From nobody Wed Oct 8 23:23:53 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC5971A9109 for ; Wed, 8 Oct 2014 23:23:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.667 X-Spam-Level: X-Spam-Status: No, score=-1.667 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sSd1TygovsKF for ; Wed, 8 Oct 2014 23:23:50 -0700 (PDT) Received: from gproxy3-pub.mail.unifiedlayer.com (gproxy3-pub.mail.unifiedlayer.com [69.89.30.42]) by ietfa.amsl.com (Postfix) with SMTP id 7E9441A9108 for ; Wed, 8 Oct 2014 23:23:49 -0700 (PDT) Received: (qmail 4757 invoked by uid 0); 9 Oct 2014 06:23:47 -0000 Received: from unknown (HELO cmgw3) (10.0.90.84) by gproxy3.mail.unifiedlayer.com with SMTP; 9 Oct 2014 06:23:47 -0000 Received: from box528.bluehost.com ([74.220.219.128]) by cmgw3 with id 10Pc1p00H2molgS010PfjU; Thu, 09 Oct 2014 06:23:46 -0600 X-Authority-Analysis: v=2.1 cv=F6LEKMRN c=1 sm=1 tr=0 a=K/474su/0lCI2gKrDs9DLw==:117 a=K/474su/0lCI2gKrDs9DLw==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ZSdzdHkL1-cA:10 a=q7J0aIbBmN8A:10 a=IkcTkHD0fZMA:10 a=HYWc1YUsAAAA:8 a=IA_2sfgTpx8A:10 a=rREcAdlOb-AA:10 a=48vgC7mUAAAA:8 a=YriUG0bCzAKuYgWAVIUA:9 a=QEXdDO2ut3YA:10 a=WyxMGLgPp9AA:10 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tomh.org; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=9KzpyD8v5qMiSX4yZzMxJcnR6KkfglecUsKq1MgkMN0=; b=qHIjB0iApSXgsjDeMXzOhO0mmzLyD2hTkRadAm/2lF6b3611CVg8UCOH3mqHwuBDG/34+hQqOwO+UiR6n5uDEXOEFnzLUVgznH8KwPSj9jz/cvVtXqnv/Nhqr/ip9ktO; Received: from [71.231.123.189] (port=52940 helo=[192.168.168.42]) by box528.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1Xc78T-0000Qg-DO; Thu, 09 Oct 2014 00:23:37 -0600 Message-ID: <543629E6.8030802@tomh.org> Date: Wed, 08 Oct 2014 23:23:34 -0700 From: Tom Henderson User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Julien Laganier References: <5420863E.1060608@tomh.org> <20140922212826.5048E216C3B@bikeshed.isc.org> <54210668.4050605@tomh.org> <20140923112746.EA16C216C3B@bikeshed.isc.org> <542991A8.4020908@tomh.org> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {3122:box528.bluehost.com:tomhorg:tomh.org} {sentby:smtp auth 71.231.123.189 authed with tomh@tomh.org} Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/eUHefgLrWpvomMs0co47af4nhg0 Cc: HIP , Francis Dupont Subject: Re: [Hipsec] Antwort: Re: clarification on HIT Suite IDs X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2014 06:23:51 -0000 I've created a preview draft version 20 that makes the changes described in this post: http://www.ietf.org/mail-archive/web/hipsec/current/msg03975.html I also created a diff file between -19 and -20-pre and trimmed out the non-substantive parts. I attached both of these files to this ticket, for review: http://trac.tools.ietf.org/wg/hip/trac/ticket/51 If there is WG consensus to request to make these changes, then I'll ask for guidance on what to do next (publish a new draft, or handle another way). - Tom From nobody Thu Oct 9 09:55:27 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB2451AC7E7 for ; Thu, 9 Oct 2014 09:55:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.936 X-Spam-Level: X-Spam-Status: No, score=-1.936 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id edDUF1cHdxsu for ; Thu, 9 Oct 2014 09:55:21 -0700 (PDT) Received: from mx-out-1.rwth-aachen.de (mx-out-1.rwth-aachen.de [134.130.5.186]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA1B81ABD35 for ; Thu, 9 Oct 2014 09:55:20 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.04,686,1406584800"; d="p7s'?scan'208";a="353406208" Received: from mail-i4.nets.rwth-aachen.de ([137.226.12.21]) by mx-1.rz.rwth-aachen.de with ESMTP; 09 Oct 2014 18:55:18 +0200 Received: from messenger.nets.rwth-aachen.de (messenger.nets.rwth-aachen.de [137.226.13.40]) by mail-i4.nets.rwth-aachen.de (Postfix) with ESMTP id A919413DAC2; Thu, 9 Oct 2014 18:55:18 +0200 (CEST) Received: from MESSENGER.nets.rwth-aachen.de ([fe80::d4e:bb9d:9e0:bfee]) by MESSENGER.nets.rwth-aachen.de ([fe80::d4e:bb9d:9e0:bfee%12]) with mapi id 14.01.0218.012; Thu, 9 Oct 2014 18:55:18 +0200 From: Rene Hummen To: Tom Henderson Thread-Topic: [Hipsec] Antwort: Re: clarification on HIT Suite IDs Thread-Index: AQHP3AFN97ZF10cpAkSCBzb5VduNeZwYNfgAgAANKQCADvZwAIAAsH2A Date: Thu, 9 Oct 2014 16:55:17 +0000 Message-ID: <3E6747D3-A24D-42DF-A7DA-3613B7DE90E4@comsys.rwth-aachen.de> References: <5420863E.1060608@tomh.org> <20140922212826.5048E216C3B@bikeshed.isc.org> <54210668.4050605@tomh.org> <20140923112746.EA16C216C3B@bikeshed.isc.org> <542991A8.4020908@tomh.org> <543629E6.8030802@tomh.org> In-Reply-To: <543629E6.8030802@tomh.org> Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [37.201.228.166] Content-Type: multipart/signed; boundary="Apple-Mail=_77F1A03C-64B7-4270-8753-0352764CB1B3"; protocol="application/pkcs7-signature"; micalg=sha1 MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/AHtkBQFgNb7Sa7E-c-FIt_zjoTo Cc: Julien Laganier , Francis Dupont , HIP Subject: Re: [Hipsec] Antwort: Re: clarification on HIT Suite IDs X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2014 16:55:25 -0000 --Apple-Mail=_77F1A03C-64B7-4270-8753-0352764CB1B3 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Hi Tom, I am not sure if we there was an answer to this question before. Why = don=92t we simply use the four lower-order bits in the HIT_SUITE_LIST ID = field to convey the HIT Suites ID? That would definitely make the = mapping between HIT Suites IDs and OGA IDs much clearer as the 4-bit and = the 8-bit values would be the same. Moreover, I thought we would skip = the part about using larger HIT suite IDs _in the main protocol = specification_. I like your added text in the IANA consideration though.=20= My proposed changes are inline based on your provided diff: 31 @@ -3099,8 +3099,11 @@ 32 host. Each HIT Suite ID is one octet long. = The four 33 higher-order bits of the ID field = correspond to the 34 HIT Suite ID in the ORCHID OGA field. The = four 35 - lower-order bits are reserved and set to 0 = and 36 - ignored by the receiver. 37 + lower-order bits are reserved and set to 0 = by 38 + the sender. The reception of an ID with = the 39 + four lower-order bits not set to 0 should = be 40 + considered as an error that MAY result in a 41 + NOTIFICATION of type UNSUPPORTED_HIT_SUITE. I think the =93should=94 should be a =93SHOULD=94. Combined, with my = above suggestion, we could rephrase your revised text as follows: =93The reception of a HIT Suite ID with one of the four = higher-order bits set to 1 SHOULD be considered as an error. This error = MAY trigger a NOTIFICATION message of type UNSUPPORTED_HIT_SUITE." @@ -3115,13 +3118,55 @@ 46 the ID field. Future documents may define the use of the = four lower- 47 order bits in the ID field. The above paragraph about extending the HIT Suite ID space from 4 to 8 = bit could be removed from the main protocol specification. I don=92t = think there is anything weird about an 8-byte HIT Suite ID field = alignment in the HIT_SUITE_LIST parameter (if we change the HIT Suite ID = spec from, e.g., 0x10 to 0x01).