091213000001.A319D3A6878@core3.amsl.com> Date: Sat, 12 Dec 2009 16:00:01 -0800 (PST) Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action:draft-ietf-hip-native-api-10.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2009 00:00:01 -0000 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol Working Group of the IETF. Title : Basic Socket Interface Extensions for Host Identity Protocol (HIP) Author(s) : M. Komu, T. Henderson Filename : draft-ietf-hip-native-api-10.txt Pages : 19 Date : 2009-12-12 This document defines extensions to the current sockets API for the Host Identity Protocol (HIP). The extensions focus on the use of public-key based identifiers discovered via DNS resolution, but define also interfaces for manual bindings between HITs and locators. With the extensions, the application can also support more relaxed security models where the communication can be non-HIP based, according to local policies. The extensions in this document are experimental and provide basic tools for further experimentation with policies. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on June 13, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-10.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-hip-native-api-10.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-12-12155949.I-D@ietf.org> --NextPart-- From miika.komu@hiit.fi Sun Dec 13 05:23:45 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5BF513A68F1 for ; Sun, 13 Dec 2009 05:23:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.549 X-Spam-Level: X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tGKY3UbvPyQ5 for ; Sun, 13 Dec 2009 05:23:44 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 861A93A68EA for ; Sun, 13 Dec 2009 05:23:44 -0800 (PST) Received: from [192.168.0.2] (cs27096138.pp.htv.fi [89.27.96.138]) by argo.otaverkko.fi (Postfix) with ESMTP id C75CF25ED0E for ; Sun, 13 Dec 2009 15:23:31 +0200 (EET) Message-ID: <4B24EAD9.8010807@hiit.fi> Date: Sun, 13 Dec 2009 15:23:37 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] [Fwd: WG Last Call for draft-ietf-shim6-multihome-shim-api] X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2009 13:23:45 -0000 FYI, the multihoming API applies to HIP as well. -------- Original Message -------- Subject: WG Last Call for draft-ietf-shim6-multihome-shim-api Date: Tue, 8 Dec 2009 07:14:38 +1100 From: Geoff Huston To: shim6@ietf.org CC: shinta.sugimoto@ericsson.com, Lindqvist Kurt Erik , kristian.slavov@ericsson.com, marcelo bagnulo braun , miika@iki.fi The WG chairs have received a Working Group Last Call request from the authors of draft-ietf-shim6-multihome-shim-api-11.txt. The intended status of this document is Informational. The document (and the draft history) is at http://tools.ietf.org/html/draft-ietf-shim6-multihome-shim-api-11 The 2 week WG Last Call will end as of the close of business on Tuesday 22nd December. As usual, please address all comments to the SHIM6 WG mailing list, and please be clear in your comments to this WG last call if you are supporting the document's submission to the IESG or if you are opposed, or if you are not expressing a view either way. Thanks, Geoff WG Co-CHair hat ON From jan.melen@nomadiclab.com Mon Dec 14 00:56:51 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6CEF33A69CF for ; Mon, 14 Dec 2009 00:56:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.588 X-Spam-Level: X-Spam-Status: No, score=-1.588 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, HELO_EQ_SE=0.35, HOST_MISMATCH_COM=0.311, J_CHICKENPOX_17=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3BcOnZyzKukG for ; Mon, 14 Dec 2009 00:56:50 -0800 (PST) Received: from n2.nomadiclab.com (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 850B93A6819 for ; Mon, 14 Dec 2009 00:56:50 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id DA7A51EF13D; Mon, 14 Dec 2009 10:56:36 +0200 (EET) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from n2.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kzviSG7bh8od; Mon, 14 Dec 2009 10:56:36 +0200 (EET) Received: from esealmw967.eemea.ericsson.se (inside.nomadiclab.com [193.234.219.2]) by n2.nomadiclab.com (Postfix) with ESMTP id 47C711EF12F; Mon, 14 Dec 2009 10:56:36 +0200 (EET) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Jan Melen In-Reply-To: Date: Mon, 14 Dec 2009 10:56:35 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4B1FA868.5020102@htt-consult.com> To: "Laganier, Julien" X-Mailer: Apple Mail (2.1077) Cc: HIP Subject: Re: [Hipsec] HIs per process/port X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2009 08:56:51 -0000 Hi Julien, This is how it works in our implementation for example but this also = means that you have to assign different domain name for each service. To = get around this problem I think you need the SRV RR records in order to = support HIs per port basis on a single DNS domain name.=20 Regards, Jan On Dec 11, 2009, at 11:03 PM, Laganier, Julien wrote: > Hi Robert - >=20 > To me service location based on DNS seems to be orthogonal to the HIP = layer. Assuming the DNS service location is in place, e.g., Domain-Based = Application Service Location Using SRV RRs and the Dynamic Delegation = Discovery Service (DDDS) [RFC3958], it seems we do not need to change = anything at the HIP layer. The serving application would only bind() to = the service specific HI. >=20 > Am I missing something? >=20 > --julien=20 >=20 > Robert Moskowitz wrote: >>=20 >> Is there any push-back in adding support for specifically supporting >> HIs associated with a process and/or port? >>=20 >> This is kind of denied currently, but there is wording in various >> places that hints you can. I believe at the Stockholm meeting that = the >> Ericsson crew said they do support this now. >>=20 >> I don't want to go through the work to add the text and then have >> people >> coming at me with guns a'blazing. I mean I DO wear my Kevlar suit, >> but.... ;) >>=20 >> Oh, I did not envision HIP having per process/port policy, but there >> appears to be an interest in this and it is NOT too hard to do, but = it >> DOES change the DNS model from a MX-style to a SRV format. >>=20 >>=20 >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From rgm@htt-consult.com Mon Dec 14 13:16:05 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 080DD3A680D for ; Mon, 14 Dec 2009 13:16:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.257 X-Spam-Level: X-Spam-Status: No, score=-2.257 tagged_above=-999 required=5 tests=[AWL=-0.258, BAYES_00=-2.599, J_CHICKENPOX_17=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4xPHdZTRuZW7 for ; Mon, 14 Dec 2009 13:16:04 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id BF89428C15D for ; Mon, 14 Dec 2009 13:15:59 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id B3FAC68235; Mon, 14 Dec 2009 22:14:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qulqvME0sLXA; Mon, 14 Dec 2009 17:14:04 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 63B956818E; Mon, 14 Dec 2009 17:14:04 -0500 (EST) Message-ID: <4B26AB53.2090302@htt-consult.com> Date: Mon, 14 Dec 2009 16:17:07 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: "Laganier, Julien" References: <4B1FA868.5020102@htt-consult.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] HIs per process/port X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2009 21:16:05 -0000 Laganier, Julien wrote: > Hi Robert - > > To me service location based on DNS seems to be orthogonal to the HIP layer. Assuming the DNS service location is in place, e.g., Domain-Based Application Service Location Using SRV RRs and the Dynamic Delegation Discovery Service (DDDS) [RFC3958], it seems we do not need to change anything at the HIP layer. The serving application would only bind() to the service specific HI. > > Am I missing something? > Somewhere in either 4423 or 5201 are rather 'strong' words that a HI is associated with the stack and NOT with processes. I had tagged needing to change that, but I CAN'T FIND THE TEXT NOW!!!!! HELP!!! :) Originally I had no intention of having per process/port HIs, but others brought forward the value of it and how it could be done as a local policy thing. OK it fits, do it. But it DOES push us from an MX DNS model to a SRV DNS model. DNS is orthogonal to HIP, but we DO present DNS as a mechinism to actuate HIP and if you are connecting to a CLOUD resource, you probably DO want the process, not the host. As Jan indicated you CAN do this with different FQDNs for the host. That works. But SRV works 'better'? > --julien > > Robert Moskowitz wrote: > >> Is there any push-back in adding support for specifically supporting >> HIs associated with a process and/or port? >> >> This is kind of denied currently, but there is wording in various >> places that hints you can. I believe at the Stockholm meeting that the >> Ericsson crew said they do