From nobody Fri Jan 4 08:49:18 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55786130DE4 for ; Fri, 4 Jan 2019 08:49:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.366 X-Spam-Level: X-Spam-Status: No, score=-4.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=GTS7Qvak; dkim=pass (1024-bit key) header.d=ericsson.com header.b=PDKIouMr Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cfG3YE7LwMp0 for ; Fri, 4 Jan 2019 08:49:08 -0800 (PST) Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73CE6130E7D for ; Fri, 4 Jan 2019 08:49:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1546620542; x=1549212542; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=D+D/zEbRyoSECVJ5v6uw+Cs/jcVyKusT06H1QpyUfJQ=; b=GTS7Qvak6sEIkLn2kWRpxFykLULA6xuJ5NVhBZ6X7s3i7rjtRdrUXKe8OnaP6jLx Ef3KIcOcgBQD72P5NqdM9ZBQTj/xlL04AA5nndwtXqOK+bcmiW0gnzbBVEFqH6lg xipUOKNbuI9s6vANR8YXHaWW+h5uEm1r/g/f59bfab0=; X-AuditID: c1b4fb30-f93ff7000000355c-41-5c2f8e7eb551 Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id D1.D5.13660.E7E8F2C5; Fri, 4 Jan 2019 17:49:02 +0100 (CET) Received: from ESESSMB503.ericsson.se (153.88.183.164) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Fri, 4 Jan 2019 17:49:02 +0100 Received: from EUR02-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB503.ericsson.se (153.88.183.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Fri, 4 Jan 2019 17:49:01 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+D/zEbRyoSECVJ5v6uw+Cs/jcVyKusT06H1QpyUfJQ=; b=PDKIouMrKTcvNfeAXheazGWAHEckDxm09kyynCEOi/CKXSlVW4Hx5oml//ecwaP6tdeZ9qMMjKPCQSRjM4wRsN2Vcb+Qf1zVimdvEz9ypRC312jLRvBawWWi9+1gGoSN8URPGSTo2m9hRkpDBtmtJISni+EXFA6q7ky6B6Z3UwU= Received: from VI1PR0701MB2957.eurprd07.prod.outlook.com (10.173.72.135) by VI1PR0701MB2686.eurprd07.prod.outlook.com (10.173.79.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.3; Fri, 4 Jan 2019 16:49:00 +0000 Received: from VI1PR0701MB2957.eurprd07.prod.outlook.com ([fe80::116c:b456:232b:a2ea]) by VI1PR0701MB2957.eurprd07.prod.outlook.com ([fe80::116c:b456:232b:a2ea%3]) with mapi id 15.20.1495.005; Fri, 4 Jan 2019 16:49:00 +0000 From: Miika Komu To: Benjamin Kaduk , The IESG CC: "draft-ietf-hip-rfc4423-bis@ietf.org" , Gonzalo Camarillo , "hip-chairs@ietf.org" , "hipsec@ietf.org" Thread-Topic: Benjamin Kaduk's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) Thread-Index: AQHT59h7Egh8TLlRj0mcO81NKjZ7x6WgyxQA Date: Fri, 4 Jan 2019 16:49:00 +0000 Message-ID: <255322ac-0d8f-3e2c-3e9b-adaba14b7f77@ericsson.com> References: <152589950593.3860.2313922344171073216.idtracker@ietfa.amsl.com> In-Reply-To: <152589950593.3860.2313922344171073216.idtracker@ietfa.amsl.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0701CA0060.eurprd07.prod.outlook.com (2603:10a6:3:9e::28) To VI1PR0701MB2957.eurprd07.prod.outlook.com (2603:10a6:800:87::7) authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1PR0701MB2686; 6:vM2iMf1AVT07bf0bycgNa1IvGClXyuU5J5E/u2uGUmpKSZUPYVNjGV46DmX+VMhei+VDsPsNiWvKXxYsDAEn8gD8xgqA3hef0y54cqizEKGRUR1P1NpOBQ4hzcwmHzPZDInNWEF4amVfkbYt47rm6pEQOU5k3Y3pVy0j17ciXCJre+t8R0zLy94VkL22x7U8TAaHHeJXEp7WnGqY93qoppJQBnpOTfnawADHOaTHCKX1Kmk847j1uP+vwtuRavSwCJ4pZIf1C26v2T7ETthL+G6hVmHTLj6JI98IMBoR3TWB44vtuD1REYyQplZhYjsAoIFhPAqfmr2GeN3+rSAKcr/jTiQzhRz2FTPdoZ2Q2SO+sC0YmraxBqu72y1sgHYwXoktxevtMepzJ6iSJhED0v6FAwtKfTtxiH+QIcvcUazvfNTDOt4cl0lKI1WGg8ht+0bExkuKLbixbfj/8HCGmQ==; 5:+jGUwQkZ8bum9oHL7RSGdF+AB4wCflQpN/2dKTqKYenuk8v6g8GEYs3ojY4elRFZifS2GMT/uhEi7zh9gghFjX0Q8ErybYFgkgn8uZ6uXdzA49qyD3P7kdQaPPaHYejcZBJVByqg8l1q5QMgGxPlKeAxrlwJhBybkXdewSS2K0RcMXsmN8kPBLS6jCkDAFn4b0nJNwRzrKXpyYFlXbfcKA==; 7:LbWnEDQhkQFz6h5H3bsSKWjzVeq1PP1Wx44ao0ki5vuDIzJTggkGuplZk9S0r9Wm7I3RDwIxnG+2wAvuiTAtdahYOhX9oVxYstZiazKvpO99d3O2nfDxMGZpEIaGKR/7YS/kJgglwkgLf8IgJzVlLg== x-ms-office365-filtering-correlation-id: d89613ad-b553-4cb8-d60b-08d6726486fd x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(7193020); SRVR:VI1PR0701MB2686; x-ms-traffictypediagnostic: VI1PR0701MB2686: x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(93006095)(93001095)(3231475)(944501520)(52105112)(10201501046)(3002001)(6041310)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:VI1PR0701MB2686; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0701MB2686; x-forefront-prvs: 0907F58A24 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(376002)(39860400002)(366004)(396003)(346002)(51444003)(199004)(189003)(52116002)(76176011)(3846002)(14454004)(86362001)(44832011)(81156014)(31696002)(7736002)(4326008)(26005)(97736004)(386003)(53936002)(6116002)(53546011)(2906002)(81166006)(186003)(102836004)(305945005)(25786009)(8936002)(966005)(6506007)(478600001)(68736007)(36756003)(66066001)(8676002)(105586002)(14444005)(99286004)(106356001)(256004)(229853002)(54906003)(31686004)(6436002)(476003)(2616005)(11346002)(316002)(6486002)(71200400001)(5660300001)(486006)(446003)(6246003)(6512007)(71190400001)(6306002)(2171002)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2686; H:VI1PR0701MB2957.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: RVavzxP7H3XKRfBYiV2PQHri0u3ZaxwZS5gsOO+y4yJDzAMGpPWJHl4llso0XugyuO0lZjC4ZcYnSCYWxAuQiUK5CXyfELTLjRP2nPnqSlPnCYPTYgv3qNGkzX2Vx0Ox1K8T2iseHTAncGpCSYjb4EotZN5T5eNp4pFeodJ57b+N8iEAlN9Rw1wRardd7qbrl1UfuIfSVqlPbGRdX5Clm2+0JaGj9fbUWgNS+DeIWvOZHk9Wr5Mve2UuOUcYBVrictz7ojw6YXPIu5RSFMiedl4fNCIPNAjeTruHP/WGqt5W8wCTpyjNEE8KmE/PA5LW spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <04646995BBE6B2478ED870BA857545B2@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: d89613ad-b553-4cb8-d60b-08d6726486fd X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jan 2019 16:49:00.3179 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2686 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRzGe8/Z2Y7TwetU/KeJuERQ09kSmWYX64tFRvQpzEsrD240p52j lqEhXlBcXtIWbl5mXqiUEE0yRT/MVIiSTDPRZiEZolikGJmatu0Y9O33vzzP+7wvL01Kmykv WqPLZFidSisTigXGS703Q+5UyBPCHhSHKOeGG0XK4eIykdLQXEMqa7fvkcpHXUbiJBXb2vqb iC14M0JeIOLF0SmMVpPNsPLjV8Tq0pIOYUaT9lbbxC7KRwOaMuREAw6HdWuD0M5SPIzg6cyR MiS28U8Emz2fRXzRQkD98g5hLwS4ioRxy0PETwwEFN6dJPniK4LpkTnKbibEQdBunSbt7I6j oWVu0LFE4o8IustrBPaBG06EOjMvcMdJYLBuIZ4VYC23iuwswP7QW2Rx7EjwCRh/vYH4tOfg 126no++E42Bqcs3BCPvAk2c7joNJ7AmzC2aCvymG1oG3JM8esPRlh7IHAlyLoG9tVsSL40G/ XCnglw7B2PQC4tkPxr7P7xn5wIRZj3hxkQiMw5t7gjio3F3Zc51AsP28n/rntNBgFfKcDu9W 5/diTJHQaBFXIYXpv7QmRNs4EDr75Xw7Fso/zFE8+8F9/bzI5HgMV3hlXBA0IaodeXAMdzUt VaEIZVjNNY5L14XqmMxuZPs5lp6tsBdoaTFmCGEayVwkfwrkCVJKlc3lpA0hoEmZu0RF2FqS FFXObYZNT2aztAw3hLxpgcxTsi11TZDiVFUmc51hMhj235SgnbzyUUaysZrbZ6rJZ5ryfEdz 3STVVID3480zhbRzUslqTl8crcw1r+bf2Eg8GsFFeekrM192BLrMjAabepoGQ1g/a5vpVNZQ aVudekMU43vAsMEstnZ9shw8a4g0hEd+Y7ecz//oDYg6HXHx2PLKWn2xej1iv/ny+2D/TX16 XkWeRibg1KrDQSTLqf4C+s1P3zUDAAA= Archived-At: Subject: Re: [Hipsec] Benjamin Kaduk's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jan 2019 16:49:11 -0000 SGkgQmVuamFtaW4sDQoNCk9uIDUvOS8xOCAyMzo1OCwgQmVuamFtaW4gS2FkdWsgd3JvdGU6DQo+ IEJlbmphbWluIEthZHVrIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0aW9u IGZvcg0KPiBkcmFmdC1pZXRmLWhpcC1yZmM0NDIzLWJpcy0xOTogTm8gT2JqZWN0aW9uDQo+IA0K PiBXaGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFu ZCByZXBseSB0byBhbGwNCj4gZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQg Q0MgbGluZXMuIChGZWVsIGZyZWUgdG8gY3V0IHRoaXMNCj4gaW50cm9kdWN0b3J5IHBhcmFncmFw aCwgaG93ZXZlci4pDQo+IA0KPiANCj4gUGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8vd3d3LmlldGYu b3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbA0KPiBmb3IgbW9yZSBpbmZv cm1hdGlvbiBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLg0KPiANCj4g DQo+IFRoZSBkb2N1bWVudCwgYWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4g YmUgZm91bmQgaGVyZToNCj4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQt aWV0Zi1oaXAtcmZjNDQyMy1iaXMvDQo+IA0KPiANCj4gDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gQ09N TUVOVDoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiANCj4gSSBzaGFyZSBFcmljJ3MgY29uY2VybnMgYWJv dXQgdGhlIG5lZWQgZm9yDQo+IHNlY29uZC1wcmVpbWFnZS1yZXNpc3RhbmNlIGZyb20gdGhlIGhh c2gsIGFuZCBpbiBwYXJ0aWN1bGFyIHdpdGggdGhlDQo+IGJpcnRoZGF5IGJvdW5kLCBpdCdzIHVu Y2xlYXIgdGhhdCB1c2luZyBhIDEyOC1iaXQgaGFzaCBsZWF2ZXMgYSB2ZXJ5DQo+IGxhcmdlIG1h cmdpbiBmb3IgZ3Jvd3RoLg0KDQp3ZSdsbCBhZGRyZXNzIHRoZSBjb21tZW50cyBpbiBhIHJlc3Bv bnNlIHRvIEVyaWMncyBvcmlnaW5hbCBlbWFpbC4NCg0KPiBTb21lIG90aGVyIHNlY3Rpb24tYnkt c2VjdGlvbiBub3RlcyBmb2xsb3cuDQo+IA0KPiBTZWN0aW9uIDENCj4gDQo+ICAgICBbLi4uXSBI SVAgcHJvdmlkZXMgZm9yIGxpbWl0ZWQgZm9ybXMgb2YgdHJ1c3QgYmV0d2VlbiBzeXN0ZW1zLA0K PiAgICAgZW5oYW5jZSBtb2JpbGl0eSwgbXVsdGktaG9taW5nIGFuZCBkeW5hbWljIElQIHJlbnVt YmVyaW5nLCBhaWQgaW4NCj4gICAgIHByb3RvY29sIHRyYW5zbGF0aW9uIC8gdHJhbnNpdGlvbiwg YW5kIHJlZHVjZSBjZXJ0YWluIHR5cGVzIG9mDQo+ICAgICBkZW5pYWwtb2Ytc2VydmljZSAoRG9T KSBhdHRhY2tzLg0KPiANCj4gSSB0aGluayB0aGF0IHNvbWV0aGluZyBpcyB3ZWlyZCBoZXJlIHdp dGggc2luZ3VsYXIgdnMuIHBsdXJhbCBpbiB0aGUNCj4gbGlzdCBlbGVtZW50cy4NCg0KQWRkaW5n IC1zIGluIHRoZSBlbmQgb2YgdGhlIHZlcmJzIChlbmhhbmNlcyAvIGFpZHMgLyByZWR1Y2VzKSBw cm9iYWJseSANCmZpeGVzIHRoZSBpc3N1ZSB5b3UgbWVudGlvbmVkPw0KDQo+IFNlY3Rpb24gNA0K PiANCj4gSSBhZ3JlZSB3aXRoIHRoZSBzZWNkaXIgcmV2aWV3ZXIncyBub3QgYWJvdXQgIlNIT1VM RCBOT1QgW2ltcGxlbWVudA0KPiBub24tY3J5cHRvZ3JhcGhpYyBISVBdIg0KDQpUaGUgdGV4dCBo YXMgY2hhbmdlZCBhIGJpdCBkdXJpbmcgdGhlIHJldmlld3MsIGJ1dCBJIGNoYW5nZWQgdGhlIHdv cmRpbmcgDQp0byB1cHBlcmNhc2Ugbm93Og0KDQpJbiB0aGlzIGRvY3VtZW50LCBzb21lIG5vbi1j cnlwdG9ncmFwaGljIGZvcm1zIG9mIEhJIGFuZCBISVAgYXJlIA0KcmVmZXJlbmNlZCwgYnV0IGNy eXB0b2dyYXBoaWMgZm9ybXMgU0hPVUxEIGJlIHByZWZlcnJlZCBiZWNhdXNlIHRoZXkgYXJlIA0K bW9yZSBzZWN1cmUgdGhhbiB0aGVpciBub24tY3J5cHRvZ3JhcGhpYyBjb3VudGVycGFydHMuDQoN CihCdHcsIHRoZSB0eXBlIG9mIGRyYWZ0IGlzICJpbmZvcm1hbCIgc28gSSBhbSBub3Qgc3VyZSBo b3cgbXVjaCBtYW5kYXRlIA0KdGhpcyBoYXMsIGJ1dCBjaGFuZ2VkIG5ldmVydGhlbGVzcykNCg0K PiBTZWN0aW9uIDUuMQ0KPiANCj4gICAgIEF0IHRoZSBjbGllbnQgc2lkZSwgYSBob3N0IG1heSBo YXZlIG11bHRpcGxlIEhvc3QgSWRlbnRpdGllcywgZm9yDQo+ICAgICBpbnN0YW5jZSwgZm9yIHBy aXZhY3kgcHVycG9zZXMuICBBbm90aGVyIHJlYXNvbiBjYW4gYmUgdGhhdCB0aGUNCj4gICAgIHBl cnNvbiB1dGlsaXppbmcgdGhlIGhvc3QgZW1wbG95cyBkaWZmZXJlbnQgaWRlbnRpdGllcyBmb3Ig ZGlmZmVyZW50DQo+ICAgICBhZG1pbmlzdHJhdGl2ZSBkb21haW5zIGFzIGFuIGV4dHJhIHNlY3Vy aXR5IG1lYXN1cmUuICBJZiBhIEhJUC1hd2FyZQ0KPiAgICAgbWlkZGxlYm94LCBzdWNoIGFzIGEg SElQLWJhc2VkIGZpcmV3YWxsLCBpcyBvbiB0aGUgcGF0aCBiZXR3ZWVuIHRoZQ0KPiAgICAgY2xp ZW50IGFuZCBzZXJ2ZXIsIHRoZSB1c2VyIG9yIHRoZSB1bmRlcmx5aW5nIHN5c3RlbSBzaG91bGQg Y2FyZWZ1bGx5DQo+ICAgICBjaG9vc2UgdGhlIGNvcnJlY3QgaWRlbnRpdHkgdG8gYXZvaWQgdGhl IGZpcmV3YWxsIHRvIHVubmVjZXNzYXJpbHkNCj4gICAgIGRyb3AgSElQLWJhc2VkIGNvbm5lY3Rp dml0eSBba29tdS1kaXNzXS4NCj4gDQo+IEluIGFkZGl0aW9uIHRvIHRoZSBmaXJld2FsbCBjYXNl LCBjaG9vc2luZyB0aGUgY29ycmVjdCBpZGVudGlmaWVyDQo+IGNhbiBhbHNvIGltcGFjdCB0aGUg cHJpdmFjeSBjb25zaWRlcmF0aW9ucywgYXMgYSBnaXZlbiBpZGVudGlmaWVyDQo+IHdvdWxkIGJl IHRyYWNrYWJsZSBieSBvbi1wYXRoIGVudGl0aWVzLg0KDQpzaG91bGQgSSBhZGQgc29tZXRoaW5n LCBJIHRoaW5rIHByaXZhY3kgaXMgbWVudGlvbmVkIGFscmVhZHkgb24gdGhlIA0KZmlyc3Qgc2Vu dGVuY2U/DQoNCj4gU2VjdGlvbiA2LjINCj4gDQo+ICAgICBXaGVuIGEgbm9kZSBtb3ZlcyB3aGls ZSBjb21tdW5pY2F0aW9uIGlzIGFscmVhZHkgb24tZ29pbmcsIGFkZHJlc3MNCj4gICAgIGNoYW5n ZXMgYXJlIHJhdGhlciBzdHJhaWdodGZvcndhcmQuICBUaGUgcGVlciBvZiB0aGUgbW9iaWxlIG5v ZGUgY2FuDQo+ICAgICBqdXN0IGFjY2VwdCBhIEhJUCBvciBhbiBpbnRlZ3JpdHkgcHJvdGVjdGVk IEVTUCBwYWNrZXQgZnJvbSBhbnkNCj4gICAgIGFkZHJlc3MgYW5kIGlnbm9yZSB0aGUgc291cmNl IGFkZHJlc3MuICBIb3dldmVyLCBhcyBkaXNjdXNzZWQgaW4NCj4gICAgIFNlY3Rpb24gMTIuMiBi ZWxvdywgYSBtb2JpbGUgbm9kZSBtdXN0IHNlbmQgYSBISVAgVVBEQVRFIHBhY2tldCB0bw0KPiAg ICAgaW5mb3JtIHRoZSBwZWVyIG9mIHRoZSBuZXcgYWRkcmVzcyhlcyksIGFuZCB0aGUgcGVlciBt dXN0IHZlcmlmeSB0aGF0DQo+ICAgICB0aGUgbW9iaWxlIG5vZGUgaXMgcmVhY2hhYmxlIHRocm91 Z2ggdGhlc2UgYWRkcmVzc2VzLg0KPiANCj4gQW0gSSByZWFkaW5nIHRoaXMgcmlnaHQgdGhhdCBm cm9tIGEgdGVjaG5pY2FsIHBlcnNwZWN0aXZlLCB0aGUgcGVlcg0KPiBjYW4ganVzdCBhY2NlcHQg c3R1ZmYgZnJvbSB3aGVyZXZlciwgYnV0IGZyb20gYSBwb2xpY3kvcHJvdG9jb2wNCj4gcGVyc3Bl Y3RpdmUgdGhlIFVQREFURSByZXF1aXJlbWVudCBpcyBpbmNsdWRlZD8gIFRoZSB0ZXh0IGNvdWxk DQo+IHByb2JhYmx5IGJlIGEgYml0IG1vcmUgY2xlYXIsIHBvdGVudGlhbGx5IGV2ZW4gd2l0aG91 dCB1c2luZyBSRkMNCj4gMjExOSBsYW5ndWFnZS4NCg0KSSB3b3VsZCBzdWdnZXN0IHRoZSBmb2xs b3dpbmcgdG8gc2ltcGxpZnkgdGhlIHRleHQgYSBiaXQ6DQoNCiAgICBXaGVuIGEgbW9iaWxlIG5v ZGUgbW92ZXMgd2hpbGUgY29tbXVuaWNhdGlvbiBpcyBhbHJlYWR5IG9uLWdvaW5nLA0KICAgIGFk ZHJlc3MgY2hhbmdlcyBhcmUgcmF0aGVyIHN0cmFpZ2h0Zm9yd2FyZC4gIFRoZSBtb2JpbGUgbm9k ZSBzZW5kcyBhDQogICAgSElQIFVQREFURSBwYWNrZXQgdG8gaW5mb3JtIHRoZSBwZWVyIG9mIHRo ZSBuZXcgYWRkcmVzcyhlcyksIGFuZCB0aGUNCiAgICBwZWVyIHRoZW4gdmVyaWZpZXMgdGhhdCB0 aGUgbW9iaWxlIG5vZGUgaXMgcmVhY2hhYmxlIHRocm91Z2ggdGhlc2UNCiAgICBhZGRyZXNzZXMu ICBUaGlzIHdheSwgdGhlIHBlZXIgY2FuIGF2b2lkIGZsb29kaW5nIGF0dGFja3MgYXMgZnVydGhl cg0KICAgIGRpc2N1c3NlZCBpbiBTZWN0aW9uIDExLjIuDQoNCkRvZXMgdGhhdCB3b3JrIGZvciB5 b3U/DQoNCj4gU2VjdGlvbiAxMA0KPiANCj4gICAgIFRoZXJlIGFyZSBhIG51bWJlciBvZiB2YXJp YWJsZXMgdGhhdCBpbmZsdWVuY2UgdGhlIEhJUCBleGNoYW5nZSB0aGF0DQo+ICAgICBlYWNoIGhv c3QgbXVzdCBzdXBwb3J0LiAgQWxsIEhJUCBpbXBsZW1lbnRhdGlvbnMgc2hvdWxkIHN1cHBvcnQg YXQNCj4gICAgIGxlYXN0IDIgSElzLCBvbmUgdG8gcHVibGlzaCBpbiBETlMgb3Igc2ltaWxhciBk aXJlY3Rvcnkgc2VydmljZSBhbmQNCj4gICAgIGFuIHVucHVibGlzaGVkIG9uZSBmb3IgYW5vbnlt b3VzIHVzYWdlLiAgQWx0aG91Z2ggdW5wdWJsaXNoZWQgSElzDQo+IA0KPiBJIHN1Z2dlc3QgYSBw YXJlbnRoZXRpY2FsIHRoYXQgdGhlIHVucHVibGlzaGVkIG9uZSBzaG91bGQgZXhwZWN0IHRvDQo+ IGJlIHJvdGF0ZWQgZnJlcXVlbnRseSBpbiBvcmRlciB0byBkaXNydXB0IGxpbmthYmlsaXR5L3Ry YWNrYWJpbGl0eS4NCg0KYWRkZWQgc29tZSB0ZXh0IGluIHBhcmVudGhlc2lzOg0KDQouLi5vbmUg dG8gcHVibGlzaCBpbiBETlMgb3Igc2ltaWxhciBkaXJlY3Rvcnkgc2VydmljZSBhbmQgYW4gdW5w dWJsaXNoZWQgDQpvbmUgZm9yIGFub255bW91cyB1c2FnZSAodGhhdCBzaG91bGQgZXhwZWN0IHRv