=20 49 - The following HIT Suites ID are defined: 50 + The following HIT Suites ID are defined, and the = relationship between 51 + the four-bit ID value used in the OGA ID field, and the = eight-bit 52 + encoding within the HIT_SUITE_LIST ID field, is clarified: 53 + 54 + HIT Suite Four-bit ID Eight-bit encoding 55 + RESERVED 0 0x00 56 + RSA,DSA/SHA-256 1 0x10 = (REQUIRED) 57 + ECDSA/SHA-384 2 0x20 = (RECOMMENDED) 58 + ECDSA_LOW/SHA-1 3 0x30 = (RECOMMENDED) This could remain as in -19 because 4-bit and 8-bit values would not = differ. 100 + The hash of the responder as defined in the HIT Suite = determines the 101 + HMAC to be used for the HMAC parameter. The HMACs currently = defined 102 + here are HMAC-SHA-256 [RFC4868], HMAC-SHA-384 [RFC4868], and = HMAC- 103 + SHA-1 [RFC2404]. This appears to be a small editorial mistake: =93HMAC parameter=94 -> = =93HIP_MAC and HIP_MAC_2 parameters=94. To be precise, the hash function = specifies the RHASH, which in turn determines the hash function to be = used for HMAC. RHASH is also used as the key derivation function. 135 @@ -6019,13 +6075,17 @@ 136 HIT Suite ID reduces the cryptographic strength of the = HIT. HIT 137 Suite IDs must be allocated carefully to avoid namespace 138 exhaustion. Moreover, deprecated IDs should be reused = after an 139 - appropriate time span. If 16 Suite IDs prove = insufficient and 140 - more HIT Suite IDs are needed concurrently, more bits can = be used 141 - for the HIT Suite ID by using one HIT Suite ID (0) to = indicate 142 - that more bits should be used. The HIT_SUITE_LIST = parameter 143 - already supports 8-bit HIT Suite IDs, should longer IDs = be needed. 144 - Possible extensions of the HIT Suite ID space to = accommodate eight 145 - bits and new HIT Suite IDs are defined through IETF = Review. 146 + appropriate time span. If 15 Suite IDs (the zero value = is 147 + initially reserved) prove to be insufficient and more HIT = Suite 148 + IDs are needed concurrently, more bits can be used for = the HIT 149 + Suite ID by using one HIT Suite ID (0) to indicate that = more bits 150 + should be used. The HIT_SUITE_LIST parameter already = supports 151 + 8-bit HIT Suite IDs, should longer IDs be needed. = However, RFC 152 + 7343 [RFC7343] does not presently support such an = extension, and 153 + the rollover approach described in Appendix E is = suggested to be 154 + tried first. Possible extensions of the HIT Suite ID = space to 155 + accommodate eight bits and new HIT Suite IDs are defined = through 156 + IETF Review. This nicely captures the intended procedure. BR Ren=E9 On 09 Oct 2014, at 08:23, Tom Henderson wrote: > I've created a preview draft version 20 that makes the changes = described in this post: >=20 > http://www.ietf.org/mail-archive/web/hipsec/current/msg03975.html >=20 > I also created a diff file between -19 and -20-pre and trimmed out the = non-substantive parts. >=20 > I attached both of these files to this ticket, for review: > http://trac.tools.ietf.org/wg/hip/trac/ticket/51 >=20 > If there is WG consensus to request to make these changes, then I'll = ask for guidance on what to do next (publish a new draft, or handle = another way). >=20 > - Tom >=20 > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec -- Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and Distributed Systems RWTH Aachen University, Germany tel: +49 241 80 21426 web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ --Apple-Mail=_77F1A03C-64B7-4270-8753-0352764CB1B3 Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOGzCCBCEw ggMJoAMCAQICAgDHMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNEZXV0 c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQD ExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAeFw0wNjEyMTkxMDI5MDBaFw0xOTA2MzAyMzU5 MDBaMFoxCzAJBgNVBAYTAkRFMRMwEQYDVQQKEwpERk4tVmVyZWluMRAwDgYDVQQLEwdERk4tUEtJ MSQwIgYDVQQDExtERk4tVmVyZWluIFBDQSBHbG9iYWwgLSBHMDEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDpm8NnhfkNrvWNVMOWUDU9YuluTO2U1wBblSJ01CDrNI/W7MAxBAuZgeKm FNJSoCgjhIt0iQReW+DieMF4yxbLKDU5ey2QRdDtoAB6fL9KDhsAw4bpXCsxEXsM84IkQ4wcOItq aACa7txPeKvSxhObdq3u3ibo7wGvdA/BCaL2a869080UME/15eOkyGKbghoDJzANAmVgTe3RCSMq ljVYJ9N2xnG2kB3E7f81hn1vM7PbD8URwoqDoZRdQWvY0hD1TP3KUazZve+Sg7va64sWVlZDz+HV Ez2mHycwzUlU28kTNJpxdcVs6qcLmPkhnSevPqM5OUhqjK3JmfvDEvK9AgMBAAGjgdkwgdYwcAYD VR0fBGkwZzBloGOgYYZfaHR0cDovL3BraS50ZWxlc2VjLmRlL2NnaS1iaW4vc2VydmljZS9hZl9E b3dubG9hZEFSTC5jcmw/LWNybF9mb3JtYXQ9WF81MDkmLWlzc3Vlcj1EVF9ST09UX0NBXzIwHQYD VR0OBBYEFEm3xs/oPR9/6kR7Eyn38QpwPt5kMB8GA1UdIwQYMBaAFDHDeRu69VPXF+CJei0XbAqz K50zMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMA0GCSqGSIb3DQEBBQUAA4IB AQA74Vp3wEgX3KkY7IGvWonwvSiSpspZGBJw7Cjy565/lizn8l0ZMfYTK3S9vYCyufdnyTmieTvh ERHua3iRM347XyYndVNljjNj7s9zw7CSI0khUHUjoR8Y4pSFPT8z6XcgjaK95qGFKUD2P3MyWA0J a6bahWzAP7uNZmRWJE6uDT8yNQFb6YyC2XJZT7GGhfF0hVblw/hc843uR7NTBXDn5U2KaYMo4RMJ hp5eyOpYHgwf+aTUWgRo/Sg+iwK2WLX2oSw3VwBnqyNojWOl75lrXP1LVvarQIc01BGSbOyHxQoL BzNytG8MHVQs2FHHzL8w00Ny8TK/jM5JY6gA9/IcMIIE6DCCA9CgAwIBAgIECfJ04DANBgkqhkiG 9w0BAQUFADBaMQswCQYDVQQGEwJERTETMBEGA1UEChMKREZOLVZlcmVpbjEQMA4GA1UECxMHREZO LVBLSTEkMCIGA1UEAxMbREZOLVZlcmVpbiBQQ0EgR2xvYmFsIC0gRzAxMB4XDTA3MDIxNDExNDkz OFoXDTE5MDIxMzAwMDAwMFowXjELMAkGA1UEBhMCREUxFDASBgNVBAoTC1JXVEggQWFjaGVuMRcw FQYDVQQDEw5SV1RIIEFhY2hlbiBDQTEgMB4GCSqGSIb3DQEJARYRY2FAcnd0aC1hYWNoZW4uZGUw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4MAhk48jcelLfNUI5kvMv+CF54xJnL4x/ cJQnN2NId6CJ3fqs0siO2exIACfzdjxOUpQ6ZFOn5pdTvTi7stnk8WAaP/d9LFd8k9Gbxjh7xh3L +0a3ac+/tHJcX564ntUxGtVGMuShEoUaZUT5fw97TL36UJ8OqXLrqpdAKcFKaJ+pgRp2gTLj4MNU MPjA4GlstpjoLnT++qFm7t/ZS92/E3OqNJUwHH6C35vSroVscmg+a7XxT6U4JO99MYxNcTIMzhPS 9Ytp+302w7i51daBjr0hFGPK0nLSV6gv77zBSFJ7AVGJJxBSUzDn0xkDLYvZwqaeYkj8kDB2oSeR yfGjAgMBAAGjggGwMIIBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU btU+wBwvcck8v0lO72pVSOzR8jgwHwYDVR0jBBgwFoAUSbfGz+g9H3/qRHsTKffxCnA+3mQwHAYD VR0RBBUwE4ERY2FAcnd0aC1hYWNoZW4uZGUwgYgGA1UdHwSBgDB+MD2gO6A5hjdodHRwOi8vY2Rw MS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMD2gO6A5hjdodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIGiBggr BgEFBQcBAQSBlTCBkjBHBggrBgEFBQcwAoY7aHR0cDovL2NkcDEucGNhLmRmbi5kZS9nbG9iYWwt cm9vdC1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9jZHAyLnBj YS5kZm4uZGUvZ2xvYmFsLXJvb3QtY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEB BQUAA4IBAQAXh37GLAscIHrVqQYrG5P/dYULxAseU6xuXKnSpVTnMWVFf1TtN/p2D+8XTKtl/A4W lYa9np+ONblWcS1nJsuYf7N9wrO4zCEcVBNLIAHCY3ZXG+IoNHwgXqSYqXHzrAQZjkSJr1RfbFE4 njUy0nNhtC51HX0ongWfqODc6z7aF9we20615Mh8Kk8uox4XgjLLV/UjPVlwRAnuYIeF0wycvQ6j z/PJMuOrXShpqejpaiRXqKx8oPXAlCcnoqRLlQc1L0iwQHBn0Em6tDmMHcahbf9SBOWiZ8+O0av4 ly8CQ95okz9hto9UErXUIzNea2AQXBtlIyLLKgVuYPf4i3IyMIIFBjCCA+6gAwIBAgIHFHkMp6Zz lDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldUSCBBYWNoZW4xFzAV BgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3RoLWFhY2hlbi5kZTAe Fw0xMjA5MTkwOTIzMzVaFw0xNTA5MTkwOTIzMzVaMDkxCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEUMBIGA1UEAxMLUmVuZSBIdW1tZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDDoo52P1ghFxnZmWNVnv7+qDKjyif4AoLkJrs7CVV34cRm/PhuW8WzLqOES0B0ENWE eDUez2Dc4inRNXdF5zMy36rLuKsK5MuznnXTzqYGMeGQAU7MkUvSZdMIWDpMdVc5nKzP81leStBY c3t6T2PNFHbeQEoHqjUNMQc9wfFWVQHTnQt9+kejn8NDMHqzKjJ+bnXm3byZCEs09CnmGli1irfJ cR6Fo4KcRMHKVrAHUG8NB+QyPv9RzEawbxwZgyDot5G/A4iRnX0aZ7OjB6ohkepKniBZqSMeOIu1 /Y7p6zYwqiLLywX1VtDQz067R4pkrT5h/IO/VcEGXukXqPA/AgMBAAGjggHsMIIB6DAvBgNVHSAE KDAmMBEGDysGAQQBga0hgiwBAQQCAzARBg8rBgEEAYGtIYIsAgEEAgMwCQYDVR0TBAIwADALBgNV HQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBTAJpMHhUGI 9hiu0k6Ccd8MggDivTAfBgNVHSMEGDAWgBRu1T7AHC9xyTy/SU7valVI7NHyODAsBgNVHREEJTAj gSFyZW5lLmh1bW1lbkBjb21zeXMucnd0aC1hYWNoZW4uZGUweQYDVR0fBHIwcDA2oDSgMoYwaHR0 cDovL2NkcDEucGNhLmRmbi5kZS9yd3RoLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMDagNKAyhjBodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2NybC9jYWNybC5jcmwwgZQGCCsGAQUFBwEB BIGHMIGEMEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2Nh Y2VydC9jYWNlcnQuY3J0MEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgt Y2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQCA/Plhm3Cxu6mOs3O3 Wsl/9Ow7rbANrMvB2zxZW4yGJGu5FKaib+ir66xbpMAbmN4gqQmwuDMW+oWC7U+m9IfFG+T482Rz AvsYEOZUmq3Y0KFx87MEJdgaWtJ7PnlUaGtgQjdMso0pvAboZnp2pfxazq46lHXDgTCJsd7MUHb6 MzV9JpDzq0qnXeM2d+WxpOckuo11SAtXod+zuI9Udm7oUVIGeI8yFQrtHhtfESOmi57zSTseEYNS meInQtPv1ARHwuFRBcG5SkHDqbFZIw+2QVK2qq23NlTeBB/JfitX13NYdYNMgymz30iHXvxmB1nN fmJ9RDejQ4SVonYR7pLLMYIC5zCCAuMCAQEwaTBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldU SCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3Ro LWFhY2hlbi5kZQIHFHkMp6ZzlDAJBgUrDgMCGgUAoIIBUzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xNDEwMDkxNjU1MTZaMCMGCSqGSIb3DQEJBDEWBBQJe71FS9cA 3oaX1MjSPw1LfzrNvDB4BgkrBgEEAYI3EAQxazBpMF4xCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEXMBUGA1UEAxMOUldUSCBBYWNoZW4gQ0ExIDAeBgkqhkiG9w0BCQEWEWNhQHJ3 dGgtYWFjaGVuLmRlAgcUeQynpnOUMHoGCyqGSIb3DQEJEAILMWugaTBeMQswCQYDVQQGEwJERTEU MBIGA1UEChMLUldUSCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcN AQkBFhFjYUByd3RoLWFhY2hlbi5kZQIHFHkMp6ZzlDANBgkqhkiG9w0BAQEFAASCAQBN3ht7Q0TK jQG9y44+0r4VE1JNejJcaMIzM5N5kUGD61d8S34U7A1HNdn63N1eJAYcGDPJ0gjE3Xtpz7pfn1QD aab77IMLQtiXLy6uSJtwfBMipFJKqwarZiVCnGzZAbRdW32oApsJIiUq7lKlt0+90y3a8dkIRJVv XDYZ1AmgEMpHCrcvJEq0UXvmk+Yar4szQMzpE2mPfhXTpvZCcORiXqQjKW0M8zxhk2V9PdKY8Loe u+o1UF+Xzj/mA3tbNWOqFYmEu44JAsNFKBQwjRxSOb/9hDauM63sLz+eR94WWqFL1QKMHpFa/5jO QyPYeT84F9HA3YibpQCzunOVwrC6AAAAAAAA --Apple-Mail=_77F1A03C-64B7-4270-8753-0352764CB1B3-- From nobody Thu Oct 9 22:14:02 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87B061A01A5 for ; Thu, 9 Oct 2014 22:13:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5k9IkuNYnXmd for ; Thu, 9 Oct 2014 22:13:57 -0700 (PDT) Received: from gproxy7-pub.mail.unifiedlayer.com (gproxy7-pub.mail.unifiedlayer.com [70.40.196.235]) by ietfa.amsl.com (Postfix) with SMTP id 1EC5A1A0197 for ; Thu, 9 Oct 2014 22:13:56 -0700 (PDT) Received: (qmail 3469 invoked by uid 0); 10 Oct 2014 05:13:56 -0000 Received: from unknown (HELO cmgw3) (10.0.90.84) by gproxy7.mail.unifiedlayer.com with SMTP; 10 Oct 2014 05:13:56 -0000 Received: from box528.bluehost.com ([74.220.219.128]) by cmgw3 with id 1PDn1p00C2molgS01PDqb8; Fri, 10 Oct 2014 05:13:55 -0600 X-Authority-Analysis: v=2.1 cv=EP2VjTpC c=1 sm=1 tr=0 a=K/474su/0lCI2gKrDs9DLw==:117 a=K/474su/0lCI2gKrDs9DLw==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ZSdzdHkL1-cA:10 a=q7J0aIbBmN8A:10 a=N659UExz7-8A:10 a=HYWc1YUsAAAA:8 a=IA_2sfgTpx8A:10 a=rREcAdlOb-AA:10 a=y3McqqjxkrDH_RTRx94A:9 a=pILNOxqGKmIA:10 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tomh.org; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=0pnp8mIQWP+3QnnYUb93Ul/dAqP1jecmhuAnhgOdtp0=; b=BYLjh7Q3We0YbUQMUM6hALgMhkoMDiJTv+65uWMTzGxo2TlVJkyZMEhmb78JCRsca2daG5rFmHZh+H99K4k3PQ+AkRQWBfaLPoQSOvyiKg9EaJ1TCck+J51BVIxRN8id; Received: from [71.231.123.189] (port=34800 helo=[192.168.168.42]) by box528.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1XcSWS-0005dp-1m; Thu, 09 Oct 2014 23:13:48 -0600 Message-ID: <54376B08.90906@tomh.org> Date: Thu, 09 Oct 2014 22:13:44 -0700 From: Tom Henderson User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Rene Hummen References: <5420863E.1060608@tomh.org> <20140922212826.5048E216C3B@bikeshed.isc.org> <54210668.4050605@tomh.org> <20140923112746.EA16C216C3B@bikeshed.isc.org> <542991A8.4020908@tomh.org> <543629E6.8030802@tomh.org> <3E6747D3-A24D-42DF-A7DA-3613B7DE90E4@comsys.rwth-aachen.de> In-Reply-To: <3E6747D3-A24D-42DF-A7DA-3613B7DE90E4@comsys.rwth-aachen.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Identified-User: {3122:box528.bluehost.com:tomhorg:tomh.org} {sentby:smtp auth 71.231.123.189 authed with tomh@tomh.org} Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/mCOaEKsd-EGfukdi7hGewUM2gB8 Cc: Julien Laganier , Francis Dupont , HIP Subject: Re: [Hipsec] Antwort: Re: clarification on HIT Suite IDs X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Oct 2014 05:13:59 -0000 On 10/09/2014 09:55 AM, Rene Hummen wrote: > Hi Tom, > > I am not sure if we there was an answer to this question before. Why > don’t we simply use the four lower-order bits in the HIT_SUITE_LIST > ID field to convey the HIT Suites ID? That would definitely make the > mapping between HIT Suites IDs and OGA IDs much clearer as the 4-bit > and the 8-bit values would be the same. Moreover, I thought we would > skip the part about using larger HIT suite IDs _in the main protocol > specification_. I like your added text in the IANA consideration > though. I agree with your comment that alignment with lower-order bits in the 8-bit fields would be clearer. However, I suppose it was done the way it currently reads to facilitate the expansion; I don't remember the history of that particular design choice. I also would be fine to delete the text on larger HIT suite IDs in the parameter definition, leaving it for the appendix and IANA considerations section. > > My proposed changes are inline based on your provided diff: > > 31 @@ -3099,8 +3099,11 @@ 32 host. Each HIT > Suite ID is one octet long. The four 33 > higher-order bits of the ID field correspond to the 34 > HIT Suite ID in the ORCHID OGA field. The four 35 - > lower-order bits are reserved and set to 0 and 36 - > ignored by the receiver. 