support this now. >> >> I don't want to go through the work to add the text and then have >> people >> coming at me with guns a'blazing. I mean I DO wear my Kevlar suit, >> but.... ;) >> >> Oh, I did not envision HIP having per process/port policy, but there >> appears to be an interest in this and it is NOT too hard to do, but it >> DOES change the DNS model from a MX-style to a SRV format. >> >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec >> > > From julienl@qualcomm.com Mon Dec 14 13:24:26 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 682C53A680D for ; Mon, 14 Dec 2009 13:24:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.194 X-Spam-Level: X-Spam-Status: No, score=-105.194 tagged_above=-999 required=5 tests=[AWL=0.805, BAYES_00=-2.599, J_CHICKENPOX_17=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCOkWYYim-ku for ; Mon, 14 Dec 2009 13:24:25 -0800 (PST) Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by core3.amsl.com (Postfix) with ESMTP id 4C2C43A63EC for ; Mon, 14 Dec 2009 13:24:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1260825852; x=1292361852; h=from:to:cc:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version; z=From:=20"Laganier,=20Julien"=20 |To:=20Jan=20Melen=20|CC:=20Rob ert=20Moskowitz=20,=20HIP=20|Date:=20Mon,=2014=20Dec=202009=2013:24:04=20-08 00|Subject:=20RE:=20[Hipsec]=20HIs=20per=20process/port |Thread-Topic:=20[Hipsec]=20HIs=20per=20process/port |Thread-Index:=20Acp8m1xt5xs54PvdT6eXcxUV3Wa30AAaCaGA |Message-ID:=20|References:=20<4B1FA868.50 20102@htt-consult.com>=0D=0A=20=0D=0A=20 |In-Reply-To:=20|Accept-Language:=20en-US|Content-Language: =20en-US|X-MS-Has-Attach:|X-MS-TNEF-Correlator: |acceptlanguage:=20en-US|Content-Type:=20text/plain=3B=20 charset=3D"us-ascii"|Content-Transfer-Encoding:=20quoted- printable|MIME-Version:=201.0; bh=MnU5vaulpt/9W0yxe0AEEzroJEbSmHC1wLR7b6rlZAs=; b=MqUSWXkQbnq1VeTSxvVPYdxn3jrihtmARpbEW6nwrQhnwwPOkojmgrnm FZa6t6eXOsfs9S0mPiB+0OuenHv5Dk3xI1B5EQZ4MnE4a0SZT/bER6W1t mEOnda9TXGt6oDnzJvZ6jGTp73qDaXw6SJ8STzOK+x2jhRc+i0vmDAbX9 A=; X-IronPort-AV: E=McAfee;i="5400,1158,5832"; a="29897901" Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine01.qualcomm.com with ESMTP; 14 Dec 2009 13:24:06 -0800 Received: from ironrogue.qualcomm.com (ironrogue.qualcomm.com [129.46.61.164]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nBELO6Dn018715 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 14 Dec 2009 13:24:06 -0800 X-IronPort-AV: E=Sophos;i="4.47,396,1257148800"; d="scan'208";a="23062347" Received: from nasanexhub06.na.qualcomm.com ([129.46.134.254]) by ironrogue.qualcomm.com with ESMTP/TLS/RC4-MD5; 14 Dec 2009 13:24:06 -0800 Received: from nalasexhc01.na.qualcomm.com (10.47.129.185) by nasanexhub06.na.qualcomm.com (129.46.134.254) with Microsoft SMTP Server (TLS) id 8.2.176.0; Mon, 14 Dec 2009 13:24:05 -0800 Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.114]) by nalasexhc01.na.qualcomm.com ([10.47.129.185]) with mapi; Mon, 14 Dec 2009 13:24:05 -0800 From: "Laganier, Julien" To: Jan Melen Date: Mon, 14 Dec 2009 13:24:04 -0800 Thread-Topic: [Hipsec] HIs per process/port Thread-Index: Acp8m1xt5xs54PvdT6eXcxUV3Wa30AAaCaGA Message-ID: References: <4B1FA868.5020102@htt-consult.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: HIP Subject: Re: [Hipsec] HIs per process/port X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2009 21:24:26 -0000 Hi Jan, Then I see no difference with using different IPs per process/port. You got= ta use different domain names unless you rely on SRV and/or NAPTR. Situatio= n is similar with HIP. --julien Jan Melen wrote: >=20 > Hi Julien, >=20 > This is how it works in our implementation for example but this also > means that you have to assign different domain name for each service. > To get around this problem I think you need the SRV RR records in order > to support HIs per port basis on a single DNS domain name. >=20 > Regards, > Jan >=20 > On Dec 11, 2009, at 11:03 PM, Laganier, Julien wrote: >=20 > > Hi Robert - > > > > To me service location based on DNS seems to be orthogonal to the HIP > layer. Assuming the DNS service location is in place, e.g., Domain- > Based Application Service Location Using SRV RRs and the Dynamic > Delegation Discovery Service (DDDS) [RFC3958], it seems we do not need > to change anything at the HIP layer. The serving application would only > bind() to the service specific HI. > > > > Am I missing something? > > > > --julien > > > > Robert Moskowitz wrote: > >> > >> Is there any push-back in adding support for specifically supporting > >> HIs associated with a process and/or port? > >> > >> This is kind of denied currently, but there is wording in various > >> places that hints you can. I believe at the Stockholm meeting that > the > >> Ericsson crew said they do support this now. > >> > >> I don't want to go through the work to add the text and then have > >> people > >> coming at me with guns a'blazing. I mean I DO wear my Kevlar suit, > >> but.... ;) > >> > >> Oh, I did not envision HIP having per process/port policy, but there > >> appears to be an interest in this and it is NOT too hard to do, but > it > >> DOES change the DNS model from a MX-style to a SRV format. > >> > >> > >> _______________________________________________ > >> Hipsec mailing list > >> Hipsec@ietf.org > >> https://www.ietf.org/mailman/listinfo/hipsec > > _______________________________________________ > > Hipsec mailing list > > Hipsec@ietf.org > > https://www.ietf.org/mailman/listinfo/hipsec From rgm@htt-consult.com Tue Dec 15 08:15:30 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D37D73A6A00 for ; Tue, 15 Dec 2009 08:15:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.547 X-Spam-Level: X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kfWUmq1JEcpp for ; Tue, 15 Dec 2009 08:15:29 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id AEF1D3A68E2 for ; Tue, 15 Dec 2009 08:15:29 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id D38CF68B24 for ; Tue, 15 Dec 2009 17:13:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5G0gMw7gZdVo for ; Tue, 15 Dec 2009 12:13:32 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id A4E1F68B23 for ; Tue, 15 Dec 2009 12:13:32 -0500 (EST) Message-ID: <4B27B66A.9020501@htt-consult.com> Date: Tue, 15 Dec 2009 11:16:42 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] New HIP_TRANSFORM X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Dec 2009 16:15:31 -0000 Here are my recommended changes to HIP_TRANSFORM. But I need some clearification. First the new list: Suite ID Value RESERVED 0 AES-CBC with HMAC-SHA1 1 ([RFC3602], [RFC2404]) 3DES-CBC with HMAC-SHA1 2 ([RFC2451], [RFC2404]) 3DES-CBC with HMAC-MD5 3 ([RFC2451], [RFC2403]) BLOWFISH-CBC with HMAC-SHA1 4 ([RFC2451], [RFC2404]) NULL-ENCRYPT with HMAC-SHA1 5 ([RFC2410], [RFC2404]) NULL-ENCRYPT with HMAC-MD5 6 ([RFC2410], [RFC2403]) NULL-ENCRYPT with HMAC-SHA2 7 ([RFC2410], [RFC4868]) AES-CBC with HMAC-SHA2 8 ([RFC3602], [RFC4868]) AES-CCM-8 9 [RFC4309] AES-CCM-12 10 [RFC4309] AES-CCM-16 11 [RFC4309] AES-GCM with a 8 octet ICV 12 [RFC4106] AES-GCM with a 12 octet ICV 13 [RFC4106] AES-GCM with a 16 octet ICV 14 [RFC4106] This is two changes: Adding SHA2 (SHA2-256) and CCM and GCM. We make #8 and #7 the Mandatory implementations. (currently the SHA1 versions). That is according to 5.2.7. But in 5.3.2, it only states: "All implementations MUST support the AES [RFC3602] with HMAC-SHA-1-96 [RFC2404]." Whereas 5.3.3 states: "All implementations MUST support the AES transform [RFC3602]." Quite a bit of inconsistancy. Does NULL go out of 5.2.7, or added to 5.3? 