IGJlIHJvdGF0ZWQgZnJlcXVlbnRseSBpbiANCm9yZGVyIHRvIGRpc3J1cHQgbGlua2FiaWxpdHkv dHJhY2thYmlsaXR5KS4NCg0KPiAgICAgd2lsbCBiZSByYXJlbHkgdXNlZCBhcyByZXNwb25kZXIg SElzLCB0aGV5IGFyZSBsaWtlbHkgdG8gYmUgY29tbW9uDQo+ICAgICBmb3IgaW5pdGlhdG9ycy4g IFN1cHBvcnQgZm9yIG11bHRpcGxlIEhJcyBpcyByZWNvbW1lbmRlZC4gIFsuLi5dDQo+IA0KPiBJ ZiBtdWx0aXBsZSBtZWFucyAibW9yZSB0aGFuIHR3byIsIGl0J3MgcHJvYmFibHkgYmV0dGVyIHRv IHNheSB0aGF0Lg0KPiAoSWYgbXVsdGlwbGUgbWVhbnMgIm1vcmUgdGhhbiBvbmUiLCB0aGlzIGlz IGp1c3QgYSB3ZWFrZXIgdmVyc2lvbiBvZg0KPiAic2hvdWxkIHN1cHBvcnQgYXQgbGVhc3QgMiIs IGFib3ZlLikgIEFuZCBpdCdzIHJhdGhlciB0ZW1wdGluZyB0bw0KPiBtYWtlIGl0IGEgTVVTVCwg YW55d2F5Lg0KDQpJIGRvdWJsZSBjaGVja2VkIHRoaXMgZnJvbSBSRkM3NDAxIGFuZCBJIHdvdWxk IGNoYW5nZSB0aGUgbGFzdCBzZW50ZW5jZSB0bzoNCg0KICAgIEFzIHN0YXRlZCBpbiBbUkZDNzQw MV0sICJhbGwNCiAgICBISVAgaW1wbGVtZW50YXRpb25zIE1VU1Qgc3VwcG9ydCBtb3JlIHRoYW4g b25lIHNpbXVsdGFuZW91cyBISSwgYXQNCiAgICBsZWFzdCBvbmUgb2Ygd2hpY2ggU0hPVUxEIGJl IHJlc2VydmVkIGZvciBhbm9ueW1vdXMgdXNhZ2UiLCBhbmQNCiAgICAic3VwcG9ydCBmb3IgbW9y ZSB0aGFuIHR3byBISXMgaXMgUkVDT01NRU5ERUQiLg0KDQo+ICAgICBNYW55IGluaXRpYXRvcnMg d291bGQgd2FudCB0byB1c2UgYSBkaWZmZXJlbnQgSEkgZm9yIGRpZmZlcmVudA0KPiAgICAgcmVz cG9uZGVycy4gIFRoZSBpbXBsZW1lbnRhdGlvbnMgc2hvdWxkIHByb3ZpZGUgZm9yIGEgcG9saWN5 IG1hcHBpbmcNCj4gICAgIG9mIGluaXRpYXRvciBISVRzIHRvIHJlc3BvbmRlciBISVRzLiAgVGhp cyBwb2xpY3kgc2hvdWxkIGFsc28gaW5jbHVkZQ0KPiAgICAgcHJlZmVycmVkIHRyYW5zZm9ybXMg YW5kIGxvY2FsIGxpZmV0aW1lcy4NCj4gDQo+ICJtYXBwaW5nIG9mIGluaXRpYXRvciB0byByZXNw b25kZXIiIGlzIHBvdGVudGlhbGx5IGNvbmZ1c2luZywgaW4NCj4gdGhhdCBpbiBwcmFjdGljZSB0 aGUgcHJvY2VkdXJlIHdpbGwgYmUgIkkgd2FudCB0byB0YWxrIHRvIHJlc3BvbmRlcg0KPiBBLCBz byBsZXQgbWUgbG9vayB1cCB0aGF0IEkgdXNlIEhJVCBYIHRvIHRhbGsgdG8gcmVzcG9uZGVyIEEi LCB3aGljaA0KPiBpcyB0aGUgb3Bwb3NpdGUgZGlyZWN0aW9uIGZyb20gdGhpcyB0ZXh0Lg0KDQpH b29kIGNhdGNoLCB0aGlzIHdhcyB0ZXh0IHdhcyByZWZlcmVuY2luZyBvbGQgUkZDNTIwMSB0ZXh0 IHRoYXQgd2FzIA0KcmVwbGFjZWQgYnkgUkZDNzQwMS4gSSdkIGNoYW5nZSB0aGUgdGV4dCBhcyBm b2xsb3dzOg0KDQogICAgQXMgc3RhdGVkIGluIFtSRkM3NDAxXSwgIkluaXRpYXRvcnMgTUFZIHVz ZSBhIGRpZmZlcmVudCBISSBmb3INCiAgICBkaWZmZXJlbnQgUmVzcG9uZGVycyB0byBwcm92aWRl IGJhc2ljIHByaXZhY3kuICBXaGV0aGVyIHN1Y2ggcHJpdmF0ZQ0KICAgIEhJcyBhcmUgdXNlZCBy ZXBlYXRlZGx5IHdpdGggdGhlIHNhbWUgUmVzcG9uZGVyLCBhbmQgaG93IGxvbmcgdGhlc2UNCiAg ICBISXMgYXJlIHVzZWQsIGFyZSBkZWNpZGVkIGJ5IGxvY2FsIHBvbGljeSBhbmQgZGVwZW5kIG9u IHRoZSBwcml2YWN5DQogICAgcmVxdWlyZW1lbnRzIG9mIHRoZSBJbml0aWF0b3IiLg0KDQpTaW1p bGFybHksIEkgd291bGQgdXBkYXRlIGNoYW5nZSB0aGUgZm9sbG93aW5nIHBhcmFncmFwaCAod2l0 aCBzaW1pbGFybHkgDQpvdXRkYXRlZCB0ZXh0KToNCg0KIlJlc3BvbmRlcnMgd291bGQgbmVlZCBh IHNpbWlsYXIgcG9saWN5LCBkZXNjcmliaW5nIHRoZSBob3N0cyBhbGxvd2VkIHRvIA0KcGFydGlj aXBhdGUgaW4gSElQIGV4Y2hhbmdlcywgYW5kIHRoZSBwcmVmZXJyZWQgdHJhbnNmb3JtcyBhbmQg bG9jYWwgDQpsaWZldGltZXMuIg0KDQouLi5hcyBmb2xsb3dzOg0KDQogICAgQWNjb3JkaW5nIHRv IFtSRkM3NDAxXSwgIlJlc3BvbmRlcnMgdGhhdCBvbmx5IHJlc3BvbmQgdG8gc2VsZWN0ZWQNCiAg ICBJbml0aWF0b3JzIHJlcXVpcmUgYW4gQWNjZXNzIENvbnRyb2wgTGlzdCAoQUNMKSwgcmVwcmVz ZW50aW5nIGZvcg0KICAgIHdoaWNoIGhvc3RzIHRoZXkgYWNjZXB0IEhJUCBiYXNlIGV4Y2hhbmdl cywgYW5kIHRoZSBwcmVmZXJyZWQNCiAgICB0cmFuc3BvcnQgZm9ybWF0IGFuZCBsb2NhbCBsaWZl dGltZXMuICBXaWxkY2FyZGluZyBTSE9VTEQgYmUNCiAgICBzdXBwb3J0ZWQgZm9yIHN1Y2ggQUNM cywgYW5kIGFsc28gZm9yIFJlc3BvbmRlcnMgdGhhdCBvZmZlciBwdWJsaWMgb3INCiAgICBhbm9u eW1vdXMgc2VydmljZXMiLg0KDQpEb2VzIHRoaXMgd29yayBmb3IgeW91Pw0KDQo+IFNlY3Rpb24g MTEuMQ0KPiANCj4gSSdkIGNvbnNpZGVyIHJlcGxhY2luZyAiaXMgYW4gYXR0ZW1wdCB0byIgd2l0 aCAiYXR0ZW1wdHMgdG8iIC0tIGZvcg0KPiBleGFtcGxlLCBJUHY2IHRyaWVzIHRvIGRvIGEgbG90 IG9mIHRoaW5ncyBpbiBhZGRpdGlvbiB0byBraWxsaW5nDQo+IE5BVCENCg0Kb2ssIGNoYW5nZWQN Cg0KPiBTZWN0aW9uIDExLjMuMQ0KPiANCj4gICAgIFsuLi5dU2Vjb25kLCBhDQo+ICAgICBkYXRh IHBsYW5lIGNvbXBvbmVudCBpcyBuZWVkZWQuICBNb3N0IEhJUCBpbXBsZW1lbnRhdGlvbnMgdXRp bGl6ZSB0aGUNCj4gICAgIHNvIGNhbGxlZCBCRUVUIG1vZGUgb2YgRVNQIHRoYXQgaGFzIGJlZW4g YXZhaWxhYmxlIHNpbmNlIExpbnV4IGtlcm5lbA0KPiAgICAgMi42LjI3LCBidXQgaXMgaW5jbHVk ZWQgYWxzbyBhcyBhIHVzZXJzcGFjZSBjb21wb25lbnQgaW4gYSBmZXcgb2YgdGhlDQo+ICAgICBp bXBsZW1lbnRhdGlvbnMuDQo+IA0KPiBOaXQ6ICJidXQgRVNQIGlzIGluY2x1ZGVkIiwgSSB0aGlu ay4NCg0KSSBjaGFuZ2VkIHRvOg0KDQpNb3N0IEhJUCBpbXBsZW1lbnRhdGlvbnMgdXRpbGl6ZSB0 aGUgc28gY2FsbGVkIEJFRVQgbW9kZSBvZiBFU1AgdGhhdA0KaGFzIGJlZW4gYXZhaWxhYmxlIHNp bmNlIExpbnV4IGtlcm5lbCAyLjYuMjcsIGJ1dCB0aGUgQkVFVCBtb2RlIGlzIGFsc28NCmluY2x1 ZGVkIGFzIGEgdXNlcnNwYWNlIGNvbXBvbmVudCBpbiBhIGZldyBvZiB0aGUgaW1wbGVtZW50YXRp b25zLg0KDQo+IFNlY3Rpb24gMTIuMQ0KPiANCj4gSSBkb24ndCB1bmRlcnN0YW5kIHRoZSB1c2Fn ZSBvZiAiYS1wcmlvcmkiIGluOg0KPiAgICAgVGhlIG5lZWQgdG8gc3VwcG9ydCBtdWx0aXBsZSBo YXNoZXMgZm9yIGdlbmVyYXRpbmcgdGhlIEhJVCBmcm9tIHRoZQ0KPiAgICAgSEkgYWZmb3JkcyB0 aGUgTWl0TSB0byBtb3VudCBhIHBvdGVudGlhbGx5IHBvd2VyZnVsIGRvd25ncmFkZSBhdHRhY2sN Cj4gICAgIGR1ZSB0byB0aGUgYS1wcmlvcmkgbmVlZCBvZiB0aGUgSElUIGluIHRoZSBISVAgYmFz ZSBleGNoYW5nZS4NCg0KSSBhZ3JlZSB0aGF0IHRoaXMgaXMgYSBiaXQgY29uZnVzaW5nLiBJIHdv dWxkIHNpbXBsaWZ5IChhbmQgZ2VuZXJhbGl6ZSkgDQp0aGlzIHRleHQgYXMgZm9sbG93czoNCg0K QSBNaXRNIGF0dGFja2VyIGNvdWxkIHRyeSB0byByZXBsYXkgb2xkZXIgSTEgb3IgUjEgbWVzc2Fn ZXMgdXNpbmcgd2Vha2VyIA0KY3J5cHRvZ3JhcGhpYyBhbGdvcml0aG1zIGFzIGRlc2NyaWJlZCBp biBzZWN0aW9uIDQuMS40IGluIFJGQzc0MDEuDQoNCkhvdyBkb2VzIHRoaXMgc291bmQ/DQoNCj4g ICAgIEluIEhJUCwgdGhlIFNlY3VyaXR5IEFzc29jaWF0aW9uIGZvciBFU1AgaXMgaW5kZXhlZCBi eSB0aGUgU1BJOyB0aGUNCj4gICAgIHNvdXJjZSBhZGRyZXNzIGlzIGFsd2F5cyBpZ25vcmVkLCBh bmQgdGhlIGRlc3RpbmF0aW9uIGFkZHJlc3MgbWF5IGJlDQo+ICAgICBpZ25vcmVkIGFzIHdlbGwu ICBUaGVyZWZvcmUsIEhJUC1lbmFibGVkIEVuY2Fwc3VsYXRlZCBTZWN1cml0eQ0KPiAgICAgUGF5 bG9hZCAoRVNQKSBpcyBJUCBhZGRyZXNzIGluZGVwZW5kZW50LiAgVGhpcyBtaWdodCBzZWVtIHRv IG1ha2UNCj4gICAgIGF0dGFja2luZyBlYXNpZXIsIGJ1dCBFU1Agd2l0aCByZXBsYXkgcHJvdGVj dGlvbiBpcyBhbHJlYWR5IGFzIHdlbGwNCj4gICAgIHByb3RlY3RlZCBhcyBwb3NzaWJsZSwgYW5k IHRoZSByZW1vdmFsIG9mIHRoZSBJUCBhZGRyZXNzIGFzIGEgY2hlY2sNCj4gICAgIHNob3VsZCBu b3QgaW5jcmVhc2UgdGhlIGV4cG9zdXJlIG9mIEVTUCB0byBEb1MgYXR0YWNrcy4NCj4gDQo+IEl0 IHNlZW1zIGxpa2UgdGhlcmUncyBzdGlsbCBzb21lIHBvdGVudGlhbCBpbmNyYXNlZCBleHBvc3Vy ZSwgYXMNCj4gdmFsaWRhdGluZyB0aGUgRVNQIGNyeXB0byBpcyBwcmVzdW1hYmx5IG1vcmUgZXhw ZW5zaXZlIHRoYW4NCj4gdmFsaWRhdGluZyBzb3VyY2UvZGVzdGluYXRpb24gSVAgYWRkcmVzc2Vz Lg0KDQp0aGUgZGVzdGluYXRpb24gYWRkcmVzcyBjYW4gYmUgaWdub3JlZCBvciBpbmNsdWRlZCB0 aGUgY2hlY2tzLCB0aGlzIGlzIA0KYW4gaW1wbGVtZW50YXRpb24gaXNzdWUgYXMgaW5kaWNhdGVk IGJ5IHRoZSBFU1AgUkZDOg0KDQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNDMwMyNz ZWN0aW9uLTIuMQ0KDQpXb3VsZCBjaGFuZ2luZyB0aGUgIm1heSIgdG8gIk1BWSIgZml4IHlvdXIg Y29uY2VybiAobm90aW5nIHRoYXQgdGhpcyANCmRyYWZ0IGlzIHN0aWxsIG9mIGluZm9ybWFsIHR5 cGUpPw0KDQo+IFNlY3Rpb24gMTIuMw0KPiANCj4gICAgIFsuLi5dIEF0IG1pZGRsZWJveGVzLCBI SVAtYXdhcmUNCj4gICAgIGZpcmV3YWxscyBbbGluZHF2aXN0LWVudGVycHJpc2VdIGNhbiB1c2Ug SElUcyBvciBwdWJsaWMga2V5cyB0bw0KPiAgICAgY29udHJvbCBib3RoIGluZ3Jlc3MgYW5kIGVn cmVzcyBhY2Nlc3MgdG8gbmV0d29ya3Mgb3IgaW5kaXZpZHVhbA0KPiAgICAgaG9zdHMsIGV2ZW4g aW4gdGhlIHByZXNlbmNlIG9mIG1vYmlsZSBkZXZpY2VzIGJlY2F1c2UgdGhlIEhJVHMgYW5kDQo+ ICAgICBwdWJsaWMga2V5cyBhcmUgdG9wb2xvZ2ljYWxseSBpbmRlcGVuZGVudC4gWy4uLl0NCj4g DQo+IE5pdDogSSB0aGluayB0aGF0IGp1c3QgInRvcG9sb2d5IGluZGVwZW5kZW50IiBpcyB3aGF0 J3MgaW50ZW5kZWQuDQoNCmNoYW5nZWQsIHRoYW5rcyENCg== From nobody Sat Jan 5 17:08:15 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54C92130E5F; Sat, 5 Jan 2019 17:08:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UfGs6bPK4RIk; Sat, 5 Jan 2019 17:08:11 -0800 (PST) Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-eopbgr730124.outbound.protection.outlook.com [40.107.73.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C555130DD7; Sat, 5 Jan 2019 17:08:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OgjYr9Cl+X03ZyTBZRFeiPIrtI18kHvS5NXMoa0QjoQ=; b=D5GmX+JqLVTIkdEItHUQ6BkHHo+J8zJ4pKDT05GqLmbYRH+30bUVkP+6vkSZT0/5/6lOLBQ3cKFmTu8nD1ylI8QyT3UA/fpVSyQ/5HFwe1jb3XuydCF4Qapb4srYI0C3BzTus1+oosq7/wHEeKNlPSU5qPID5mBOPIdghn95oTo= Received: from SN6PR0102CA0028.prod.exchangelabs.com (2603:10b6:805:1::41) by DM6PR01MB5530.prod.exchangelabs.com (2603:10b6:5:153::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1495.6; Sun, 6 Jan 2019 01:08:07 +0000 Received: from CO1NAM03FT055.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::204) by SN6PR0102CA0028.outlook.office365.com (2603:10b6:805:1::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1495.6 via Frontend Transport; Sun, 6 Jan 2019 01:08:07 +0000 Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu; Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu; Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT055.mail.protection.outlook.com (10.152.81.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Sun, 6 Jan 2019 01:08:06 +0000 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x06183ZB012011 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 5 Jan 2019 20:08:05 -0500 Date: Sat, 5 Jan 2019 19:08:03 -0600 From: Benjamin Kaduk To: Miika Komu CC: The IESG , "draft-ietf-hip-rfc4423-bis@ietf.org" , Gonzalo Camarillo , "hip-chairs@ietf.org" , "hipsec@ietf.org" Message-ID: <20190106010802.GG28515@kduck.kaduk.org> References: <152589950593.3860.2313922344171073216.idtracker@ietfa.amsl.com> <255322ac-0d8f-3e2c-3e9b-adaba14b7f77@ericsson.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <255322ac-0d8f-3e2c-3e9b-adaba14b7f77@ericsson.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(136003)(376002)(396003)(39860400002)(2980300002)(51444003)(189003)(199004)(8936002)(97756001)(104016004)(47776003)(186003)(6916009)(305945005)(336012)(446003)(956004)(11346002)(8676002)(26005)(426003)(53546011)(246002)(106466001)(53416004)(50466002)(5660300001)(76176011)(7696005)(4326008)(14444005)(229853002)(26826003)(46406003)(1076003)(966005)(478600001)(88552002)(75432002)(2906002)(486006)(4744004)(6306002)(55016002)(126002)(476003)(9686003)(6246003)(356004)(106002)(58126008)(16586007)(86362001)(54906003)(23726003)(36906005)(786003)(316002)(33656002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR01MB5530; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1; X-Microsoft-Exchange-Diagnostics: 1; CO1NAM03FT055; 1:cPd2fY0cOf+mGzZP9ViYJkpUHn25X9nqaMUgKsFrjGlyfqg/pTiC+BRWMTqQ+kdUReJa7g8xR54/o/ElTw1CLbRIY1hbIUbB4h7VacxqsZER/vMJZA8LiAKDnqRue3sG X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0df5a70d-fb04-4c88-1041-08d673736afe X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4608076)(4709027)(2017052603328)(7153060); SRVR:DM6PR01MB5530; X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB5530; 3:qR35GkaxzJt1KmH3C1pcCsIZE9J9hPQd9b99u770/krkR9rKXfjOyCkj6ajVr5k07fDaumica2X3hD9GLAdfFjI7VAxy0qjF38Vrl3gasGqs6yqVeCTOoOp7hsfzCSd2EwBmc7uQqsbHG04DaiUnGxwmyd4oURqY8fAI1Yrg9SQZrMNyMETvurXewlW3DfvwO+7r9eNXDgUMK0YwehP9itJZ/Jm0MwnU98d3V7EAby4uJZOdL5AEZ1tV5IAER6PNTbsuq/CeCQEloAp8VdO9CwK6Ex1JmABGADj9MWeYF5Jap/hWt1pL+vYRcVfcl2NELON1/6yl/0pgDFMsbdU3eYmK84BZaLgNMr4gz0hwyC1hXw0tvOw4iK76ABxgyRpe; 25:tFwr2bOQz/XidC+XGONfSiOd5p2lo8Lo61vU3d5ygycU4JJkRlZ8v73EY013hihjB+mVx0jIIthANIzAtC191KjiPs/cJcsa9Iy3hnKHQgjyU2OdA43Gm7a8hzJhSXjjSc0RE7QmTJCTD1NmidHC0e9lvbKybweedycxtL8zvtlx7BYG8yPqsfIU37YEhnwWh/hMsgXABA6LkoOHJV8nn4cRu9OJhIBQLqFcJvF0o2toGF3mqYLY1Sqs8KSrTohKLBwvOKdYncZZPYXH2EUJSV/Ks1eW3adIGUs5fWXwrFB1RTfBL6lviDh/dP2kW6Si8o+G7571hnkQsYTYKj93HQ== X-MS-TrafficTypeDiagnostic: DM6PR01MB5530: X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB5530; 31:1lxEtNHNSqcEg/bW16e9Klh4PvhZbK8uhMfKEGdySSrGOLKuOc3LoyRhCeG1x+OpgmdjYOQHnnxErl4kjDu+SLZbHDji8+E8N4YTXJknx0oEWPzOuVKtOHPtOaGi8+rAO7ZhnCgKDStvCM18L7OJ3WmMusRdG7GnWDDf0B6UOchD8hLjrYUJ8cljLtFM6EGt8t7o0vYES96CpYpJYMyZsSpZs7O/jTNMV1qjd16Bwsg=; 20:mJrozk9kEzXDAogJVqvUtHFirpiF98TvlNXt/NYkVVB53+U/W6RE1PbA4VFT54cZZ7rEkTthoR2PsJua+4OutWYZyGxYzPNEPTe9646WyE+ZM4O3p0YutGSJdbj/r3eZT9hgfHtidfdd9IrVpQm6jlP4FPC1NFkdejHpz4qiUDOD72/8WdznlISxF9e9EDTn0Z8BR3wlDm1S6U82JNUzvtxvvjTeJHBKTGnzYBJnyJ1Ty0aQX9vTqbEs8U261xmOnn2Vuh+TMXIEBc91wsemf/ez71XSKqz9bB1cAoRooqVzGvtubaKvw/kRtw1fzP7d9Xmty+b+CH2N3GeYoPdqVeEEbmYEyhzfN3VEFneRXwi7bPitBhOacUXkRndEjxQ6RxVlTHItaRICFYfE21eEyceiqXtpgQjNYB2zyrABrSdZGfbgiWVoWu3j3HW+y0Jl2nBnErScVwwh3yUakeIX/DIc+gr7boY5Cp+UfWMm4Nmhpc3AaUibL3/iR5BWJHlg X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(3002001)(93006095)(93004095)(3231475)(944501520)(52105112)(6041310)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(201702281529075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:DM6PR01MB5530; BCL:0; PCL:0; RULEID:; SRVR:DM6PR01MB5530; X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB5530; 4:mQASoy5bxk3iwCw0VDMBX/AUZKcGaFprZ+bF4tOS+7mfkBtNW1c0ftcMizAxGpSUG2EjOXPIsnTDEIy14dOmguk5cUy6/M8mTa0Lr5nycofjt7dWlEsves8Q7ME9ArNdLPWAov0nZbO5t+PYKe2YWczYXSNa6D5aMkBZPXqAu29t3+JjjGdgpoJj0dL2aO4ArjKvnOqmnGacQsaw25L1P74hzsF3Q0QORt9IdSbcoKSyF4FV8Sg3gToUgWNLfpvn78xzgwJqSX/+M5zyihSSWZQCw8zg0A70QfsrRKynu9W+UhPWL3tG1xhGfn+Lk4Mu X-Forefront-PRVS: 09090B6B69 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM6PR01MB5530; 23:vq8AoOKyvMxUMW5yPVVjhSl92bexK1JmtX9bLgtfK?= =?us-ascii?Q?5KbZfKBBXg3Zr22+jT+2m6WuH15xauQdCwhTFUgUlnb6dVb9memCPAjHhmB/?= =?us-ascii?Q?M3XzFugVr3rDPK523wUvX4H17MYuaShYAobxmpHrdCeVgWdJofMdEeqLhRp5?= =?us-ascii?Q?+HK/B+ljUA+5CvhoaLn5iQ9TJtnD/RFdxCr7PJy9o5JJAilJAabg61ALoAng?= =?us-ascii?Q?lK0Dqfl13H+og4HPfTqoj/7odtfONtbtEi5h6OLiUiZX42p2rCp6G6QBlmWi?= =?us-ascii?Q?r3GtyXbPeXBnm4Z1t0dcfURnxwWPrjk6Piyc2F+JHWOCvjSeG4G8+MwHNp/d?= =?us-ascii?Q?vtaKSKDIbEF9StE2yZwy1QHlqIpBt/Bn+aqVEo3bwJx6jZFZSEsQG/y8h3JM?= =?us-ascii?Q?2UeUenV/e3TrU/vP6aHHIpHVcbU737DXQX3UPwNFVOjVOinWxLCTJSMRd/GJ?= =?us-ascii?Q?0LtO5lMY53/yIdrpoSBmNFk+FWuwzcc4TTh+MWQ/z2EPJ2qxv49wncU9jL6y?= =?us-ascii?Q?o5fgKClZleo9Rjg67PSX14AE1wY+PYEHcrQVy1jxQINZ+wRNCR0sCwC6MplH?