37 + lower-order bits are > reserved and set to 0 by 38 + the sender. The > reception of an ID with the 39 + four lower-order > bits not set to 0 should be 40 + considered as an > error that MAY result in a 41 + NOTIFICATION of > type UNSUPPORTED_HIT_SUITE. > > I think the “should” should be a “SHOULD”. Combined, with my above > suggestion, we could rephrase your revised text as follows: “The > reception of a HIT Suite ID with one of the four higher-order bits > set to 1 SHOULD be considered as an error. This error MAY trigger a > NOTIFICATION message of type UNSUPPORTED_HIT_SUITE." OK with this, if the other change is indeed made. > > > @@ -3115,13 +3118,55 @@ 46 the ID field. Future documents may > define the use of the four lower- 47 order bits in the ID field. > > The above paragraph about extending the HIT Suite ID space from 4 to > 8 bit could be removed from the main protocol specification. I don’t > think there is anything weird about an 8-byte HIT Suite ID field > alignment in the HIT_SUITE_LIST parameter (if we change the HIT Suite > ID spec from, e.g., 0x10 to 0x01). > > > 49 - The following HIT Suites ID are defined: 50 + The following > HIT Suites ID are defined, and the relationship between 51 + the > four-bit ID value used in the OGA ID field, and the eight-bit 52 + > encoding within the HIT_SUITE_LIST ID field, is clarified: 53 + 54 + > HIT Suite Four-bit ID Eight-bit encoding 55 + > RESERVED 0 0x00 56 + RSA,DSA/SHA-256 > 1 0x10 (REQUIRED) 57 + ECDSA/SHA-384 > 2 0x20 (RECOMMENDED) 58 + > ECDSA_LOW/SHA-1 3 0x30 (RECOMMENDED) > > This could remain as in -19 because 4-bit and 8-bit values would not > differ. Agreed, if that change is made. > > > 100 + The hash of the responder as defined in the HIT Suite > determines the 101 + HMAC to be used for the HMAC parameter. The > HMACs currently defined 102 + here are HMAC-SHA-256 [RFC4868], > HMAC-SHA-384 [RFC4868], and HMAC- 103 + SHA-1 [RFC2404]. > > This appears to be a small editorial mistake: “HMAC parameter” -> > “HIP_MAC and HIP_MAC_2 parameters”. To be precise, the hash function > specifies the RHASH, which in turn determines the hash function to be > used for HMAC. RHASH is also used as the key derivation function. I can fix this in the next iteration; the above was copied from Appendix E of -19. Thanks for the catch. - Tom From nobody Fri Oct 10 01:52:10 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19EC91A1BB7 for ; Fri, 10 Oct 2014 01:52:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.636 X-Spam-Level: X-Spam-Status: No, score=-4.636 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzlXXPA3qJa3 for ; Fri, 10 Oct 2014 01:52:07 -0700 (PDT) Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ietfa.amsl.com (Postfix) with ESMTP id 932CF1A6F7D for ; Fri, 10 Oct 2014 01:52:06 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.04,690,1406584800"; d="p7s'?scan'208";a="264690392" Received: from mail-i4.nets.rwth-aachen.de ([137.226.12.21]) by mx-2.rz.rwth-aachen.de with ESMTP; 10 Oct 2014 10:52:05 +0200 Received: from messenger.nets.rwth-aachen.de (messenger.nets.rwth-aachen.de [137.226.13.40]) by mail-i4.nets.rwth-aachen.de (Postfix) with ESMTP id 8AD5613DAC2; Fri, 10 Oct 2014 10:52:05 +0200 (CEST) Received: from MESSENGER.nets.rwth-aachen.de ([fe80::d4e:bb9d:9e0:bfee]) by MESSENGER.nets.rwth-aachen.de ([fe80::d4e:bb9d:9e0:bfee%12]) with mapi id 14.01.0218.012; Fri, 10 Oct 2014 10:52:05 +0200 From: Rene Hummen To: Tom Henderson Thread-Topic: [Hipsec] Antwort: Re: clarification on HIT Suite IDs Thread-Index: AQHP3AFN97ZF10cpAkSCBzb5VduNeZwYNfgAgAANKQCADvZwAIAAsH2AgADOVQCAAD0AAA== Date: Fri, 10 Oct 2014 08:52:04 +0000 Message-ID: <33DC1FB2-5568-4192-B7A7-B9A3CE91A8B4@comsys.rwth-aachen.de> References: <5420863E.1060608@tomh.org> <20140922212826.5048E216C3B@bikeshed.isc.org> <54210668.4050605@tomh.org> <20140923112746.EA16C216C3B@bikeshed.isc.org> <542991A8.4020908@tomh.org> <543629E6.8030802@tomh.org> <3E6747D3-A24D-42DF-A7DA-3613B7DE90E4@comsys.rwth-aachen.de> <54376B08.90906@tomh.org> In-Reply-To: <54376B08.90906@tomh.org> Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [137.226.12.29] Content-Type: multipart/signed; boundary="Apple-Mail=_1B6CFA52-2821-4A88-BDD1-87362082B7E8"; protocol="application/pkcs7-signature"; micalg=sha1 MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/5eGJZlgLFWkTDbxgk336MKR5uro Cc: Julien Laganier , Francis Dupont , HIP Subject: Re: [Hipsec] Antwort: Re: clarification on HIT Suite IDs X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Oct 2014 08:52:09 -0000 --Apple-Mail=_1B6CFA52-2821-4A88-BDD1-87362082B7E8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 10 Oct 2014, at 07:13, Tom Henderson wrote: > On 10/09/2014 09:55 AM, Rene Hummen wrote: >> Hi Tom, >>=20 >> I am not sure if we there was an answer to this question before. Why >> don=92t we simply use the four lower-order bits in the HIT_SUITE_LIST >> ID field to convey the HIT Suites ID? That would definitely make the >> mapping between HIT Suites IDs and OGA IDs much clearer as the 4-bit >> and the 8-bit values would be the same. Moreover, I thought we would >> skip the part about using larger HIT suite IDs _in the main protocol >> specification_. I like your added text in the IANA consideration >> though. >=20 > I agree with your comment that alignment with lower-order bits in the=20= > 8-bit fields would be clearer. However, I suppose it was done the way=20= > it currently reads to facilitate the expansion; I don't remember the=20= > history of that particular design choice. When using the four lower-order bits instead of the higher-order bits, = we could simply define HIP Suite IDs > 16 to be reserved for future use. = This would similarly facilitate the desired expansion, doesn=92t it? Ren=E9 -- Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and Distributed Systems RWTH Aachen University, Germany tel: +49 241 80 21426 web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ --Apple-Mail=_1B6CFA52-2821-4A88-BDD1-87362082B7E8 Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOGzCCBCEw ggMJoAMCAQICAgDHMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNEZXV0 c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQD ExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAeFw0wNjEyMTkxMDI5MDBaFw0xOTA2MzAyMzU5 MDBaMFoxCzAJBgNVBAYTAkRFMRMwEQYDVQQKEwpERk4tVmVyZWluMRAwDgYDVQQLEwdERk4tUEtJ MSQwIgYDVQQDExtERk4tVmVyZWluIFBDQSBHbG9iYWwgLSBHMDEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDpm8NnhfkNrvWNVMOWUDU9YuluTO2U1wBblSJ01CDrNI/W7MAxBAuZgeKm FNJSoCgjhIt0iQReW+DieMF4yxbLKDU5ey2QRdDtoAB6fL9KDhsAw4bpXCsxEXsM84IkQ4wcOItq aACa7txPeKvSxhObdq3u3ibo7wGvdA/BCaL2a869080UME/15eOkyGKbghoDJzANAmVgTe3RCSMq ljVYJ9N2xnG2kB3E7f81hn1vM7PbD8URwoqDoZRdQWvY0hD1TP3KUazZve+Sg7va64sWVlZDz+HV Ez2mHycwzUlU28kTNJpxdcVs6qcLmPkhnSevPqM5OUhqjK3JmfvDEvK9AgMBAAGjgdkwgdYwcAYD VR0fBGkwZzBloGOgYYZfaHR0cDovL3BraS50ZWxlc2VjLmRlL2NnaS1iaW4vc2VydmljZS9hZl9E b3dubG9hZEFSTC5jcmw/LWNybF9mb3JtYXQ9WF81MDkmLWlzc3Vlcj1EVF9ST09UX0NBXzIwHQYD VR0OBBYEFEm3xs/oPR9/6kR7Eyn38QpwPt5kMB8GA1UdIwQYMBaAFDHDeRu69VPXF+CJei0XbAqz K50zMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMA0GCSqGSIb3DQEBBQUAA4IB AQA74Vp3wEgX3KkY7IGvWonwvSiSpspZGBJw7Cjy565/lizn8l0ZMfYTK3S9vYCyufdnyTmieTvh ERHua3iRM347XyYndVNljjNj7s9zw7CSI0khUHUjoR8Y4pSFPT8z6XcgjaK95qGFKUD2P3MyWA0J a6bahWzAP7uNZmRWJE6uDT8yNQFb6YyC2XJZT7GGhfF0hVblw/hc843uR7NTBXDn5U2KaYMo4RMJ hp5eyOpYHgwf+aTUWgRo/Sg+iwK2WLX2oSw3VwBnqyNojWOl75lrXP1LVvarQIc01BGSbOyHxQoL BzNytG8MHVQs2FHHzL8w00Ny8TK/jM5JY6gA9/IcMIIE6DCCA9CgAwIBAgIECfJ04DANBgkqhkiG 9w0BAQUFADBaMQswCQYDVQQGEwJERTETMBEGA1UEChMKREZOLVZlcmVpbjEQMA4GA1UECxMHREZO LVBLSTEkMCIGA1UEAxMbREZOLVZlcmVpbiBQQ0EgR2xvYmFsIC0gRzAxMB4XDTA3MDIxNDExNDkz OFoXDTE5MDIxMzAwMDAwMFowXjELMAkGA1UEBhMCREUxFDASBgNVBAoTC1JXVEggQWFjaGVuMRcw FQYDVQQDEw5SV1RIIEFhY2hlbiBDQTEgMB4GCSqGSIb3DQEJARYRY2FAcnd0aC1hYWNoZW4uZGUw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4MAhk48jcelLfNUI5kvMv+CF54xJnL4x/ cJQnN2NId6CJ3fqs0siO2exIACfzdjxOUpQ6ZFOn5pdTvTi7stnk8WAaP/d9LFd8k9Gbxjh7xh3L +0a3ac+/tHJcX564ntUxGtVGMuShEoUaZUT5fw97TL36UJ8OqXLrqpdAKcFKaJ+pgRp2gTLj4MNU MPjA4GlstpjoLnT++qFm7t/ZS92/E3OqNJUwHH6C35vSroVscmg+a7XxT6U4JO99MYxNcTIMzhPS 9Ytp+302w7i51daBjr0hFGPK0nLSV6gv77zBSFJ7AVGJJxBSUzDn0xkDLYvZwqaeYkj8kDB2oSeR yfGjAgMBAAGjggGwMIIBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU btU+wBwvcck8v0lO72pVSOzR8jgwHwYDVR0jBBgwFoAUSbfGz+g9H3/qRHsTKffxCnA+3mQwHAYD VR0RBBUwE4ERY2FAcnd0aC1hYWNoZW4uZGUwgYgGA1UdHwSBgDB+MD2gO6A5hjdodHRwOi8vY2Rw MS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMD2gO6A5hjdodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIGiBggr BgEFBQcBAQSBlTCBkjBHBggrBgEFBQcwAoY7aHR0cDovL2NkcDEucGNhLmRmbi5kZS9nbG9iYWwt cm9vdC1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9jZHAyLnBj YS5kZm4uZGUvZ2xvYmFsLXJvb3QtY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEB BQUAA4IBAQAXh37GLAscIHrVqQYrG5P/dYULxAseU6xuXKnSpVTnMWVFf1TtN/p2D+8XTKtl/A4W lYa9np+ONblWcS1nJsuYf7N9wrO4zCEcVBNLIAHCY3ZXG+IoNHwgXqSYqXHzrAQZjkSJr1RfbFE4 njUy0nNhtC51HX0ongWfqODc6z7aF9we20615Mh8Kk8uox4XgjLLV/UjPVlwRAnuYIeF0wycvQ6j z/PJMuOrXShpqejpaiRXqKx8oPXAlCcnoqRLlQc1L0iwQHBn0Em6tDmMHcahbf9SBOWiZ8+O0av4 ly8CQ95okz9hto9UErXUIzNea2AQXBtlIyLLKgVuYPf4i3IyMIIFBjCCA+6gAwIBAgIHFHkMp6Zz lDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldUSCBBYWNoZW4xFzAV BgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3RoLWFhY2hlbi5kZTAe Fw0xMjA5MTkwOTIzMzVaFw0xNTA5MTkwOTIzMzVaMDkxCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEUMBIGA1UEAxMLUmVuZSBIdW1tZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDDoo52P1ghFxnZmWNVnv7+qDKjyif4AoLkJrs7CVV34cRm/PhuW8WzLqOES0B0ENWE eDUez2Dc4inRNXdF5zMy36rLuKsK5MuznnXTzqYGMeGQAU7MkUvSZdMIWDpMdVc5nKzP81leStBY c3t6T2PNFHbeQEoHqjUNMQc9wfFWVQHTnQt9+kejn8NDMHqzKjJ+bnXm3byZCEs09CnmGli1irfJ cR6Fo4KcRMHKVrAHUG8NB+QyPv9RzEawbxwZgyDot5G/A4iRnX0aZ7OjB6ohkepKniBZqSMeOIu1 /Y7p6zYwqiLLywX1VtDQz067R4pkrT5h/IO/VcEGXukXqPA/AgMBAAGjggHsMIIB6DAvBgNVHSAE KDAmMBEGDysGAQQBga0hgiwBAQQCAzARBg8rBgEEAYGtIYIsAgEEAgMwCQYDVR0TBAIwADALBgNV HQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBTAJpMHhUGI 9hiu0k6Ccd8MggDivTAfBgNVHSMEGDAWgBRu1T7AHC9xyTy/SU7valVI7NHyODAsBgNVHREEJTAj gSFyZW5lLmh1bW1lbkBjb21zeXMucnd0aC1hYWNoZW4uZGUweQYDVR0fBHIwcDA2oDSgMoYwaHR0 cDovL2NkcDEucGNhLmRmbi5kZS9yd3RoLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMDagNKAyhjBodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2NybC9jYWNybC5jcmwwgZQGCCsGAQUFBwEB BIGHMIGEMEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2Nh Y2VydC9jYWNlcnQuY3J0MEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgt Y2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQCA/Plhm3Cxu6mOs3O3 Wsl/9Ow7rbANrMvB2zxZW4yGJGu5FKaib+ir66xbpMAbmN4gqQmwuDMW+oWC7U+m9IfFG+T482Rz AvsYEOZUmq3Y0KFx87MEJdgaWtJ7PnlUaGtgQjdMso0pvAboZnp2pfxazq46lHXDgTCJsd7MUHb6 MzV9JpDzq0qnXeM2d+WxpOckuo11SAtXod+zuI9Udm7oUVIGeI8yFQrtHhtfESOmi57zSTseEYNS meInQtPv1ARHwuFRBcG5SkHDqbFZIw+2QVK2qq23NlTeBB/JfitX13NYdYNMgymz30iHXvxmB1nN fmJ9RDejQ4SVonYR7pLLMYIC5zCCAuMCAQEwaTBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldU SCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3Ro LWFhY2hlbi5kZQIHFHkMp6ZzlDAJBgUrDgMCGgUAoIIBUzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xNDEwMTAwODUyMDVaMCMGCSqGSIb3DQEJBDEWBBTZ5Vr0WNH9 6V8s6U0gLxNPXxi1ODB4BgkrBgEEAYI3EAQxazBpMF4xCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEXMBUGA1UEAxMOUldUSCBBYWNoZW4gQ0ExIDAeBgkqhkiG9w0BCQEWEWNhQHJ3 dGgtYWFjaGVuLmRlAgcUeQynpnOUMHoGCyqGSIb3DQEJEAILMWugaTBeMQswCQYDVQQGEwJERTEU MBIGA1UEChMLUldUSCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcN AQkBFhFjYUByd3RoLWFhY2hlbi5kZQIHFHkMp6ZzlDANBgkqhkiG9w0BAQEFAASCAQC5guXjfTiZ mqDYyRmXuurnFnWAhaUgCvvSyqRiTpWx6DOQPzfZs9NNjRo2JRwJQAOTvehRMvoyfIXwEO7xAysF Hvpxs/mOTSp0FQnYdja/jDMMkj7/BFpdNH8XplgB94zTI48GJ94kzP0/TVedOcs+sfRsjLPV1pAm 6Md0UPJSHlj4eTxZQ52eSx+kPPC+04Wqis5OI/F4iS8lrPppEvXkShV4tKf4xyRMsaj9GcQtZcDp DgrlS+HPSUTvA+fcSUv/5YMT4isdGtSUSyie9J/peXRu3RNvealW/1FDDOuC/vrBuuB9qfUzIe4q 3CL5H0A6KSVeA4uryzpWt0wwcISuAAAAAAAA --Apple-Mail=_1B6CFA52-2821-4A88-BDD1-87362082B7E8-- From nobody Thu Oct 16 08:03:09 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DDBF1A1B9B for ; Thu, 16 Oct 2014 08:03:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.012 X-Spam-Level: X-Spam-Status: No, score=-2.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JVE2aEVxkMkT for ; Thu, 16 Oct 2014 08:03:05 -0700 (PDT) Received: from script.cs.helsinki.fi (script.cs.helsinki.fi [128.214.11.1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 749A51A1B2B for ; Thu, 16 Oct 2014 08:03:05 -0700 (PDT) X-DKIM: Courier DKIM Filter v0.50+pk-2014-03-23 mail.cs.helsinki.fi Thu, 16 Oct 2014 18:03:00 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.helsinki.fi; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s= dkim20130528; bh=z8yoJ+Uu7bR1cpYh5iQFclQOjl8+5dsD90zN9fPQtRM=; b= cZvd4/4ztYdSE6UIIaVv8Luk1PqqmVSBtrbKuw+qFntEMQAftRNtM2+iveg5C1rC Wo6j9U4aliMY13rtsjXez4d+yVYq9mrRQ2kkrBVe/3wZMHKpAJ6AnOeTwgGYZm3d fd7VHQ+Q6D7wVzuKfy0yyPKhfV3ECXlmKABZpLQrZJM= Received: from [128.214.114.200] (karvia.pc.hiit.fi [128.214.114.200]) (AUTH: PLAIN gurtov, SSL: TLSv1/SSLv3,128bits,AES128-SHA) by mail.cs.helsinki.fi with ESMTPSA; Thu, 16 Oct 2014 18:03:00 +0300 id 00000000000804C5.00000000543FDE24.00003706 Message-ID: <543FFA44.7030308@cs.helsinki.fi> Date: Thu, 16 Oct 2014 18:03:00 +0100 From: Andrei Gurtov User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: hipsec@ietf.org References: <20140924202921.8538.79704.idtracker@ietfa.amsl.com> In-Reply-To: <20140924202921.8538.79704.