5.3.3 will be updated to be the same as 5.3.2. Finally as for the actual list. Do we leave number spaces for HMAC-FOO where FOO is the NIST Hash winner? So that #8 and #10 are reserved? Do we include all IV sizes for CCM and GCM? I thought about making CCM the Manditory for 15.4 devices, or rather for any device where CCM is the MACsec cipher, but I figured that AES-CBC is a subset of AES-CCM, so you SHOULD have all the code there for AES-CBC anyway. So I would RECOMMEND a SHOULD for AES-CCM or AES-GCM when they are the underlying MACsec cipher (GCM is specified in 802.1AE). Note that I removed the reference to the IKEv2 RFC, replacing it with the RFCs that it references... Comments? Corrections? Improvements? From rgm@htt-consult.com Tue Dec 15 08:38:34 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C912F3A69F0 for ; Tue, 15 Dec 2009 08:38:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.549 X-Spam-Level: X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ydUI8UT0bAot for ; Tue, 15 Dec 2009 08:38:34 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id F05883A6884 for ; Tue, 15 Dec 2009 08:38:33 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 6F78868B28 for ; Tue, 15 Dec 2009 17:36:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6d9GbpBUtfv6 for ; Tue, 15 Dec 2009 12:36:37 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id BF01668B23 for ; Tue, 15 Dec 2009 12:36:37 -0500 (EST) Message-ID: <4B27BBD3.5070802@htt-consult.com> Date: Tue, 15 Dec 2009 11:39:47 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] HMAC Key material X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Dec 2009 16:38:34 -0000 In 5.2's table, HMAC and HMAC_2 are defined as "HMAC based message authentication code, with key material from HIP_TRANSFORM." And of course there is NO keying material in HIP_TRANSFORM.... Then in 5.2.9 & 5.2.10 there is no mention of keying material. But in 6.4.1 KEYMAT is referenced as the source of the D-H derived keying material. From this I ASSuME the 5.2 table is in error? It should either directly reference KEYMAT or indirectly DIFFIE_HELLMAN TLV? From jeffrey.m.ahrenholz@boeing.com Tue Dec 15 09:04:15 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7216B3A6AA7 for ; Tue, 15 Dec 2009 09:04:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yv7KHsRe6Yim for ; Tue, 15 Dec 2009 09:04:14 -0800 (PST) Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69]) by core3.amsl.com (Postfix) with ESMTP id AF3A33A6ABC for ; Tue, 15 Dec 2009 09:04:14 -0800 (PST) Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by blv-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id nBFH3qfT005733 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 15 Dec 2009 09:03:54 -0800 (PST) Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id nBFH3qeN023347; Tue, 15 Dec 2009 09:03:52 -0800 (PST) Received: from XCH-NWHT-08.nw.nos.boeing.com (xch-nwht-08.nw.nos.boeing.com [130.247.25.112]) by blv-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id nBFH3p7v023341 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Tue, 15 Dec 2009 09:03:52 -0800 (PST) Received: from XCH-NW-12V.nw.nos.boeing.com ([130.247.25.248]) by XCH-NWHT-08.nw.nos.boeing.com ([130.247.25.112]) with mapi; Tue, 15 Dec 2009 09:03:51 -0800 From: "Ahrenholz, Jeffrey M" To: "'Robert Moskowitz'" , HIP Date: Tue, 15 Dec 2009 09:03:51 -0800 Thread-Topic: [Hipsec] HMAC Key material Thread-Index: Acp9pRU99df8yu4xR4iw3jTB01WjcgAAb4FQ Message-ID: References: <4B27BBD3.5070802@htt-consult.com> In-Reply-To: <4B27BBD3.5070802@htt-consult.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [Hipsec] HMAC Key material X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Dec 2009 17:04:15 -0000 > In 5.2's table, HMAC and HMAC_2 are defined as "HMAC based message=20 > authentication code, with key material from HIP_TRANSFORM." And of=20 > course there is NO keying material in HIP_TRANSFORM.... ... > From this I ASSuME the 5.2 table is in error? It should either=20 > directly reference KEYMAT or indirectly DIFFIE_HELLMAN TLV? Yes it would make most sense to reference the KEYMAT generation section. In= terms of TLVs, you need DIFFIE_HELLMAN, SOLUTION, and HIP_TRANSFORM to gen= erate the KEYMAT and choose an HMAC key, so indeed it doesn't make sense to= only mention HIP_TRANSFORM.=20 The table probably meant to indicate that HIP_TRANSFORM determines the hash= function used. -Jeff= From rgm@htt-consult.com Tue Dec 15 09:13:51 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B11D23A6AC6 for ; Tue, 15 Dec 2009 09:13:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.551 X-Spam-Level: X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[AWL=0.048, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9FmFnbqG93St for ; Tue, 15 Dec 2009 09:13:50 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 914983A6ACB for ; Tue, 15 Dec 2009 09:13:50 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 36DB768B28 for ; Tue, 15 Dec 2009 18:12:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WJXzdaR52-5J for ; Tue, 15 Dec 2009 13:11:54 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 7D55D68B23 for ; Tue, 15 Dec 2009 13:11:49 -0500 (EST) Message-ID: <4B27C413.1030809@htt-consult.com> Date: Tue, 15 Dec 2009 12:14:59 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Major change to KEYMAT X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Dec 2009 17:13:51 -0000 I am leaning heavily to change the KEYMAT process to using http://www.ietf.org/id/draft-krawczyk-hkdf-00.txt The HITs will be the INFO fed into the Expand step, but there is a deficiency in the current KEYMAT WRT the SALT for the Extract phase. Currently we have I and J used in KEYMAT, but both J is not truly sourced from the Initiator, it is influenced by I from the Responder. And both are too short by 'accept practices' that each NONCE is twice the size of the desired master key. So there should be a NONCE1 in R1 and NONCE2 in I2. I think that NONCE1 SHOULD be echoed back in I2. The NONCE length is variable, 256, 384, or 512 depending on the key size needed? Which raises the question of where we control key length for AES? We are probably defaulting to 128 and not allowing for larger key lengths? From rgm@htt-consult.com Tue Dec 15 09:44:12 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 462313A6ACB for ; Tue, 15 Dec 2009 09:44:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.553 X-Spam-Level: X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mo-6ovvAAHz0 for ; Tue, 15 Dec 2009 09:44:10 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id C2D0D3A68B3 for ; Tue, 15 Dec 2009 09:44:10 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id BFAA468B28; Tue, 15 Dec 2009 18:42:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27KPtCthrPCX; Tue, 15 Dec 2009 13:42:14 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id E92D768B23; Tue, 15 Dec 2009 13:42:13 -0500 (EST) Message-ID: <4B27CB34.70102@htt-consult.com> Date: Tue, 15 Dec 2009 12:45:24 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: "Ahrenholz, Jeffrey M" References: <4B27BBD3.5070802@htt-consult.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] HMAC Key material X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Dec 2009 17:44:12 -0000 Ahrenholz, Jeffrey M wrote: >> In 5.2's table, HMAC and HMAC_2 are defined as "HMAC based message >> authentication code, with key material from HIP_TRANSFORM." And of >> course there is NO keying material in HIP_TRANSFORM.... >> > ... > >> From this I ASSuME the 5.2 table is in error? It should either >> directly reference KEYMAT or indirectly DIFFIE_HELLMAN TLV? >> > > Yes it would make most sense to reference the KEYMAT generation section. In terms of TLVs, you need DIFFIE_HELLMAN, SOLUTION, and HIP_TRANSFORM to generate the KEYMAT and choose an HMAC key, so indeed it doesn't make sense to only mention HIP_TRANSFORM. > > The table probably meant to indicate that HIP_TRANSFORM determines the hash function used. And that will change with the addtion of a HASH HIP Parameter, From rgm@htt-consult.com Tue Dec 15 10:25:16 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4811D3A6AC2 for ; Tue, 15 Dec 2009 10:25:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.554 X-Spam-Level: X-Spam-Status: No, score=-2.554 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WFuEfe0T-STX for ; Tue, 15 Dec 2009 10:25:15 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 6680A3A6895 for ; Tue, 15 Dec 2009 10:25:15 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 5646068B52 for ; Tue, 15 Dec 2009 19:22:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N1REBmRnYu81 for ; Tue, 15 Dec 2009 14:22:50 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id B8A0768AD0 for ; Tue, 15 Dec 2009 14:22:50 -0500 (EST) Message-ID: <4B27D4B9.1090002@htt-consult.com> Date: Tue, 15 Dec 2009 13:26:01 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] Depricate MD5 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Dec 2009 18:25:16 -0000 I propose to totally remove references to MD5 from HIP. this seems to only impact HIP_TRANSFORM #3 & #6 will be changed to: "Unused". From rgm@htt-consult.com Wed Dec 16 07:09:00 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F155A3A680F for ; Wed, 16 Dec 2009 07:08:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.626 X-Spam-Level: X-Spam-Status: No, score=-1.626 tagged_above=-999 required=5 tests=[AWL=-0.886, BAYES_20=-0.74] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TR1t8-FUf9aX for ; Wed, 16 Dec 2009 07:08:59 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 2C9BE3A67E6 for ; Wed, 16 Dec 2009 07:08:57 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 5F72E68A8B for ; Wed, 16 Dec 2009 16:07:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RL+UfhPqjffi for ; Wed, 16 Dec 2009 11:06:57 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 9014F68AD0 for ; Wed, 16 Dec 2009 11:06:57 -0500 (EST) Message-ID: <4B28F857.2010908@htt-consult.com> Date: Wed, 16 Dec 2009 10:10:15 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] 4423-bis new section -- HIP and MAC