= =?us-ascii?Q?W+tTLTXXEDey/078Gxzk4m5KDrDHifKu2e1Ut1yNdXmKWUJ5TihCt5SN7zwX?= =?us-ascii?Q?LceGQ6pVhbx9urorKnJgdFRmiYqcu1yDKjfbdKHx+BiICu3rOxIpcZVBhV3U?= =?us-ascii?Q?hUz5OBqvsV3pmT6R3v6fgPYR1ZUqmSdEiBQ34TeN6/BgZcSCPJ8fXk/Tj3aD?= =?us-ascii?Q?yA1L3FkZ1yyDIN/jgOGB7VYmJx0DxdvjtWTVDDuav6WqlJFrff5tPZozOj9+?= =?us-ascii?Q?0ZfAyhcKBS2orjZDSvfBojuLlQ8q/HUdEDR7AE1mqjKo/N9umuNGisT8s5BJ?= =?us-ascii?Q?xe+qSOzSZBjs+hF9bV5YpEX3qSeRaZnyTngjtQJN2SGrHCAY5pnqTLkCqDcR?= =?us-ascii?Q?ETxwi2q8TpVms2cuMLFxLSGtOSj51looXGeNs6y2+8MXcKC39396uWLukgqI?= =?us-ascii?Q?ofVdl8jRLGoDOQ/TiKMQHZHMK0jLlmlCinwUDdkGVbZPfYdc8/MoeW6gDjEb?= =?us-ascii?Q?e7pr8HL64xEvsGeupxm6aF+e8fZiEDRa3YkkaQbNzAlb1paTua0SkRRU6YLa?= =?us-ascii?Q?sopsr5H/EdRxYEHXdJwXNoQOKYgUiSomykOFk5zkydmWP/Q/8DQrU6A2PWLi?= =?us-ascii?Q?XGLZGz4eJUs9NdO7k2lapKLPLPOhR5CA6t58ftG0mYVnSm/Jv8wMGrWGJupx?= =?us-ascii?Q?YJvt2+Tx4ZGbfzf/RuN2aPpvt+u89M8pzU2UBRWgVAbejOUsZmsg9z2WrIkt?= =?us-ascii?Q?pTkAm/dOutJXmmkja6JTN8D1/5iNZh3kKrmAehxBxuP?= X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: ptaUFxXMr64ip76a3+v1WBdzxlkTdip/e3vzliMaF/FpMGaC/1Yg5uJOTbYe1y/9syK4G7Lf5+UcKUTxYo3z/a6k/2h5/jH+XKFyvXxSeCUwpXzugoNEgae+Loj1iFoqzv0joA6JLo9OzXrBFWEV5Ti5a9fsEgJf3JMeQ5ksqT5sQH59jNnX1lweRFmgHidNdcflxOtZH4sq6vav31+DpVdVY9danFR/ReFbTCMN7H9eArtvnMzPsrMtlEene04D33v6828iBZLPKC+9EJ/diu1ix7CErY3EwcI2HeiBcyQzEjE0GAQCTPEBo5a2tHNL X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB5530; 6:vkjQyq70z0Bc6HpgQYTheukjfbJfCIrhBXi05UrxLllMTeaZ34fqX/SHhdtUxHMSwQtLKNASULSzhInN7e/xcQy6DANla88tvoRftDR5G0c1GJt3wEtOPdDiRgxEWGRdYB2LZ326NTIMfs4HNgsRZfBK1sfkDS8jHT+jVehGME66Ngyl+s53PtS9pmKz5kU3yytFBg+be+geiMHIe/cnvqZEiZ7Y1Kxlp+YU0rhv364q6bpJavBHaqnNYbjX9IeGPgzuEr4Z0WjID7Qhtbp9P8oR0j8Nl7ZFaFGd3U627KZXpM4avJ5BPXa8hJMU55Z0cdvkGzerO5vApI8dzVDoRJfwTwxvobflxQio3PUt4sE0A79g5ws3iKfy0dULEJF/hPY8w7oJ4e81Jeyh6dbxhmBlrahptbD6ZDFokLJdkUfQ6drBaopb5fgwJpjoI2v1HzqoqFrGH2C1DbMDzDeFSA==; 5:Uo2HYcEQ4hoH1eFz54TjWWruEfQIYxSTdvuIvNNob7h1m4AnvBbUiWN2zAMGeB9+QbmJAEa1y+tsIOESsnsID8sDHLH5YwYOCpD9zgxvZKWjibjVo+sPtWws32HibK3ZrChiXwiSUSvEt/kvVr9bLUEp/gMS3o1l2sg4OvXmqL677azkOi5CAY1AGByJ0SmJ3op+h2SPrivDVSPVt+Qmtw==; 7:/6MlAzhCKZLBxMapyAmZn2o1QCMY0hJY9XeNzX11NoL+EjYL+Y00iqwuuQ7HsGLkAu12r0EYFbOJyU54savhM/xBM+MDJonvHTUgyzcqoWoICsNyk322cHrHnQNudPxVYmAzWp8/VIFfSpRoDzlbHQ== SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2019 01:08:06.7972 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0df5a70d-fb04-4c88-1041-08d673736afe X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB5530 Archived-At: Subject: Re: [Hipsec] Benjamin Kaduk's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jan 2019 01:08:14 -0000 On Fri, Jan 04, 2019 at 04:49:00PM +0000, Miika Komu wrote: > Hi Benjamin, > > On 5/9/18 23:58, Benjamin Kaduk wrote: > > Benjamin Kaduk has entered the following ballot position for > > draft-ietf-hip-rfc4423-bis-19: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-hip-rfc4423-bis/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I share Eric's concerns about the need for > > second-preimage-resistance from the hash, and in particular with the > > birthday bound, it's unclear that using a 128-bit hash leaves a very > > large margin for growth. > > we'll address the comments in a response to Eric's original email. > > > Some other section-by-section notes follow. > > > > Section 1 > > > > [...] HIP provides for limited forms of trust between systems, > > enhance mobility, multi-homing and dynamic IP renumbering, aid in > > protocol translation / transition, and reduce certain types of > > denial-of-service (DoS) attacks. > > > > I think that something is weird here with singular vs. plural in the > > list elements. > > Adding -s in the end of the verbs (enhances / aids / reduces) probably > fixes the issue you mentioned? I think so, yes. > > Section 4 > > > > I agree with the secdir reviewer's not about "SHOULD NOT [implement > > non-cryptographic HIP]" > > The text has changed a bit during the reviews, but I changed the wording > to uppercase now: > > In this document, some non-cryptographic forms of HI and HIP are > referenced, but cryptographic forms SHOULD be preferred because they are > more secure than their non-cryptographic counterparts. > > (Btw, the type of draft is "informal" so I am not sure how much mandate > this has, but changed nevertheless) Thanks! > > Section 5.1 > > > > At the client side, a host may have multiple Host Identities, for > > instance, for privacy purposes. Another reason can be that the > > person utilizing the host employs different identities for different > > administrative domains as an extra security measure. If a HIP-aware > > middlebox, such as a HIP-based firewall, is on the path between the > > client and server, the user or the underlying system should carefully > > choose the correct identity to avoid the firewall to unnecessarily > > drop HIP-based connectivity [komu-diss]. > > > > In addition to the firewall case, choosing the correct identifier > > can also impact the privacy considerations, as a given identifier > > would be trackable by on-path entities. > > should I add something, I think privacy is mentioned already on the > first sentence? I don't have any concise suggestions for new text, so probably fine to just leave as-is. > > Section 6.2 > > > > When a node moves while communication is already on-going, address > > changes are rather straightforward. The peer of the mobile node can > > just accept a HIP or an integrity protected ESP packet from any > > address and ignore the source address. However, as discussed in > > Section 12.2 below, a mobile node must send a HIP UPDATE packet to > > inform the peer of the new address(es), and the peer must verify that > > the mobile node is reachable through these addresses. > > > > Am I reading this right that from a technical perspective, the peer > > can just accept stuff from wherever, but from a policy/protocol > > perspective the UPDATE requirement is included? The text could > > probably be a bit more clear, potentially even without using RFC > > 2119 language. > > I would suggest the following to simplify the text a bit: > > When a mobile node moves while communication is already on-going, > address changes are rather straightforward. The mobile node sends a > HIP UPDATE packet to inform the peer of the new address(es), and the > peer then verifies that the mobile node is reachable through these > addresses. This way, the peer can avoid flooding attacks as further > discussed in Section 11.2. > > Does that work for you? That is much easier to read, thanks. > > Section 10 > > > > There are a number of variables that influence the HIP exchange that > > each host must support. All HIP implementations should support at > > least 2 HIs, one to