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/dYe34rZWChIlCzqpDt8dm4-12Gg Subject: Re: [Hipsec] Protocol Action: 'Host Identity Protocol Version 2 (HIPv2)' to Proposed Standard (draft-ietf-hip-rfc5201-bis-19.txt) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2014 15:03:08 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Congratulations, that's a nice achievement! Are there HIP implementations already that support those latest specs? Btw, some recent HIP-related papers e.g. on SDN can be found here http://www.cs.helsinki.fi/u/gurtov/papers/ br Andrei On 24/09/2014 21:29, The IESG wrote: > The IESG has approved the following document: - 'Host Identity > Protocol Version 2 (HIPv2)' (draft-ietf-hip-rfc5201-bis-19.txt) as > Proposed Standard > > This document is the product of the Host Identity Protocol Working > Group. > > The IESG contact persons are Ted Lemon and Brian Haberman. > > A URL of this Internet Draft is: > http://datatracker.ietf.org/doc/draft-ietf-hip-rfc5201-bis/ > > > > > Technical Summary: > > This document specifies the details of the Host Identity Protocol > (HIP). HIP allows consenting hosts to securely establish and > maintain shared IP-layer state, allowing separation of the > identifier and locator roles of IP addresses, thereby enabling > continuity of communications across IP address changes. HIP is > based on a SIGMA- compliant Diffie-Hellman key exchange, using > public key identifiers from a new Host Identity namespace for > mutual peer authentication. The protocol is designed to be > resistant to denial-of-service (DoS) and man-in-the-middle (MitM) > attacks. When used together with another suitable security > protocol, such as the Encapsulated Security Payload (ESP), it > provides integrity protection and optional encryption for > upper-layer protocols, such as TCP and UDP. > > This document obsoletes RFC 5201 and addresses the concerns raised > by the IESG, particularly that of crypto agility. It also > incorporates lessons learned from the implementations of RFC 5201. > > > Working Group Summary: > > There is full consensus behind this document. > > Document Quality: > > As discussed in RFC 6538, there are several implementations of the > Experimental HIP specs. At least HIP for Linux and OpenHIP will be > updated to comply with the standards-track specs. > > Personnel: > > Gonzalo Camarillo is the document shepherd. Ted Lemon is the > responsible AD. > > _______________________________________________ Hipsec mailing > list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlQ/+kQACgkQP7jp0uceFkTXVwCfQ87tFpiCKZuyCEoaT2xFPfrR 5rIAnAgxnUfWvAC++VwnuOWredf7o5+t =oJIn -----END PGP SIGNATURE----- From nobody Mon Oct 20 07:16:42 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D29D71A909B; Mon, 20 Oct 2014 07:16:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0lItaQZ1Uuy; Mon, 20 Oct 2014 07:16:26 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 83C3D1A894B; Mon, 20 Oct 2014 07:02:26 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.6.4.p1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20141020140226.1338.13792.idtracker@ietfa.amsl.com> Date: Mon, 20 Oct 2014 07:02:26 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/HF_qx5xq7I3K8pLzcnH_wC86gTc Cc: hipsec@ietf.org Subject: [Hipsec] I-D Action: draft-ietf-hip-rfc4423-bis-09.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2014 14:16:29 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol Working Group of the IETF. Title : Host Identity Protocol Architecture Authors : Robert Moskowitz Miika Komu Filename : draft-ietf-hip-rfc4423-bis-09.txt Pages : 39 Date : 2014-10-20 Abstract: This memo describes a new namespace, the Host Identity namespace, and a new protocol layer, the Host Identity Protocol, between the internetworking and transport layers. Herein are presented the basics of the current namespaces, their strengths and weaknesses, and how a new namespace will add completeness to them. The roles of this new namespace in the protocols are defined. This document obsoletes RFC 4423 and addresses the concerns raised by the IESG, particularly that of crypto agility. It incorporates lessons learned from the implementations of RFC 5201 and goes further to explain how HIP works as a secure signaling channel. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-rfc4423-bis/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-hip-rfc4423-bis-09 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-hip-rfc4423-bis-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Oct 20 07:40:26 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79CAD1A885C for ; Mon, 20 Oct 2014 07:40:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q_2Ys_ehSEmq for ; Mon, 20 Oct 2014 07:40:20 -0700 (PDT) Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by ietfa.amsl.com (Postfix) with ESMTP id 9A43E1A885F for ; Mon, 20 Oct 2014 07:18:33 -0700 (PDT) Received: from [127.0.0.1] (mannerheim.cs.hut.fi [130.233.193.8]) by mail.cs.hut.fi (Postfix) with ESMTP id 8B96F308DC0 for ; Mon, 20 Oct 2014 17:18:32 +0300 (EEST) Message-ID: <544519B8.90505@cs.hut.fi> Date: Mon, 20 Oct 2014 17:18:32 +0300 From: Miika Komu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: hipsec@ietf.org References: <20141020140226.1338.13792.idtracker@ietfa.amsl.com> In-Reply-To: <20141020140226.1338.13792.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/GeteUbZI3aCDFJq-5YgNgQKtyM8 Subject: Re: [Hipsec] I-D Action: draft-ietf-hip-rfc4423-bis-09.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2014 14:40:23 -0000 FYI, this was just a refresh of the previous version of the document before it would have expired. On 10/20/2014 05:02 PM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Host Identity Protocol Working Group of the IETF. > > Title : Host Identity Protocol Architecture > Authors : Robert Moskowitz > Miika Komu > Filename : draft-ietf-hip-rfc4423-bis-09.txt > Pages : 39 > Date : 2014-10-20 > > Abstract: > This memo describes a new namespace, the Host Identity namespace, and > a new protocol layer, the Host Identity Protocol, between the > internetworking and transport layers. Herein are presented the > basics of the current namespaces, their strengths and weaknesses, and > how a new namespace will add completeness to them. The roles of this > new namespace in the protocols are defined. > > This document obsoletes RFC 4423 and addresses the concerns raised by > the IESG, particularly that of crypto agility. It incorporates > lessons learned from the implementations of RFC 5201 and goes further > to explain how HIP works as a secure signaling channel. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-hip-rfc4423-bis/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-hip-rfc4423-bis-09 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-hip-rfc4423-bis-09 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From nobody Tue Oct 28 07:01:19 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA3E81A8904 for ; Tue, 28 Oct 2014 07:01:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.51 X-Spam-Level: X-Spam-Status: No, score=-1.51 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fH04RiAhTvP0 for ; Tue, 28 Oct 2014 07:01:08 -0700 (PDT) Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by ietfa.amsl.com (Postfix) with ESMTP id D3AC31A8902 for ; Tue, 28 Oct 2014 07:01:05 -0700 (PDT) Received: from [127.0.0.1] (mannerheim.cs.hut.fi [130.233.193.8]) by mail.cs.hut.fi (Postfix) with ESMTP id 0DCEE308E22 for ; Tue, 28 Oct 2014 16:00:59 +0200 (EET) Message-ID: <544FA19B.8030306@cs.hut.fi> Date: Tue, 28 Oct 2014 16:00:59 +0200 From: Miika Komu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: hipsec@ietf.org References: <20140905182558.7340.5516.idtracker@ietfa.amsl.com> <540A04E3.2040203@tomh.org> <9BFCB5CC-FD77-49C2-9A67-39AEB45530D1@nominum.com> <540B2A2E.9040905@tomh.org> <540C3EB0.2000004@gmail.com> <5416CF8D.1070707@ericsson.com> <5417C8A2.9070800@tomh.org> In-Reply-To: <5417C8A2.9070800@tomh.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/O9AUJyTixI5vh9mrkcsJtuttLv4 Subject: Re: [Hipsec] RFC5201-bis and RFC5202-bis status X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2014 14:01:11 -0000 Hi, On 09/16/2014 08:20 AM, Tom Henderson wrote: > On 09/15/2014 04:37 AM, Gonzalo Camarillo wrote: >> Hi Tom (Henderson), >> >> Jari, Brian, and Ted still have discusses on this document. Could you >> please summarize for each of them the status of this draft with respect >> to their particular comments? >> >> Thanks, >> >> Gonzalo >> >> > > Gonzalo, the most recent status on this draft was posted to the HIP list > in this message: > > http://www.ietf.org/mail-archive/web/hipsec/current/msg03942.html > > Since then, it seems that Jari and Brian have cleared their discusses. > I believe that the IANA issues have been mostly resolved (Ted's > discuss). Ted's discuss was against version -14 of the draft, while we > are at version -17 now. There is a lingering comment that I haven't > picked up from Barry (item 5 in the above email) that pertains to IANA > text; I plan to publish those in version -18. > > I could probably put out a version -18 shortly that may resolve all of > the open issues, but it just requires that I generate a new Appendix C > example packet. I'll try to get to that in the next day or two. I wrote a checksum generator, and I have independently verified that the checksums in RFC5201-bis are correct. From nobody Tue Oct 28 09:50:19 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9096C1A9039 for ; Tue, 28 Oct 2014 09:50:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.033 X-Spam-Level: * X-Spam-Status: No, score=1.033 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NVqqyBT7ABZB for ; Tue, 28 Oct 2014 09:50:10 -0700 (PDT) Received: from gproxy6-pub.mail.unifiedlayer.com (gproxy6-pub.mail.unifiedlayer.com [67.222.39.168]) by ietfa.amsl.com (Postfix) with SMTP id C0BEB1A90C9 for ; Tue, 28 Oct 2014 09:44:52 -0700 (PDT) Received: (qmail 16692 invoked by uid 0); 28 Oct 2014 16:44:51 -0000 Received: from unknown (HELO cmgw2) (10.0.90.83) by gproxy6.mail.unifiedlayer.com with SMTP; 28 Oct 2014 16:44:51 -0000 Received: from box528.bluehost.com ([74.220.219.128]) by cmgw2 with id 8gkT1p01W2molgS01gkW79; Tue, 28 Oct 2014 10:44:34 -0600 X-Authority-Analysis: v=2.1 cv=e5mVF8Z/ c=1 sm=1 tr=0 a=K/474su/0lCI2gKrDs9DLw==:117 a=K/474su/0lCI2gKrDs9DLw==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ZSdzdHkL1-cA:10 a=N659UExz7-8A:10 a=HYWc1YUsAAAA:8 a=IA_2sfgTpx8A:10 a=rREcAdlOb-AA:10 a=48vgC7mUAAAA:8 a=3AAdyg3TLApRQK_I-MYA:9 a=pILNOxqGKmIA:10 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tomh.org; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=yabL5EhXHevUx/n/EAvLDvOslDJvHu5u2f28er8Icnw=; b=WayWGoqf4xJ4BwHyGgtXKztUa6emRRGy7cMcq919l/lAR0AvEh2fbuZp7AuXIsmom079plTlXidqrwFYlBcg743PeIFtPbboRo7JiXVuCpY2LGx1BAmce0FbmJgCdODu; Received: from [71.231.123.189] (port=38218 helo=[192.168.168.40]) by box528.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1Xj9si-0005TB-NF; Tue, 28 Oct 2014 10:44:28 -0600 Message-ID: <544FC7E9.50301@tomh.org> Date: Tue, 28 Oct 2014 09:44:25 -0700 From: Tom Henderson User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Miika Komu References: <20140905182558.7340.5516.idtracker@ietfa.amsl.com> <540A04E3.2040203@tomh.org> <9BFCB5CC-FD77-49C2-9A67-39AEB45530D1@nominum.com> <540B2A2E.9040905@tomh.org> <540C3EB0.2000004@gmail.com> <5416CF8D.1070707@ericsson.com> <5417C8A2.9070800@tomh.org> <544FA19B.8030306@cs.hut.fi> In-Reply-To: <544FA19B.8030306@cs.hut.fi> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Identified-User: {3122:box528.bluehost.com:tomhorg:tomh.org} {sentby:smtp auth 71.231.123.189 authed with tomh@tomh.org} Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/3xC30WVHrCrXPAHv3BmmECB4Lzg Cc: hipsec@ietf.org Subject: Re: [Hipsec] RFC5201-bis and RFC5202-bis status X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2014 16:50:12 -0000 On 10/28/2014 07:00 AM, Miika Komu wrote: > > I wrote a checksum generator, and I have independently verified that the > checksums in RFC5201-bis are correct. > Miika, thank you for checking this. This leaves one open issue, regarding the clarifications to HIT_SUITE_LIST. I originally put a diff proposal here: http://trac.tools.ietf.org/wg/hip/trac/attachment/ticket/51/rfc5201-bis-19-to-20-pre.diff This proposal drew one review on the list from Rene, who suggested the following: 1) swap the encoding of the HIT Suite IDs to use the lower four-order bits instead of the higher four-order bits 2) fix an editorial reference to “HMAC parameter” -> “HIP_MAC and HIP_MAC_2 parameters” (or RHASH function). 