Security X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2009 15:09:00 -0000 I am proposing a new section in 4423-bis. Please comment/improve: 8. HIP and MAC Security The IEEE 802 standards have been defining MAC layered security. Many of these standards use EAP [ref!] as a Key Management System (KMS) transport, but some like IEEE 802.15.4 [ref!] leave the KMS and its transport as "Out of Scope". HIP is well suited as a KMS in these environments. o HIP is independent of IP addressing and can be directly transported over any network protocol. o Master Keys in 802 protocols are strictly pair-based with group keys transported from the group controller using pair-wise keys. o AdHoc 802 networks can be better served by a peer-to-peer KMS than the EAP client/server model. o Some devices are very memory constrained and a common KMS for both MAC and IP security represents a considerable code savings. From rgm@htt-consult.com Wed Dec 16 07:14:06 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 757C53A6998 for ; Wed, 16 Dec 2009 07:14:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.528 X-Spam-Level: X-Spam-Status: No, score=-2.528 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Doh47J5Xl8gU for ; Wed, 16 Dec 2009 07:14:01 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 739DF3A6964 for ; Wed, 16 Dec 2009 07:13:59 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 2465268A8E for ; Wed, 16 Dec 2009 16:12:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8GTmayb4dxLB for ; Wed, 16 Dec 2009 11:12:00 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 814F468A8B for ; Wed, 16 Dec 2009 11:12:00 -0500 (EST) Message-ID: <4B28F986.6090508@htt-consult.com> Date: Wed, 16 Dec 2009 10:15:18 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] HIP and multicast X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2009 15:14:06 -0000 Do we have anything to change on HIP and multicast in 4423: 9. Multicast There was little if any concrete thoughts about how HIP might affect IP-layer or application-layer multicast. From pekka.nikander@nomadiclab.com Wed Dec 16 08:59:24 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 816DA3A690B for ; Wed, 16 Dec 2009 08:59:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Utl5PgsM7oar for ; Wed, 16 Dec 2009 08:59:23 -0800 (PST) Received: from n2.nomadiclab.com (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 733D53A69C2 for ; Wed, 16 Dec 2009 08:59:23 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 93A0D1EF13D; Wed, 16 Dec 2009 18:59:08 +0200 (EET) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from n2.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OMkOULnnFIsM; Wed, 16 Dec 2009 18:59:07 +0200 (EET) Received: from [IPv6:::1] (localhost [IPv6:::1]) by n2.nomadiclab.com (Postfix) with ESMTP id AFCD01EF132; Wed, 16 Dec 2009 18:59:07 +0200 (EET) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Pekka Nikander In-Reply-To: <4B28F986.6090508@htt-consult.com> Date: Wed, 16 Dec 2009 18:59:07 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <30D81D3C-33A8-4B01-A9EF-39F95F590ECA@nomadiclab.com> References: <4B28F986.6090508@htt-consult.com> To: Robert Moskowitz X-Mailer: Apple Mail (2.1077) Cc: HIP Subject: Re: [Hipsec] HIP and multicast X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2009 16:59:24 -0000 On 2009-12 -16, at 17:15 , Robert Moskowitz wrote: > Do we have anything to change on HIP and multicast in 4423: >=20 > 9. Multicast >=20 > There was little if any concrete thoughts about how HIP might affect > IP-layer or application-layer multicast. There's been one paper: = http://www.hit.bme.hu/~jakab/edu/litr/Multicast/HIP_Multicast_HISM_infocom= _kovacshazi.pdf I don't know of anything else. --Pekka From gonzalo.camarillo@ericsson.com Thu Dec 17 04:35:46 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D600C28C103 for ; Thu, 17 Dec 2009 04:35:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.237 X-Spam-Level: X-Spam-Status: No, score=-6.237 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LikClACudtGR for ; Thu, 17 Dec 2009 04:35:46 -0800 (PST) Received: from mailgw4.ericsson.se (mailgw4.ericsson.se [193.180.251.62]) by core3.amsl.com (Postfix) with ESMTP id DB5B13A6850 for ; Thu, 17 Dec 2009 04:35:45 -0800 (PST) X-AuditID: c1b4fb3e-b7bc3ae000002f8e-cf-4b2a17ea9e43 Received: from esealmw126.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw4.ericsson.se (Symantec Mail Security) with SMTP id 02.54.12174.AE71A2B4; Thu, 17 Dec 2009 12:37:14 +0100 (CET) Received: from esealmw126.eemea.ericsson.se ([153.88.254.174]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Thu, 17 Dec 2009 12:37:12 +0100 Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Thu, 17 Dec 2009 12:37:12 +0100 Received: from [131.160.37.44] (EV001E681B5FE2.lmf.ericsson.se [131.160.37.44]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 7C881233F; Thu, 17 Dec 2009 13:37:12 +0200 (EET) Message-ID: <4B2A17E8.2090301@ericsson.com> Date: Thu, 17 Dec 2009 13:37:12 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 17 Dec 2009 11:37:12.0724 (UTC) FILETIME=[467ADD40:01CA7F0D] X-Brightmail-Tracker: AAAAAA== Cc: David Ward Subject: [Hipsec] Meeting in Anaheim X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Dec 2009 12:35:47 -0000 Folks, considering all the work going on in the group at present, we have requested a face-to-face session in Anaheim. Cheers, Gonzalo HIP co-chair From gonzalo.camarillo@ericsson.com Fri Dec 18 00:34:03 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2DB213A67AE for ; Fri, 18 Dec 2009 00:34:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.239 X-Spam-Level: X-Spam-Status: No, score=-6.239 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bkw6-zd-CMzB for ; Fri, 18 Dec 2009 00:34:02 -0800 (PST) Received: from mailgw5.ericsson.se (mailgw5.ericsson.se [193.180.251.36]) by core3.amsl.com (Postfix) with ESMTP id DEE503A6813 for ; Fri, 18 Dec 2009 00:34:01 -0800 (PST) X-AuditID: c1b4fb24-b7beeae000003a71-6c-4b2b3e6a3ac3 Received: from esealmw128.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw5.ericsson.se (Symantec Mail Security) with SMTP id FE.01.14961.96E3B2B4; Fri, 18 Dec 2009 09:33:46 +0100 (CET) Received: from esealmw126.eemea.ericsson.se ([153.88.254.170]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Fri, 18 Dec 2009 09:32:16 +0100 Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Fri, 18 Dec 2009 09:32:16 +0100 Received: from [131.160.37.44] (EV001E681B5FE2.lmf.ericsson.se [131.160.37.44]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 631BF2551; Fri, 18 Dec 2009 10:32:16 +0200 (EET) Message-ID: <4B2B3E10.2080904@ericsson.com> Date: Fri, 18 Dec 2009 10:32:16 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Robert Moskowitz References: <4B1E5897.4050702@htt-consult.com> <4B1E909B.20207@htt-consult.com> In-Reply-To: <4B1E909B.20207@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 18 Dec 2009 08:32:16.0667 (UTC) FILETIME=[9B20AEB0:01CA7FBC] X-Brightmail-Tracker: AAAAAA== Cc: HIP Subject: Re: [Hipsec] Who maintains Hip Status Pages X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2009 08:34:03 -0000 Hi Bob, note that I already added your two drafts to the issue tracker. As soon as I have your login email address, I will authorize you to add issues against those drafts. Actually, I intend to add all editors to a group that will be authorized to manage issues in the tracker. Cheers, Gonzalo Robert Moskowitz wrote: > Laganier, Julien wrote: >> Hi Bob, >> >> I understand you can't get issues before the draft are working group >> drafts with the proper name: >> >> draft-ietf-hip-rfc5201-bis-00.txt >> >> If you want to have them listed in the related draft section of the >> web page, they need the wg name (hip) somewhere in the filename, e.g., : >> >> draft-moskowitz-hip-rfc5201-bis-00.txt >> > > hmmm... > > Then how did draft-zhipeng-pkix-drm-proxy-architecture > > get on the page. But taking a look at that draft, I can't figure out > what it has to do with the HIP workgroup. Oh, I see, look at author's > name: zhipeng !!!! > > I think this is a 'bug' in the IETF tools. > > After our IT people figure out why I did not get the key verification > emails, I will get with the IETF Secretariat to change the draft name. > > >> --julien >> >> >>> -----Original Message----- >>> From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On >>> Behalf Of Robert Moskowitz >>> Sent: Tuesday, December 08, 2009 5:46 AM >>> To: HIP >>> Subject: [Hipsec] Who maintains Hip Status Pages >>> >>> http://tools.ietf.org/wg/hip/ >>> >>> How do I get my two IDs there so that I can start posting issues to >>> them? >>> >>> >>> _______________________________________________ >>> Hipsec mailing list >>> Hipsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/hipsec >>> >> >> > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From gonzalo.camarillo@ericsson.com Fri Dec 18 00:39:28 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B5FAD3A67AE for ; Fri, 18 Dec 2009 00:39:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.239 X-Spam-Level: X-Spam-Status: No, score=-6.239 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1RXTpK4XJOrS for ; Fri, 18 Dec 2009 00:39:27 -0800 (PST) Received: from mailgw3.ericsson.se (mailgw3.ericsson.se [193.180.251.60]) by core3.amsl.com (Postfix) with ESMTP id 5D1F33A6813 for ; Fri, 18 Dec 2009 00:39:26 -0800 (PST) X-AuditID: c1b4fb3c-b7b57ae0000005bb-a0-4b2b3eb9e7c1 Received: from esealmw126.