publish in DNS or similar directory service and > > an unpublished one for anonymous usage. Although unpublished HIs > > > > I suggest a parenthetical that the unpublished one should expect to > > be rotated frequently in order to disrupt linkability/trackability. > > added some text in parenthesis: > > ...one to publish in DNS or similar directory service and an unpublished > one for anonymous usage (that should expect to be rotated frequently in > order to disrupt linkability/trackability). > > > will be rarely used as responder HIs, they are likely to be common > > for initiators. Support for multiple HIs is recommended. [...] > > > > If multiple means "more than two", it's probably better to say that. > > (If multiple means "more than one", this is just a weaker version of > > "should support at least 2", above.) And it's rather tempting to > > make it a MUST, anyway. > > I double checked this from RFC7401 and I would change the last sentence to: > > As stated in [RFC7401], "all > HIP implementations MUST support more than one simultaneous HI, at > least one of which SHOULD be reserved for anonymous usage", and > "support for more than two HIs is RECOMMENDED". Ah, that's a good plan. > > Many initiators would want to use a different HI for different > > responders. The implementations should provide for a policy mapping > > of initiator HITs to responder HITs. This policy should also include > > preferred transforms and local lifetimes. > > > > "mapping of initiator to responder" is potentially confusing, in > > that in practice the procedure will be "I want to talk to responder > > A, so let me look up that I use HIT X to talk to responder A", which > > is the opposite direction from this text. > > Good catch, this was text was referencing old RFC5201 text that was > replaced by RFC7401. I'd change the text as follows: > > As stated in [RFC7401], "Initiators MAY use a different HI for > different Responders to provide basic privacy. Whether such private > HIs are used repeatedly with the same Responder, and how long these > HIs are used, are decided by local policy and depend on the privacy > requirements of the Initiator". > > Similarly, I would update change the following paragraph (with similarly > outdated text): > > "Responders would need a similar policy, describing the hosts allowed to > participate in HIP exchanges, and the preferred transforms and local > lifetimes." > > ...as follows: > > According to [RFC7401], "Responders that only respond to selected > Initiators require an Access Control List (ACL), representing for > which hosts they accept HIP base exchanges, and the preferred > transport format and local lifetimes. Wildcarding SHOULD be > supported for such ACLs, and also for Responders that offer public or > anonymous services". > > Does this work for you? I think so, thanks. > > Section 11.1 > > > > I'd consider replacing "is an attempt to" with "attempts to" -- for > > example, IPv6 tries to do a lot of things in addition to killing > > NAT! > > ok, changed > > > Section 11.3.1 > > > > [...]Second, a > > data plane component is needed. Most HIP implementations utilize the > > so called BEET mode of ESP that has been available since Linux kernel > > 2.6.27, but is included also as a userspace component in a few of the > > implementations. > > > > Nit: "but ESP is included", I think. > > I changed to: > > Most HIP implementations utilize the so called BEET mode of ESP that > has been available since Linux kernel 2.6.27, but the BEET mode is also > included as a userspace component in a few of the implementations. Ah, of course; thanks for fixing it up properly :) > > Section 12.1 > > > > I don't understand the usage of "a-priori" in: > > The need to support multiple hashes for generating the HIT from the > > HI affords the MitM to mount a potentially powerful downgrade attack > > due to the a-priori need of the HIT in the HIP base exchange. > > I agree that this is a bit confusing. I would simplify (and generalize) > this text as follows: > > A MitM attacker could try to replay older I1 or R1 messages using weaker > cryptographic algorithms as described in section 4.1.4 in RFC7401. > > How does this sound? That sounds good to me. > > In HIP, the Security Association for ESP is indexed by the SPI; the > > source address is always ignored, and the destination address may be > > ignored as well. Therefore, HIP-enabled Encapsulated Security > > Payload (ESP) is IP address independent. This might seem to make > > attacking easier, but ESP with replay protection is already as well > > protected as possible, and the removal of the IP address as a check > > should not increase the exposure of ESP to DoS attacks. > > > > It seems like there's still some potential incrased exposure, as > > validating the ESP crypto is presumably more expensive than > > validating source/destination IP addresses. > > the destination address can be ignored or included the checks, this is > an implementation issue as indicated by the ESP RFC: > > https://tools.ietf.org/html/rfc4303#section-2.1 > > Would changing the "may" to "MAY" fix your concern (noting that this > draft is still of informal type)? I would suggest not changing to uppercase "MAY" if the actual normative requirement is from another document (e.g., RFC 4303). The point I was trying to make is that validating the ESP crypto is a more expensive operation than just comparing IP address values, so that if my "before" situation doesn't involve IPsec, then there is increased DoS exposure. But if the "before" is "ESP with source/destination address validation" and the "after" is "ESP without source/destination address validation", then yes, there is no increased exposure. So perhaps I was just misreading the intended statement. -Benjamin > > Section 12.3 > > > > [...] At middleboxes, HIP-aware > > firewalls [lindqvist-enterprise] can use HITs or public keys to > > control both ingress and egress access to networks or individual > > hosts, even in the presence of mobile devices because the HITs and > > public keys are topologically independent. [...] > > > > Nit: I think that just "topology independent" is what's intended. > > changed, thanks! From nobody Sun Jan 6 12:16:15 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 232BD130DF0 for ; Sun, 6 Jan 2019 12:16:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.365 X-Spam-Level: X-Spam-Status: No, score=-4.