3) change one of the proposed 'should' words to 'SHOULD' While I am sympathetic to Rene's argument in 1), no one else has supported this change on the list, so given the late stage of this document, I would suggest to keep the encoding as is. The changes proposed in 2) and 3) are editorial, in my view, so I don't see a problem to accept them. I regenerated the diff according to Rene's suggestions, and posted it here: http://trac.tools.ietf.org/wg/hip/trac/attachment/ticket/51/rfc5201-bis-19-to-20-pre-2.diff So in summary, I would like to now convey to our AD that we have a diff to the version -19 draft that is editorial/clarification in nature, and ask whether and how it can be handled procedurally, such as: - publish a -20 and revisit some of the reviews (since version -19 was officially reviewed and approved, I don't know what it means to now post a -20 version) - avoid publishing a -20 and handle these changes similar to AUTH48 changes - scrap the diff and just publish version -19 Our AD can let us know how he prefers to handle it. - Tom From nobody Tue Oct 28 11:15:46 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9761A9138 for ; Tue, 28 Oct 2014 11:15:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.79 X-Spam-Level: X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nnirkybYem3E for ; Tue, 28 Oct 2014 11:15:38 -0700 (PDT) Received: from sjc1-mx02-inside.nominum.com (sjc1-mx02-inside.nominum.com [64.89.234.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B77C1AC3AF for ; Tue, 28 Oct 2014 11:08:24 -0700 (PDT) Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by sjc1-mx02-inside.nominum.com (Postfix) with ESMTPS id F1476DA00A9 for ; Tue, 28 Oct 2014 18:11:31 +0000 (UTC) Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id 3308453E084; Tue, 28 Oct 2014 11:07:54 -0700 (PDT) Received: from [10.0.20.107] (71.233.43.215) by CAS-01.WIN.NOMINUM.COM (192.168.1.100) with Microsoft SMTP Server (TLS) id 14.3.195.1; Tue, 28 Oct 2014 11:07:53 -0700 Content-Type: text/plain; charset="windows-1252" MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Ted Lemon In-Reply-To: <544FC7E9.50301@tomh.org> Date: Tue, 28 Oct 2014 14:07:36 -0400 Content-Transfer-Encoding: quoted-printable Message-ID: References: <20140905182558.7340.5516.idtracker@ietfa.amsl.com> <540A04E3.2040203@tomh.org> <9BFCB5CC-FD77-49C2-9A67-39AEB45530D1@nominum.com> <540B2A2E.9040905@tomh.org> <540C3EB0.2000004@gmail.com> <5416CF8D.1070707@ericsson.com> <5417C8A2.9070800@tomh.org> <544FA19B.8030306@cs.hut.fi> <544FC7E9.50301@tomh.org> To: Tom Henderson X-Mailer: Apple Mail (2.1878.6) X-Originating-IP: [71.233.43.215] Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/vIDJYbSBFbUuLRcnByt7b0Gw5Vs Cc: hipsec@ietf.org Subject: Re: [Hipsec] RFC5201-bis and RFC5202-bis status X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2014 18:15:41 -0000 On Oct 28, 2014, at 12:44 PM, Tom Henderson wrote: > While I am sympathetic to Rene's argument in 1), no one else has = supported this change on the list, so given the late stage of this = document, I would suggest to keep the encoding as is. The changes = proposed in 2) and 3) are editorial, in my view, so I don't see a = problem to accept them. I would definitely concur with this. This is not the time to do = further engineering. > I regenerated the diff according to Rene's suggestions, and posted it = here: >=20 > = http://trac.tools.ietf.org/wg/hip/trac/attachment/ticket/51/rfc5201-bis-19= -to-20-pre-2.diff >=20 > So in summary, I would like to now convey to our AD that we have a = diff to the version -19 draft that is editorial/clarification in nature, = and ask whether and how it can be handled procedurally, such as: >=20 > - publish a -20 and revisit some of the reviews (since version -19 was = officially reviewed and approved, I don't know what it means to now post = a -20 version) > - avoid publishing a -20 and handle these changes similar to AUTH48 = changes > - scrap the diff and just publish version -19 >=20 > Our AD can let us know how he prefers to handle it. I would prefer that you publish the -20. Assuming that that is the = working group's final say, we can then push the publish button. From nobody Thu Oct 30 08:56:18 2014 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57C291AD51C for ; Thu, 30 Oct 2014 08:56:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LoHwgri6ULce for ; Thu, 30 Oct 2014 08:56:05 -0700 (PDT) Received: from gproxy7-pub.mail.unifiedlayer.com (gproxy7-pub.mail.unifiedlayer.com [70.40.196.235]) by ietfa.amsl.com (Postfix) with SMTP id B694D1AD512 for ; Thu, 30 Oct 2014 08:56:05 -0700 (PDT) Received: (qmail 31279 invoked by uid 0); 30 Oct 2014 15:56:00 -0000 Received: from unknown (HELO cmgw3) (10.0.90.84) by gproxy7.mail.unifiedlayer.com with SMTP; 30 Oct 2014 15:56:00 -0000 Received: from box528.bluehost.com ([74.220.219.128]) by cmgw3 with id 9Zvs1p00T2molgS01Zvv4b; Thu, 30 Oct 2014 15:55:59 -0600 X-Authority-Analysis: v=2.1 cv=ON60g0qB c=1 sm=1 tr=0 a=K/474su/0lCI2gKrDs9DLw==:117 a=K/474su/0lCI2gKrDs9DLw==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ZSdzdHkL1-cA:10 a=IkcTkHD0fZMA:10 a=HYWc1YUsAAAA:8 a=IA_2sfgTpx8A:10 a=rREcAdlOb-AA:10 a=48vgC7mUAAAA:8 a=1Ysxo99_-gKLpmKoMXAA:9 a=QEXdDO2ut3YA:10 a=IKNNbCbEnz8A:10 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tomh.org; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=52RWs9Vn5ZtVc9PrUreNKfSi5fKH34RGxv1Q2iXMX3I=; b=Xp9lKepC/xe2NKxJKb+U9KAXtDypRuPiqSZosV7KSmJiCoMDRQpYuk2aE5cJsdaYjQMN7lxxWVQLMDJXjpWoqy+gfkdHgy8/0jcsIOcLbNNWoptLP8qKbLwL1zEUjxur; Received: from [71.231.123.189] (port=40326 helo=[192.168.168.40]) by box528.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1Xjs4n-0008FL-3A for hipsec@ietf.org; Thu, 30 Oct 2014 09:55:53 -0600 Message-ID: <54525F86.9080005@tomh.org> Date: Thu, 30 Oct 2014 08:55:50 -0700 From: Tom Henderson User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: HIP References: <20141030152905.20100.3880.idtracker@ietfa.amsl.com> In-Reply-To: <20141030152905.20100.3880.idtracker@ietfa.amsl.com> X-Forwarded-Message-Id: <20141030152905.20100.3880.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {3122:box528.bluehost.com:tomhorg:tomh.org} {sentby:smtp auth 71.231.123.189 authed with tomh@tomh.org} Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/TdhZnPh2xRX_4Uyq3InT9SBdpKo Subject: [Hipsec] Fwd: New Version Notification - draft-ietf-hip-rfc5201-bis-20.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2014 15:56:08 -0000 Hi all, this version corresponds to the diff that I posted here on Tuesday: http://www.ietf.org/mail-archive/web/hipsec/current/msg03986.html - Tom -------- Original Message -------- Subject: New Version Notification - draft-ietf-hip-rfc5201-bis-20.txt A new version (-20) has been submitted for draft-ietf-hip-rfc5201-bis-20.txt: https://www.ietf.org/internet-drafts/draft-ietf-hip-rfc5201-bis-20.txt Diff from previous version: https://tools.ietf.org/rfcdiff?url2=draft-ietf-hip-rfc5201-bis-20 The IETF Secretariat.