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw3.ericsson.se (Symantec Mail Security) with SMTP id 53.27.01467.DBE3B2B4; Fri, 18 Dec 2009 09:35:10 +0100 (CET) Received: from esealmw126.eemea.ericsson.se ([153.88.254.174]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Fri, 18 Dec 2009 09:35:05 +0100 Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Fri, 18 Dec 2009 09:35:05 +0100 Received: from [131.160.37.44] (EV001E681B5FE2.lmf.ericsson.se [131.160.37.44]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 2EC032551; Fri, 18 Dec 2009 10:35:05 +0200 (EET) Message-ID: <4B2B3EB9.3090601@ericsson.com> Date: Fri, 18 Dec 2009 10:35:05 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Andrew McGregor References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> <4B2234EC.3070102@hiit.fi> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 18 Dec 2009 08:35:05.0461 (UTC) FILETIME=[FFBC9A50:01CA7FBC] X-Brightmail-Tracker: AAAAAA== Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2009 08:39:29 -0000 Hi, as Andrew indicates, the whole point of ICE is that it sends probes to see what works and what does not. We should not go off and specify stuff that will be discovered anyway at run time. Cheers, Gonzalo Andrew McGregor wrote: > Ok, but in any case, candidate address probing deals with those issues. > > Andrew > > On 12/12/2009, at 1:02 AM, Miika Komu wrote: > >> Andrew McGregor wrote: >> >> Hi, >> >> it should be short section then, right?) >> >> I basically agree with you. Based on our experimentation, it works but there are some caveats regarding to pairing of addressing. So, sending of packets from src->dst: >> >> Teredo->Teredo: works >> Teredo->IPv6: does not work without a (commercial) relay service >> IPv6->Teredo: works >> IPv6->IPv6: (works :) >> >> Samu, please comment if I got the two middle ones in wrong order. >> >> Also, at least the miredo implementation on linux is good, but not perfect. Some performance-related issues and sometimes HIP packets just don't go through (usually restarting of miredo works). >> >>> Why? It just works, if Teredo is available it's just another IPv6 address. >>> Andrew >>> On 12/12/2009, at 12:49 AM, Miika Komu wrote: >>>> Hi, >>>> >>>> we've done some concrete work on NAT traversal with ICE, but what about Teredo? I think RFC5201 and RFC5206 should have some statements about Teredo-based addresses? >>>> _______________________________________________ >>>> Hipsec mailing list >>>> Hipsec@ietf.org >>>> https://www.ietf.org/mailman/listinfo/hipsec >>>> >> > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From miika.komu@hiit.fi Sat Dec 19 10:27:02 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 24F813A6B38 for ; Sat, 19 Dec 2009 10:27:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.37 X-Spam-Level: X-Spam-Status: No, score=-2.37 tagged_above=-999 required=5 tests=[AWL=0.229, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CJVpZRJ1Vzaj for ; Sat, 19 Dec 2009 10:27:01 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 222043A6B37 for ; Sat, 19 Dec 2009 10:27:01 -0800 (PST) Received: from ip104.infrahip.net (cs27096138.pp.htv.fi [89.27.96.138]) by argo.otaverkko.fi (Postfix) with ESMTP id B4FD325ED0F for ; Sat, 19 Dec 2009 20:26:45 +0200 (EET) Message-ID: <4B2D1AE5.8020908@hiit.fi> Date: Sat, 19 Dec 2009 19:26:45 +0100 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: hip WG Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] a new version of SHIM API draft X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Dec 2009 18:27:02 -0000 Folks, Shinta has submitted a new version of the locator management APIs for HIP and SHIM6: http://tools.ietf.org/html/draft-ietf-shim6-multihome-shim-api Comments are welcome here or preferable at the SHIM6 mailing list: http://www.ietf.org/mailman/listinfo/shim6 Thanks. P.S. Check out the list archives for some recent HIP-related discussion. From miika.komu@hiit.fi Sun Dec 20 06:40:35 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 753763A6897 for ; Sun, 20 Dec 2009 06:40:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.39 X-Spam-Level: X-Spam-Status: No, score=-2.39 tagged_above=-999 required=5 tests=[AWL=0.209, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iKOb6mEgaGaH for ; Sun, 20 Dec 2009 06:40:34 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 50A003A698C for ; Sun, 20 Dec 2009 06:40:33 -0800 (PST) Received: from [192.168.0.2] (cs27096138.pp.htv.fi [89.27.96.138]) by argo.otaverkko.fi (Postfix) with ESMTP id D676025ED11; Sun, 20 Dec 2009 16:40:16 +0200 (EET) Message-ID: <4B2E3757.3080408@hiit.fi> Date: Sun, 20 Dec 2009 16:40:23 +0200 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Gonzalo Camarillo References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> <4B2234EC.3070102@hiit.fi> <4B2B3EB9.3090601@ericsson.com> In-Reply-To: <4B2B3EB9.3090601@ericsson.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Dec 2009 14:40:35 -0000 Gonzalo Camarillo wrote: Hi, running ICE over Teredo works but is potentially a big overkill due to redundant functionality. Some of the results can be predicted as depicted below (and even incorporated in the ICE module if needed). > Hi, > > as Andrew indicates, the whole point of ICE is that it sends probes to > see what works and what does not. We should not go off and specify stuff > that will be discovered anyway at run time. > > Cheers, > > Gonzalo > > Andrew McGregor wrote: >> Ok, but in any case, candidate address probing deals with those issues. >> >> Andrew >> >> On 12/12/2009, at 1:02 AM, Miika Komu wrote: >> >>> Andrew McGregor wrote: >>> >>> Hi, >>> >>> it should be short section then, right?) >>> >>> I basically agree with you. Based on our experimentation, it works >>> but there are some caveats regarding to pairing of addressing. So, >>> sending of packets from src->dst: >>> >>> Teredo->Teredo: works >>> Teredo->IPv6: does not work without a (commercial) relay service >>> IPv6->Teredo: works >>> IPv6->IPv6: (works :) >>> >>> Samu, please comment if I got the two middle ones in wrong order. >>> >>> Also, at least the miredo implementation on linux is good, but not >>> perfect. Some performance-related issues and sometimes HIP packets >>> just don't go through (usually restarting of miredo works). >>> >>>> Why? It just works, if Teredo is available it's just another IPv6 >>>> address. >>>> Andrew >>>> On 12/12/2009, at 12:49 AM, Miika Komu wrote: >>>>> Hi, >>>>> >>>>> we've done some concrete work on NAT traversal with ICE, but what >>>>> about Teredo? I think RFC5201 and RFC5206 should have some >>>>> statements about Teredo-based addresses? >>>>> _______________________________________________ >>>>> Hipsec mailing list >>>>> Hipsec@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/hipsec >>>>> >>> >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec >> > From ari.keranen@nomadiclab.com Sun Dec 20 23:55:39 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B9903A699C for ; Sun, 20 Dec 2009 23:55:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l6Dl3P46N6b4 for ; Sun, 20 Dec 2009 23:55:38 -0800 (PST) Received: from n2.nomadiclab.com (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 42DD43A6860 for ; Sun, 20 Dec 2009 23:55:38 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 5E9601EF12F; Mon, 21 Dec 2009 09:55:21 +0200 (EET) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from n2.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxrMHl8aXGhl; Mon, 21 Dec 2009 09:55:20 +0200 (EET) Received: from [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1] (unknown [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1]) by n2.nomadiclab.com (Postfix) with ESMTP id E217E1EF12E; Mon, 21 Dec 2009 09:55:20 +0200 (EET) Message-ID: <4B2F29E8.8010805@nomadiclab.com> Date: Mon, 21 Dec 2009 09:55:20 +0200 From: Ari Keranen User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: miika.komu@hiit.fi References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> <4B2234EC.3070102@hiit.fi> <4B2B3EB9.3090601@ericsson.com> <4B2E3757.3080408@hiit.fi> In-Reply-To: <4B2E3757.3080408@hiit.fi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2009 07:55:39 -0000 Hi Miika, I think trying to predict the success of NAT traversal is not a good idea if you can't get close to 100% accuracy. You should rather test what works and act accordingly; and that's exactly what ICE does. And if you do ICE and include the Teredo address as the highest prioritized ICE candidate, you'll end up doing connectivity checks only for that candidate before selecting it for use, so there's hardly any overkill. And if the Teredo candidate fails you'll end up using something else that works. Cheers, Ari Miika Komu wrote: > Gonzalo Camarillo wrote: > > Hi, > > running ICE over Teredo works but is potentially a big overkill due to > redundant functionality. Some of the results can be predicted as > depicted below (and even incorporated in the ICE module if needed). > >> Hi, >> >> as Andrew indicates, the whole point of ICE is that it sends probes to >> see what works and what does not. We should not go off and specify >> stuff that will be discovered anyway at run time. >> >> Cheers, >> >> Gonzalo >> >> Andrew McGregor wrote: >>> Ok, but in any case, candidate address probing deals with those issues. >>> >>> Andrew >>> >>> On 12/12/2009, at 1:02 AM, Miika Komu wrote: >>> >>>> Andrew McGregor wrote: >>>> >>>> Hi, >>>> >>>> it should be short section then, right?) >>>> >>>> I basically agree with you. Based on our experimentation, it works >>>> but there are some caveats regarding to pairing of addressing. So, >>>> sending of packets from src->dst: >>>> >>>> Teredo->Teredo: works >>>> Teredo->IPv6: does not work without a (commercial) relay service >>>> IPv6->Teredo: works >>>> IPv6->IPv6: (works :) >>>> >>>> Samu, please comment if I got the two middle ones in wrong order. >>>> >>>> Also, at least the miredo implementation on linux is good, but not >>>> perfect. Some performance-related issues and sometimes HIP packets >>>> just don't go through (usually restarting of miredo works). >>>> >>>>> Why? It just works, if Teredo is available it's just another IPv6 >>>>> address. >>>>> Andrew >>>>> On 12/12/2009, at 12:49 AM, Miika Komu wrote: >>>>>> Hi, >>>>>> >>>>>> we've done some concrete work on NAT traversal with ICE, but what >>>>>> about Teredo? I think RFC5201 and RFC5206 should have some >>>>>> statements about Teredo-based addresses? From gonzalo.camarillo@ericsson.com Mon Dec 21 01:48:04 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2FBA63A6949 for ; Mon, 21 Dec 2009 01:48:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.24 X-Spam-Level: X-Spam-Status: No, score=-6.24 tagged_above=-999 required=5 tests=[AWL=0.009, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8JGCyDr-Ot24 for ; Mon, 21 Dec 2009 01:48:03 -0800 (PST) Received: from mailgw5.ericsson.se (mailgw5.ericsson.se [193.180.251.36]) by core3.amsl.com (Postfix) with ESMTP id D5FC23A685A for ; Mon, 21 Dec 2009 01:48:02 -0800 (PST) X-AuditID: c1b4fb24-b7beeae000003a71-16-4b2f4441aaea Received: from esealmw127.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw5.ericsson.se (Symantec Mail Security) with SMTP id E1.C0.14961.1444F2B4; Mon, 21 Dec 2009 10:47:45 +0100 (CET) Received: from esealmw127.eemea.ericsson.se ([153.88.254.175]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Mon, 21 Dec 2009 10:47:45 +0100 Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Mon, 21 Dec 2009 10:47:44 +0100 Received: from [131.160.126.149] (rvi2-126-149.lmf.ericsson.se [131.160.126.149]) by mail.lmf.ericsson.se (Postfix) with ESMTP id F089324F1; Mon, 21 Dec 2009 11:47:43 +0200 (EET) Message-ID: <4B2F443F.8070900@ericsson.com> Date: Mon, 21 Dec 2009 11:47:43 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: "miika.komu@hiit.fi" References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> <4B2234EC.3070102@hiit.fi> <4B2B3EB9.3090601@ericsson.com> <4B2E3757.3080408@hiit.fi> In-Reply-To: <4B2E3757.3080408@hiit.fi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 21 Dec 2009 09:47:44.0879 (UTC) FILETIME=[A5643FF0:01CA8222] X-Brightmail-Tracker: AAAAAA== Cc: HIP Subject: Re: [Hipsec] Teredo compatibility X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2009 09:48:04 -0000 Hi, trying to predict the outcome of the probes was mainstream thinking a few years ago. ICE was developed when it was pretty clear that prediction just did not work... In any case, the idea in the HIP WG is to specify how to use NAT traversal mechanisms in HIP. If somebody wants to optimize ICE, MMUSIC (or maybe BEHAVE) would probably be the place to do it. Cheers, Gonzalo Miika Komu wrote: > Gonzalo Camarillo wrote: > > Hi, > > running ICE over Teredo works but is potentially a big overkill due to > redundant functionality. Some of the results can be predicted as > depicted below (and even incorporated in the ICE module if needed). > >> Hi, >> >> as Andrew indicates, the whole point of ICE is that it sends probes to >> see what works and what does not. We should not go off and specify stuff >> that will be discovered anyway at run time. >> >> Cheers, >> >> Gonzalo >> >> Andrew McGregor wrote: >>> Ok, but in any case, candidate address probing deals with those issues. >>> >>> Andrew >>> >>> On 12/12/2009, at 1:02 AM, Miika Komu wrote: >>> >>>> Andrew McGregor wrote: >>>> >>>> Hi, >>>> >>>> it should be short section then, right?) >>>> >>>> I basically agree with you. Based on our experimentation, it works >>>> but there are some caveats regarding to pairing of addressing. So, >>>> sending of packets from src->dst: >>>> >>>> Teredo->Teredo: works >>>> Teredo->IPv6: does not work without a (commercial) relay service >>>> IPv6->Teredo: works >>>> IPv6->IPv6: (works :) >>>> >>>> Samu, please comment if I got the two middle ones in wrong order. >>>> >>>> Also, at least the miredo implementation on linux is good, but not >>>> perfect. Some performance-related issues and sometimes HIP packets >>>> just don't go through (usually restarting of miredo works). >>>> >>>>> Why? It just works, if Teredo is available it's just another IPv6 >>>>> address. >>>>> Andrew >>>>> On 12/12/2009, at 12:49 AM, Miika Komu wrote: >>>>>> Hi, >>>>>> >>>>>> we've done some concrete work on NAT traversal with ICE, but what >>>>>> about Teredo? I think RFC5201 and RFC5206 should have some >>>>>> statements about Teredo-based addresses? >>>>>> _______________________________________________ >>>>>> Hipsec mailing list >>>>>> Hipsec@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/hipsec >>>>>> >>> _______________________________________________ >>> Hipsec mailing list >>> Hipsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/hipsec >>> > From rgm@htt-consult.com Tue Dec 22 07:01:04 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 32EFA3A695C for ; Tue, 22 Dec 2009 07:01:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.323 X-Spam-Level: X-Spam-Status: No, score=-1.323 tagged_above=-999 required=5 tests=[AWL=-1.138, BAYES_40=-0.185] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RSLZYdCP02Qk for ; Tue, 22 Dec 2009 07:01:03 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 519CB3A67F9 for ; Tue, 22 Dec 2009 07:01:02 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 0CF0E68A8C for ; Tue, 22 Dec 2009 15:58:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SSlOvx5BWUCz for ; Tue, 22 Dec 2009 10:58:43 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id F407868149 for ; Tue, 22 Dec 2009 10:58:36 -0500 (EST) Message-ID: <4B30DF8A.5060201@htt-consult.com> Date: Tue, 22 Dec 2009 10:02:34 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] The Host Identity Hash X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Dec 2009 15:01:04 -0000 A **NEW** acronym for HIP: HIH ::= Host Identity Hash This is the Hash used to produce the HIT from the HI, via the ORCHID algorithm. This definition will be added to 4423-bis and anyone with a better acronym is welcome to speak up. From miika.komu@hiit.fi Mon Dec 28 08:04:55 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 752AE3A684F for ; Mon, 28 Dec 2009 08:04:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CTx5wPlmYhW9 for ; Mon, 28 Dec 2009 08:04:54 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id AAE283A6805 for ; Mon, 28 Dec 2009 08:04:53 -0800 (PST) Received: from ip104.infrahip.net (87-94-236-71.bb.dnainternet.fi [87.94.236.71]) by argo.otaverkko.fi (Postfix) with ESMTP id 2E18725ED06; Mon, 28 Dec 2009 18:04:34 +0200 (EET) Message-ID: <4B38D711.8040309@hiit.fi> Date: Mon, 28 Dec 2009 17:04:33 +0100 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Robert Moskowitz References: <4B27D4B9.1090002@htt-consult.com> In-Reply-To: <4B27D4B9.1090002@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Depricate MD5 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2009 16:04:55 -0000 Robert Moskowitz wrote: +1 > I propose to totally remove references to MD5 from HIP. > > this seems to only impact HIP_TRANSFORM > > #3 & #6 will be changed to: "Unused". From miika.komu@hiit.fi Mon Dec 28 08:05:28 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA0ED3A6805 for ; Mon, 28 Dec 2009 08:05:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F-eDzYFtn71s for ; Mon, 28 Dec 2009 08:05:27 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id C39393A687B for ; Mon, 28 Dec 2009 08:05:27 -0800 (PST) Received: from ip104.infrahip.net (87-94-236-71.bb.dnainternet.fi [87.94.236.71]) by argo.otaverkko.fi (Postfix) with ESMTP id 8B47225ED06; Mon, 28 Dec 2009 18:05:08 +0200 (EET) Message-ID: <4B38D734.1060407@hiit.fi> Date: Mon, 28 Dec 2009 17:05:08 +0100 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Robert Moskowitz References: <4B27C413.1030809@htt-consult.com> In-Reply-To: <4B27C413.1030809@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] Major change to KEYMAT X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2009 16:05:28 -0000 Robert Moskowitz wrote: Hi, > I am leaning heavily to change the KEYMAT process to using > http://www.ietf.org/id/draft-krawczyk-hkdf-00.txt +1 assuming that this is going to adopted as a network WG official draft? > The HITs will be the INFO fed into the Expand step, but there is a > deficiency in the current KEYMAT WRT the SALT for the Extract phase. > > Currently we have I and J used in KEYMAT, but both J is not truly > sourced from the Initiator, it is influenced by I from the Responder. > And both are too short by 'accept practices' that each NONCE is twice > the size of the desired master key. > > So there should be a NONCE1 in R1 and NONCE2 in I2. I think that NONCE1 > SHOULD be echoed back in I2. There's already echo parameters in the base exchange, so they should be just mandatory. > The NONCE length is variable, 256, 384, or 512 depending on the key size > needed? Which raises the question of where we control key length for > AES? We are probably defaulting to 128 and not allowing for larger key > lengths? What about fixing the key sizes in the transform suite id definitions and providing new definitions with larger sizes when needed? From miika.komu@hiit.fi Mon Dec 28 08:05:46 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABDE53A6892 for ; Mon, 28 Dec 2009 08:05:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v1NhW3RMTsD8 for ; Mon, 28 Dec 2009 08:05:45 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id A97A33A6805 for ; Mon, 28 Dec 2009 08:05:45 -0800 (PST) Received: from ip104.infrahip.net (87-94-236-71.bb.dnainternet.fi [87.94.236.71]) by argo.otaverkko.fi (Postfix) with ESMTP id 6FD4A25ED06; Mon, 28 Dec 2009 18:05:26 +0200 (EET) Message-ID: <4B38D746.7040006@hiit.fi> Date: Mon, 28 Dec 2009 17:05:26 +0100 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Robert Moskowitz References: <4B28F857.2010908@htt-consult.com> In-Reply-To: <4B28F857.2010908@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] 4423-bis new section -- HIP and MAC Security X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2009 16:05:46 -0000 Robert Moskowitz wrote: Hi, sounds ok to me. > I am proposing a new section in 4423-bis. Please comment/improve: > > 8. HIP and MAC Security > > The IEEE 802 standards have been defining MAC layered security. Many > of these standards use EAP [ref!] as a Key Management System (KMS) > transport, but some like IEEE 802.15.4 [ref!] leave the KMS and its > transport as "Out of Scope". > > HIP is well suited as a KMS in these environments. > > o HIP is independent of IP addressing and can be directly > transported over any network protocol. > > o Master Keys in 802 protocols are strictly pair-based with group > keys transported from the group controller using pair-wise keys. > > o AdHoc 802 networks can be better served by a peer-to-peer KMS than > the EAP client/server model. > > o Some devices are very memory constrained and a common KMS for both > MAC and IP security represents a considerable code savings. > > > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From miika.komu@hiit.fi Mon Dec 28 08:06:12 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 91DEE3A679C for ; Mon, 28 Dec 2009 08:06:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RJmbTH0LL3Az for ; Mon, 28 Dec 2009 08:06:11 -0800 (PST) Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 63B923A635F for ; Mon, 28 Dec 2009 08:06:11 -0800 (PST) Received: from ip104.infrahip.net (87-94-236-71.bb.dnainternet.fi [87.94.236.71]) by argo.otaverkko.fi (Postfix) with ESMTP id 2CFD325ED06; Mon, 28 Dec 2009 18:05:52 +0200 (EET) Message-ID: <4B38D75F.7050802@hiit.fi> Date: Mon, 28 Dec 2009 17:05:51 +0100 From: Miika Komu User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Robert Moskowitz References: <4B30DF8A.5060201@htt-consult.com> In-Reply-To: <4B30DF8A.5060201@htt-consult.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] The Host Identity Hash X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: miika.komu@hiit.fi List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2009 16:06:12 -0000 Robert Moskowitz wrote: Hi, > A **NEW** acronym for HIP: > > HIH ::= Host Identity Hash > > This is the Hash used to produce the HIT from the HI, via the ORCHID > algorithm. > > This definition will be added to 4423-bis and anyone with a better > acronym is welcome to speak up. what about some more intuitive term such as HIP fingerprint? It doesn't have to be an acronym. From root@core3.amsl.com Tue Dec 29 04:45:02 2009 Return-Path: X-Original-To: hipsec@ietf.org Delivered-To: hipsec@core3.amsl.com Received: by core3.amsl.com (Postfix, from userid 0) id 4DC683A680C; Tue, 29 Dec 2009 04:45:02 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20091229124502.4DC683A680C@core3.amsl.com> Date: Tue, 29 Dec 2009 04:45:02 -0800 (PST) Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action:draft-ietf-hip-native-api-11.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2009 12:45:02 -0000 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol Working Group of the IETF. Title : Basic Socket Interface Extensions for Host Identity Protocol (HIP) Author(s) : M. Komu, T. Henderson Filename : draft-ietf-hip-native-api-11.txt Pages : 19 Date : 2009-12-29 This document defines extensions to the current sockets API for the Host Identity Protocol (HIP). The extensions focus on the use of public-key based identifiers discovered via DNS resolution, but define also interfaces for manual bindings between HITs and locators. With the extensions, the application can also support more relaxed security models where the communication can be non-HIP based, according to local policies. The extensions in this document are experimental and provide basic tools for further experimentation with policies. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on July 2, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-11.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-hip-native-api-11.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-12-29044306.I-D@ietf.org> --NextPart-- From julienl@qualcomm.com Tue Dec 29 13:54:47 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3C4533A6970 for ; Tue, 29 Dec 2009 13:54:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.518 X-Spam-Level: X-Spam-Status: No, score=-105.518 tagged_above=-999 required=5 tests=[AWL=1.081, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y45HiPKFD7Yt for ; Tue, 29 Dec 2009 13:54:46 -0800 (PST) Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by core3.amsl.com (Postfix) with ESMTP id 328F23A68DD for ; Tue, 29 Dec 2009 13:54:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1262123667; x=1293659667; h=from:to:cc:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version; z=From:=20"Laganier,=20Julien"=20 |To:=20"miika.komu@hiit.fi"=20,=0D=0A =20=20=20=20=20=20=20=20Robert=20Moskowitz=0D=0A=09|CC:=20HIP=20|Date:=20Tue ,=2029=20Dec=202009=2013:54:17=20-0800|Subject:=20RE:=20[ Hipsec]=20The=20Host=20Identity=20Hash|Thread-Topic:=20[H ipsec]=20The=20Host=20Identity=20Hash|Thread-Index:=20Acq H16OVbmFwnUMrQeWzh/3WRbhFygA+aZ/g|Message-ID:=20|References:=20<4B30DF8A.5060201@htt-consult.com> =20<4B38D75F.7050802@hiit.fi>|In-Reply-To:=20<4B38D75F.70 50802@hiit.fi>|Accept-Language:=20en-US|Content-Language: =20en-US|X-MS-Has-Attach:|X-MS-TNEF-Correlator: |acceptlanguage:=20en-US|Content-Type:=20text/plain=3B=20 charset=3D"us-ascii"|Content-Transfer-Encoding:=20quoted- printable|MIME-Version:=201.0; bh=/HDPEscq65u2XnR8WDeB3ImkF3WgtAzyi6yuXA4Qhfw=; b=RhqhmgNY60anbxEkk/bfhEKzj3ehTpm1cSKHTfw2zCzAxIRpjEEOmuNA TDclGA3ob9cUbOuQGXr0WCUn9TSDJ5JXQPIWrmMZnKC2K8gd9fjw6M8yU r5QooNoM+bm3+ZB4YC/Jcpfai3Kpix+YSpPZwf05Itk8Hfhr6Tva1MeK4 E=; X-IronPort-AV: E=McAfee;i="5400,1158,5846"; a="31095192" Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine01.qualcomm.com with ESMTP; 29 Dec 2009 13:54:20 -0800 Received: from ironstorm.qualcomm.com (ironstorm.qualcomm.com [172.30.39.153]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nBTLsKYS012822 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Tue, 29 Dec 2009 13:54:20 -0800 X-IronPort-AV: E=Sophos;i="4.47,470,1257148800"; d="scan'208";a="28027996" Received: from nasanexhub06.na.qualcomm.com ([129.46.134.254]) by ironstorm.qualcomm.com with ESMTP/TLS/RC4-MD5; 29 Dec 2009 13:54:20 -0800 Received: from nalasexhub04.na.qualcomm.com (10.47.130.55) by nasanexhub06.na.qualcomm.com (129.46.134.254) with Microsoft SMTP Server (TLS) id 8.2.176.0; Tue, 29 Dec 2009 13:54:19 -0800 Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.114]) by nalasexhub04.na.qualcomm.com ([10.47.130.55]) with mapi; Tue, 29 Dec 2009 13:54:19 -0800 From: "Laganier, Julien" To: "miika.komu@hiit.fi" , Robert Moskowitz Date: Tue, 29 Dec 2009 13:54:17 -0800 Thread-Topic: [Hipsec] The Host Identity Hash Thread-Index: AcqH16OVbmFwnUMrQeWzh/3WRbhFygA+aZ/g Message-ID: References: <4B30DF8A.5060201@htt-consult.com> <4B38D75F.7050802@hiit.fi> In-Reply-To: <4B38D75F.7050802@hiit.fi> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: HIP Subject: Re: [Hipsec] The Host Identity Hash X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2009 21:54:47 -0000 Miika Komu wrote: >=20 > Robert Moskowitz wrote: >=20 > Hi, >=20 > > A **NEW** acronym for HIP: > > > > HIH ::=3D Host Identity Hash > > > > This is the Hash used to produce the HIT from the HI, via the ORCHID > > algorithm. > > > > This definition will be added to 4423-bis and anyone with a better > > acronym is welcome to speak up. >=20 > what about some more intuitive term such as HIP fingerprint? It doesn't > have to be an acronym. The HIP fingerprint would be the output of the hash, i.e. the HIT, not the = hash used to produce it. --julien From rgm@htt-consult.com Tue Dec 29 15:08:59 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 062163A6940 for ; Tue, 29 Dec 2009 15:08:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.497 X-Spam-Level: X-Spam-Status: No, score=-2.497 tagged_above=-999 required=5 tests=[AWL=0.102, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tw4oUhymY+ip for ; Tue, 29 Dec 2009 15:08:58 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 284C73A67C0 for ; Tue, 29 Dec 2009 15:08:57 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id E016A68A8B; Wed, 30 Dec 2009 00:06:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1lvNXdaSY6TG; Tue, 29 Dec 2009 19:06:28 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 00D316818E; Tue, 29 Dec 2009 19:06:27 -0500 (EST) Message-ID: <4B3A8C8E.2020300@htt-consult.com> Date: Tue, 29 Dec 2009 18:11:10 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: "Laganier, Julien" References: <4B30DF8A.5060201@htt-consult.com> <4B38D75F.7050802@hiit.fi> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: HIP Subject: Re: [Hipsec] The Host Identity Hash X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2009 23:08:59 -0000 Laganier, Julien wrote: > Miika Komu wrote: > >> Robert Moskowitz wrote: >> >> Hi, >> >> >>> A **NEW** acronym for HIP: >>> >>> HIH ::= Host Identity Hash >>> >>> This is the Hash used to produce the HIT from the HI, via the ORCHID >>> algorithm. >>> >>> This definition will be added to 4423-bis and anyone with a better >>> acronym is welcome to speak up. >>> >> what about some more intuitive term such as HIP fingerprint? It doesn't >> have to be an acronym. >> > > The HIP fingerprint would be the output of the hash, i.e. the HIT, not the hash used to produce it. Thanks, Julien. I was trying to figure out why "HIP fingerprint" did not roll around right in my mind. From rgm@htt-consult.com Wed Dec 30 04:33:21 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF0EE3A67EE for ; Wed, 30 Dec 2009 04:33:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.5 X-Spam-Level: X-Spam-Status: No, score=-2.5 tagged_above=-999 required=5 tests=[AWL=0.099, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HlEJhacYNtYK for ; Wed, 30 Dec 2009 04:33:20 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id A0E013A67CF for ; Wed, 30 Dec 2009 04:33:20 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 6B86568A8B for ; Wed, 30 Dec 2009 13:30:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7lGZ2rpZrZdP for ; Wed, 30 Dec 2009 08:30:48 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 803B76818E for ; Wed, 30 Dec 2009 08:30:48 -0500 (EST) Message-ID: <4B3B4917.2070505@htt-consult.com> Date: Wed, 30 Dec 2009 07:35:35 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org References: <4B30DF8A.5060201@htt-consult.com> <4B38D75F.7050802@hiit.fi> <4B3A8C8E.2020300@htt-consult.com> <4B3B3D84.4050509@hiit.fi> In-Reply-To: <4B3B3D84.4050509@hiit.fi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Hipsec] The Host Identity Hash X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2009 12:33:21 -0000 Miika Komu wrote: > Robert Moskowitz wrote: > > Hi, > > what about Host Identity Digest (HID)? Much like fingerprint. A digest is the reduction. So it would be Host Identity Digestor. HID is actually kind of fun for an acronym. It roles nicely around my mind; which has a peculular warp and weave... > You can try also this to find all the possible combinations: > > http://acronymcreator.net/ > >> Laganier, Julien wrote: >>> Miika Komu wrote: >>> >>>> Robert Moskowitz wrote: >>>> >>>> Hi, >>>> >>>> >>>>> A **NEW** acronym for HIP: >>>>> >>>>> HIH ::= Host Identity Hash >>>>> >>>>> This is the Hash used to produce the HIT from the HI, via the ORCHID >>>>> algorithm. >>>>> >>>>> This definition will be added to 4423-bis and anyone with a better >>>>> acronym is welcome to speak up. >>>>> >>>> what about some more intuitive term such as HIP fingerprint? It >>>> doesn't >>>> have to be an acronym. >>>> >>> >>> The HIP fingerprint would be the output of the hash, i.e. the HIT, >>> not the hash used to produce it. >> >> Thanks, Julien. >> >> I was trying to figure out why "HIP fingerprint" did not roll around >> right in my mind. >> >> > > From rgm@htt-consult.com Wed Dec 30 04:54:56 2009 Return-Path: X-Original-To: hipsec@core3.amsl.com Delivered-To: hipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 057B03A68A9 for ; Wed, 30 Dec 2009 04:54:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.502 X-Spam-Level: X-Spam-Status: No, score=-2.502 tagged_above=-999 required=5 tests=[AWL=0.097, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bA41O+c1abUp for ; Wed, 30 Dec 2009 04:54:55 -0800 (PST) Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id E55A13A67EE for ; Wed, 30 Dec 2009 04:54:54 -0800 (PST) Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 08F7668A8B for ; Wed, 30 Dec 2009 13:52:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at localhost Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vl8Va3erGJ0C for ; Wed, 30 Dec 2009 08:52:22 -0500 (EST) Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 64FE76818E for ; Wed, 30 Dec 2009 08:52:22 -0500 (EST) Message-ID: <4B3B4E25.6060807@htt-consult.com> Date: Wed, 30 Dec 2009 07:57:09 -0500 From: Robert Moskowitz User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: hipsec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Hipsec] FW: New Version Notification for draft-moskowitz-hip-rfc4423-bis-01 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2009 12:54:56 -0000 Met my objective to at least get 4423-bis out in December. This version has actual revised and new text. It has all that **I** think is needed. It DOES have HIH which is open to change if we come up with something better.... 5201-bis is a LOT more work, and I hope to have it done before I go off to 802 meetings... -----Original Message----- From: IETF I-D Submission Tool [mailto:idsubmission@ietf.org] Sent: Wednesday, December 30, 2009 7:36 AM To: robert.moskowitz@icsalabs.com Cc: pekka.nikander@nomadiclab.com Subject: New Version Notification for draft-moskowitz-hip-rfc4423-bis-01 A new version of I-D, draft-moskowitz-hip-rfc4423-bis-01.txt has been successfuly submitted by Robert Moskowitz and posted to the IETF repository. Filename: draft-moskowitz-hip-rfc4423-bis Revision: 01 Title: Host Identity Protocol Architecture Creation_date: 2009-12-28 WG ID: Independent Submission Number_of_pages: 27 Abstract: This memo describes a new namespace, the Host Identity namespace, and a new protocol layer, the Host Identity Protocol, between the internetworking and transport layers. Herein are presented the basics of the current namespaces, their strengths and weaknesses, and how a new namespace will add completeness to them. The roles of this new namespace in the protocols are defined. This document obsoletes RFC 4423 and addresses the concerns raised by the IESG, particularly that of crypto agility. It also incorporates lessons learned from the implementations of RFC 5201. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on July 1, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. The IETF Secretariat.