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=cXvNXJyg; dkim=pass (1024-bit key) header.d=ericsson.com header.b=E5iHtQL6 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rRt9grtxudf4 for ; Sun, 6 Jan 2019 12:16:06 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB17A130DF2 for ; Sun, 6 Jan 2019 12:16:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1546805759; x=1549397759; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=sGi+wXvMJ2petBjRDp1OdBfVCwN9mD/Ujbs2qk1e/ac=; b=cXvNXJygxIWF590G5jPpoVM0NddnA313wcN3qiZei/z6tqoW8cX4rx4koB1boItn lTTZ0ZUYz9BJq8pBaQJOkKnHNdyY3XBfefG3AD4UxkmhXs5fPvGvFeWQJnLwwx+z w32eML+VWfnGPZKje5WIwevWayAxDOOGZGJayrJ+sLE=; X-AuditID: c1b4fb25-d89ff70000005ff7-3b-5c3261ff3add Received: from ESESSMB502.ericsson.se (Unknown_Domain [153.88.183.120]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 9A.84.24567.FF1623C5; Sun, 6 Jan 2019 21:15:59 +0100 (CET) Received: from ESESSMB501.ericsson.se (153.88.183.162) by ESESSMB502.ericsson.se (153.88.183.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Sun, 6 Jan 2019 21:15:58 +0100 Received: from EUR02-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Sun, 6 Jan 2019 21:15:58 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sGi+wXvMJ2petBjRDp1OdBfVCwN9mD/Ujbs2qk1e/ac=; b=E5iHtQL6/LRRKu7iHys+9OPqfxK0xgPG2bdvaThhpFknkrSpUX7X0B5L4lDOJBk1C97zJwqSMgynOIQlXE3DLNkKig5d9cwZWz9uRt6+r1wV2+5TyarE4ToSNP+TQjFPxuSAALNhgxwLvCQg/hbzPValwG8BW7pDGFZGz2XGelw= Received: from DB6PR0701MB2952.eurprd07.prod.outlook.com (10.168.84.14) by DB6PR0701MB2887.eurprd07.prod.outlook.com (10.168.83.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.3; Sun, 6 Jan 2019 20:15:57 +0000 Received: from DB6PR0701MB2952.eurprd07.prod.outlook.com ([fe80::c0a7:ff82:2739:57cb]) by DB6PR0701MB2952.eurprd07.prod.outlook.com ([fe80::c0a7:ff82:2739:57cb%9]) with mapi id 15.20.1516.010; Sun, 6 Jan 2019 20:15:57 +0000 From: Miika Komu To: Adam Roach , The IESG CC: "draft-ietf-hip-rfc4423-bis@ietf.org" , Gonzalo Camarillo , "hip-chairs@ietf.org" , "hipsec@ietf.org" Thread-Topic: Adam Roach's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) Thread-Index: AQHT5+5E3jU9E6Hb40+nOe+BCMJkk6WkKWWA Date: Sun, 6 Jan 2019 20:15:57 +0000 Message-ID: <864b2f60-ea43-3451-a4fb-d6bc6a14b51e@ericsson.com> References: <152590886238.10463.9438651181532889998.idtracker@ietfa.amsl.com> In-Reply-To: <152590886238.10463.9438651181532889998.idtracker@ietfa.amsl.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM5PR06CA0015.eurprd06.prod.outlook.com (2603:10a6:206:2::28) To DB6PR0701MB2952.eurprd07.prod.outlook.com (2603:10a6:4:72::14) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB6PR0701MB2887; 6:gi89xpUcEWR0Qxa5gtAfshLDOrPovrTArZ1VoiKB2VfrlJltslrw1KwEDNaEJSscq4AigCeY7+gkygS1k1Gs8hgWgj/uhnV3NM6qK9vdsjClJ7NmCC5sacKkjsrp+Ufi9Cr6hnUDcEB9x7UnooSNqb6JMIs2QuzxcX0NP4norm22Ee45IZI86xuGqI36RT6mzELq+rbOK6P90zhv1myi1IR/eODE+ZjTau/JxEc9L/OeTxRHApZVq0qHFxKx3qyPg60E0P7fxFs22MIdFBGl02FuUbr1TQNeA5x1asNVBuOr0fUBKn5sPzx3DsR/noqrYVYIs6wLsFIbDIenw2dlLtbUdUpADs/NRkVdHRk116cKRyowJdh+xE58j48wb8NjOakgLZ5wpsTGEoNXk7RL08tCrJlXAk+V8X8CMmyEtXrkiPFVfqoNIJwWfaMZ0fwY0qCaoI7zqpqxAlUa45lMmg==; 5:BD973cCQdp6CyI9OSGbRtP8+WI2Uui5MnT1JGtXu2J1TiMBMuuaUF5O+/J8J4gxSxguLAF0ENkqkx7DHl66O+uV4ZoUCvO/ILw+2SFpmLibD7bKuJ3pp/DYjOTjygQuRl/PjTQpbGfNym+4HdfkNlskDuTEaKJB28COSOAfh1aLRb2FRZY59+uT00B1hz3SV3K610TfNn3IuulJuJls6DQ==; 7:VrNc7kXbI7ExYgez1Ayz0Y8fj1VKE5OGqrKLk7uzrZeWKx1W30Ag3i9KgX4FoXj+p2I+daC0rktxSpCwZrxGTN5QgYg4PgJFe9xtdMhhjleJkZBg+JA9UHZM0tFB63Q86s0CQOMjNAf5ugR38bMWFA== x-ms-office365-filtering-correlation-id: 4926e3c2-5cd1-4343-a041-08d67413c489 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:DB6PR0701MB2887; x-ms-traffictypediagnostic: DB6PR0701MB2887: x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(93006095)(93001095)(3231475)(944501520)(52105112)(3002001)(10201501046)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(20161123560045)(20161123562045)(201708071742011)(7699051)(76991095); SRVR:DB6PR0701MB2887; BCL:0; PCL:0; RULEID:; SRVR:DB6PR0701MB2887; x-forefront-prvs: 09090B6B69 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(396003)(136003)(39860400002)(366004)(346002)(189003)(199004)(3846002)(6116002)(25786009)(36756003)(4326008)(446003)(11346002)(2616005)(476003)(68736007)(5660300001)(2906002)(305945005)(7736002)(81166006)(8676002)(81156014)(8936002)(99286004)(54906003)(110136005)(316002)(66066001)(6306002)(6512007)(105586002)(106356001)(478600001)(229853002)(6486002)(6436002)(102836004)(76176011)(386003)(53546011)(6506007)(44832011)(186003)(486006)(256004)(14444005)(6346003)(26005)(31686004)(53936002)(14454004)(966005)(6246003)(31696002)(86362001)(71190400001)(71200400001)(52116002)(97736004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0701MB2887; H:DB6PR0701MB2952.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ST7EF6qIFVFZ4J6ggsc0zWTG0qtmN4szJ6vFcVc1LN0EEO3lw3ziYK12Kk/JWdN9q2uxC6TaLraTsnGVcuS6UGaXLe1KbLZ6Oz37+ezQZSgbHHNxfY1TDH+58986NCJ9CQmvDzXoh3kuzvlg+xpfHoKx9yDPC5OmLDjXukXHdJQW9k3pq7QmXC0yDq1GWtWKv+V1Xm6TPDys10UVnYUNYgJfCzJSPuNd9NTSrZaDypuOpx7Dks1656eAKWxEHeNQGaecyp4uQxg6JlHaelxIBgZ5//oGB0fmx7UI+TQIN3S4iiJAv6D1bxPoZVum9gE7 spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <4821CBC405547040B0A6A77099694372@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 4926e3c2-5cd1-4343-a041-08d67413c489 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jan 2019 20:15:56.5995 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0701MB2887 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRjHeXfOdo7LyetUfDItHRYkXlfBQLGCgn2xGxJlE515UGs62Zmi fQgl7YMmKprl8pZZoWmWRl6S8pZ5LS/kzCwxzwhTglKRvNW2M6Fvv+f9P///+zwvL01Iq4Ru dEKSntElqTUykZgsvdCS5vdXLVcFlmQQio6takrxpbeCUvRm51CK29VFhOLuZiFxTKisqfkj UBraOPKMIEIcEstoElIZXUBotDh+sG+KTH4Unvau/h6RgQrO5SA7GvBhWO6uonKQmJbiXgTc 9HNbsYpgstMo4osHAhhcybcqJC4gYDTvpk0pFsBoxQppCZNiE4K2xXALi7AP1M0YCQs742AY ujFAWAwE/oygKa/IanDCF2Gyr1/IN0VA2euvNoMc6vNaKAuT2BtMa71WluCjkLXOUfxlYVCV NWv12uFTUDbG5yDsAbXN29YcArvCNFcp4DfFUNPxgeDZBRbmt4WWgQCXIOirb6d4wRdGjBzi 2QtGfs7ZzB4wXplrO8+iwPgpkucwqClZIfigcQRr2QuinaCt9VzzlrSZtZDdcZ7v+UjAt+k7 tincodU0LypAcsN/wxrMFgIfhMb2AB6V0Lqg5Du8oDh3jjJYn8IRBko5sgoJ65ALy7AxiXHy Q/6MLuEyy2qT/JMYfRMy/5uuFxv7W9HE0vFuhGkks5dw0XKVVKhOZdMTuxHQhMxZojEFqaSS WHX6NUanjdKlaBi2G+2hSZmrZFPqqJLiOLWeucowyYxuRxXQdm4ZSOjXWdfjr/U9kanXTyR4 r9bJWwP3fU95k57IhITu+u0VGbE76rpKdvrlbP7sk7HKH4M9tzxTz5Y1vn9WKno62pD5yv4t x9qb6OgQh5PDuGEq675hycF9mJupXbzSv/zwcaV2o6Mwsa15pH1v+SUXpwCXoeDJmfxfHgdi uvRHNOWeMpKNVwf5EDpW/Q/LshDaMwMAAA== Archived-At: Subject: Re: [Hipsec] Adam Roach's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jan 2019 20:16:08 -0000 SGkgQWRhbSwNCg0KT24gNS8xMC8xOCAwMjozNCwgQWRhbSBSb2FjaCB3cm90ZToNCj4gQWRhbSBS b2FjaCBoYXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3INCj4gZHJh ZnQtaWV0Zi1oaXAtcmZjNDQyMy1iaXMtMTk6IE5vIE9iamVjdGlvbg0KPiANCj4gV2hlbiByZXNw b25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8g YWxsDQo+IGVtYWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAo RmVlbCBmcmVlIHRvIGN1dCB0aGlzDQo+IGludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIu KQ0KPiANCj4gDQo+IFBsZWFzZSByZWZlciB0byBodHRwczovL3d3dy5pZXRmLm9yZy9pZXNnL3N0 YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwNCj4gZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJv dXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCj4gDQo+IA0KPiBUaGUgZG9j dW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhl cmU6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtaGlwLXJm YzQ0MjMtYmlzLw0KPiANCj4gDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IENPTU1FTlQ6DQo+IC0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0NCj4gDQo+IFRoYW5rcyBmb3IgZXZlcnlvbmUncyB3b3JrIG9uIHVwZGF0aW5n IFJGQyA0NDIzLg0KDQp0aGFua3MgZm9yIGNvbW1lbnRzIQ0KDQo+IEluIGdlbmVyYWwsIEkgYWdy ZWUgd2l0aCBNaXJqYSdzIHBvaW50IHRoYXQgc2VjdGlvbiAxMSBzZWVtcyBhIGJpdCBkaXNqb2lu dA0KPiBmcm9tIHRoZSByZXN0IG9mIHRoZSBkb2N1bWVudCwgYW5kIHdvdWxkIGJlIGJldHRlciBz ZXJ2ZWQgYXMgYW4gYXBwZW5kaXguIEl0J3MNCj4gYWxzbyBzb21ld2hhdCBqYXJyaW5nIHRvIGhh dmUgYSBkb2N1bWVudCB3aG9zZSBhYnN0cmFjdCB0YWxrcyBhYm91dCBhICJuZXcNCj4gbmFtZXNw YWNlIiBhbmQgYSAibmV3IHByb3RvY29sIGxheWVyLCIgd2hpY2ggZ29lcyBvbiB0byBkZXNjcmli ZSBjb25jbHVzaW9ucw0KPiBmcm9tIHR3ZWx2ZSB5ZWFycyBvZiBkZXBsb3ltZW50IGV4cGVyaWVu Y2UuIEkgd291bGQgcmVjb21tZW5kIHJlLXdvcmtpbmcgYWxsDQo+IHVzZXMgb2YgdGhlIHdvcmQg Im5ldyIgKHdoaWNoLCBpbiBtb3N0IGNhc2VzLCBjYW4gYmUgYWNoaWV2ZWQgYnkgZWl0aGVyDQo+ IHJlbW92aW5nIHRoZSB3b3JkICJuZXciIGZyb20gc2VudGVuY2VzLCBvciByZXBsYWNpbmcgaXQg d2l0aCAiSElQIikuDQoNCkFncmVlZC4gSSByZXBsYWNlZCAibmV3IiAobmFtZXNwYWNlL2xheWVy KSB0byAiSEkvYWRkaXRpb25hbCIgKGRlcGVuZGluZyANCm9uIHRoZSBjb250ZXh0KSB0aHJvdWdo b3V0IHRoZSBkb2N1bWVudC4NCg0KPiBUaGUgcmVtYWluZGVyIG9mIG15IGNvbW1lbnRzIGFyZSBl ZGl0b3JpYWwgbml0cy4NCj4gDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiANCj4gwqcyLjE6DQo+ IA0KPj4gICArLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLSsNCj4+ICAgfCBUZXJtICAgICAgICAgIHwgRXhwbGFuYXRpb24g ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8DQo+PiAgICstLS0tLS0tLS0t LS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t Kw0KPj4gICB8IFB1YmxpYyBrZXkgICAgfCBUaGUgcHVibGljIGtleSBvZiBhbiBhc3ltbWV0cmlj IGNyeXB0b2dyYXBoaWMga2V5IHwNCj4+ICAgfCAgICAgICAgICAgICAgIHwgcGFpci4gIFVzZWQg YXMgYSBwdWJsaWNseSBrbm93biBpZGVudGlmaWVyIGZvciAgICB8DQo+PiAgIHwgICAgICAgICAg ICAgICB8IGNyeXB0b2dyYXBoaWMgaWRlbnRpdHkgYXV0aGVudGljYXRpb24uICBQdWJsaWMgaXMg fA0KPj4gICB8ICAgICAgICAgICAgICAgfCBhIGEgcmVsYXRpdmUgdGVybSBoZXJlLCByYW5naW5n IGZyb20gImtub3duIHRvICAgIHwNCj4+ICAgfCAgICAgICAgICAgICAgIHwgcGVlcnMgb25seSIg dG8gImtub3duIHRvIHRoZSB3b3JsZC4iICAgICAgICAgICAgICB8DQo+IA0KPiBOaXQ6IHRoaXMg dGV4dCBjb250YWlucyBhIGRvdWJsZWQgImEiICgiLi4uYSBhIHJlbGF0aXZlLi4uIikuDQoNCnRo YW5rcw0KDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiDCpzIuMjoNCj4gDQo+IE5pdDogVGhlIGNo YW5nZSBpbiBzcGFjaW5nIGluIHRoaXMgdGFibGUgbWFrZXMgY2VydGFpbiB0ZXJtcyBkaWZmaWN1 bHQgdG8gcmVhZA0KPiAoZS5nLiwgIkhJUCBiYXNlIGV4Y2hhbmdlIEhJUCBwYWNrZXQiIGFwcGVh cnMgdG8gYmUgYSBzaW5nbGUgdGVybSB1bnRpbCB0aGUNCj4gdGFibGUgaXMgY2xvc2VseSBleGFt aW5lZC4pIENvbnNpZGVyIHJldmVydGluZyB0byB0aGUgc3BhY2luZyBmcm9tIFJGQyA0NDIzLg0K DQpkb25lDQoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IA0KPiDCpzMuMToNCj4gDQo+PiAgIG8g IFRoZSBuYW1lcyBzaG91bGQgaGF2ZSBhIGZpeGVkIGxlbmd0aCByZXByZXNlbnRhdGlvbiwgZm9y IGVhc3kNCj4gDQo+IE5pdDogImZpeGVkLWxlbmd0aCIgaXMgYSBjb21wb3VuZCBhZGplY3RpdmUs IGFuZCBzaG91bGQgYmUgaHlwaGVuYXRlZC4NCj4gY2YuIGh0dHBzOi8vd3d3Lmdvb2dsZS5jb20v c2VhcmNoP3E9Y29tcG91bmQrYWRqZWN0aXZlDQo+IA0KPj4gICAgICAoZS5nIHRoZSBUQ0IpLg0K PiANCj4gTml0OiBUaGUgY29udmVudGlvbmFsIGZvcm0gd291bGQgY2FsbCBmb3IgIihlLmcuLCB0 aGUgVENCKSINCj4gY2YuIGh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vc2VhcmNoP3E9ImUuZy4iK3B1 bmN0dWF0aW9uK2NvbW1hDQo+IA0KPj4gbyBUaGUgbmFtZXMgc2hvdWxkIGJlIGxvbmcgbGl2ZWQs IGJ1dCByZXBsYWNlYWJsZSBhdCBhbnkgdGltZS4gVGhpcw0KPiANCj4gImxvbmctbGl2ZWQiDQo+ IA0KPj4gZGVzaWduZWQsIGl0IGNhbiBkZWxpdmVyIGFsbCBvZiB0aGUgYWJvdmUgc3RhdGVkIHJl cXVpcmVtZW50cy4NCj4gDQo+ICJhYm92ZS1zdGF0ZWQiDQoNCmZpeGVkLCB0aGFua3MNCg0KPiAt LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0NCj4gDQo+IMKnNDoNCj4gDQo+PiAgIEluIHRoZW9yeSwgYW55IG5h bWUgdGhhdCBjYW4gY2xhaW0gdG8gYmUgJ3N0YXRpc3RpY2FsbHkgZ2xvYmFsbHkNCj4+ICAgdW5p cXVlJyBtYXkgc2VydmUgYXMgYSBIb3N0IElkZW50aWZpZXIuICBJbiB0aGUgSElQIGFyY2hpdGVj dHVyZSwgdGhlDQo+PiAgIHB1YmxpYyBrZXkgb2YgYSBwcml2YXRlLXB1YmxpYyBrZXkgcGFpciBo YXMgYmVlbiBjaG9zZW4gYXMgdGhlIEhvc3QNCj4+ICAgSWRlbnRpZmllciBiZWNhdXNlIGl0IGNh biBiZSBzZWxmIG1hbmFnZWQgYW5kIGl0IGlzIGNvbXB1dGF0aW9uYWxseQ0KPiANCj4gInNlbGYt bWFuYWdlZCINCg0KZml4ZWQNCg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gDQo+IMKnNi41Og0K PiANCj4+ICAgVGhlIGNvbnRyb2wgcGxhbmUgYmV0d2VlbiB0d28gaG9zdHMgaXMgdGVybWluYXRl ZCB1c2luZyBhIHNlY3VyZSB0d28NCj4+ICAgbWVzc2FnZSBleGNoYW5nZSBhcyBzcGVjaWZpZWQg aW4gYmFzZSBleGNoYW5nZSBzcGVjaWZpY2F0aW9uDQo+IA0KPiAidHdvLW1lc3NhZ2UiDQoNCmZp eGVkDQoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IA0KPiDCpzc6DQo+IA0KPj4gICBjb250cm9s IHBsYW5lLCBwcm90ZWN0ZWQgYnkgYXN5bW1ldHJpYyBrZXkgY3J5cHRvZ3JhcGh5LiAgQWxzbywg Uy1SVFANCj4+ICAgaGFzIGJlZW4gY29uc2lkZXJlZCBhcyB0aGUgZGF0YSBlbmNhcHN1bGF0aW9u IHByb3RvY29sIFtoaXAtc3J0cF0uDQo+IA0KPiAiU1JUUCIgcmF0aGVyIHRoYW4gIlMtUlRQIi4N Cg0KZml4ZWQNCg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gDQo+IMKnODoNCj4gDQo+PiAgIEJl c2lkZXMgdGhpcyAibmF0aXZlIiBOQVQgdHJhdmVyc2FsIG1vZGUgZm9yIEhJUCwgb3RoZXIgTkFU IHRyYXZlcnNhbA0KPj4gICBtZWNoYW5pc21zIGhhdmUgYmVlbiBzdWNjZXNzZnVsbHkgdXRpbGl6 ZWQsIHN1Y2ggYXMgVGVyZWRvDQo+PiAgIFt2YXJqb25lbi1zcGxpdF0uDQo+IA0KPiBQbGVhc2Ug Y2l0ZSBSRkMgNDM4MCBmb3IgIlRlcmVkby4iIGUuZy46DQo+IA0KPiAgICAgQmVzaWRlcyB0aGlz ICJuYXRpdmUiIE5BVCB0cmF2ZXJzYWwgbW9kZSBmb3IgSElQLCBvdGhlciBOQVQgdHJhdmVyc2Fs DQo+ICAgICBtZWNoYW5pc21zIGhhdmUgYmVlbiBzdWNjZXNzZnVsbHkgdXRpbGl6ZWQsIHN1Y2gg YXMgVGVyZWRvIFtSRkM0MzgwXSwNCj4gICAgIGFzIGRlc2NyaWJlZCBpbiBbdmFyam9uZW4tc3Bs aXRdLg0KDQpjaGFuZ2VkIHRoaXMgdG86DQoNCiAgc3VjaCBhcyBUZXJlZG8gW1JGQzQzODBdDQog ICAgKGFzIGRlc2NyaWJlZCBpbiBmdXJ0aGVyIGRldGFpbCBpbiBbdmFyam9uZW4tc3BsaXRdKS4N Cg0KDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiANCj4gwqc4Og0KPiANCj4+ICAgY2FuIG1hcCB0 byBhIHNpbmdsZSBJUCBhZGRyZXNzIG9uIGEgTkFULCBzaW1wbGlmeWluZyBjb25uZWN0aW9ucyBv bg0KPj4gICBhZGRyZXNzIHBvb3IgTkFUIGludGVyZmFjZXMuICBUaGUgTkFUIGNhbiBnYWluIG11 Y2ggb2YgaXRzIGtub3dsZWRnZQ0KPiANCj4gImFkZHJlc3MtcG9vciINCg0KZml4ZWQNCg0KPiAt LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0NCj4gDQo+IMKnMTEuMToNCj4gDQo+PiAgICAgIENvbnNpZGVyaW5n IHN1Y2ggaHVtYW4gZXJyb3JzLCBhIHNpdGUNCj4+ICAgICAgZW1wbG95aW5nIGxvY2F0aW9uLWlu ZGVwZW5kZW50IGlkZW50aWZpZXJzIGFzIHByb21vdGVkIGJ5IEhJUCBtYXkNCj4+ICAgICAgZXhw ZXJpZW5jZSBsZXNzIHByb2JsZW1zIHdoaWxlIHJlbnVtYmVyaW5nIHRoZWlyIG5ldHdvcmsuDQo+ IA0KPiAiLi4uZXhwZXJpZW5jZSBmZXdlciBwcm9ibGVtcy4uLiINCj4gDQo+PiAgIG8gIEhJVHMg KG9yIExTSXMpIGNhbiBiZSB1c2VkIGluIElQLWJhc2VkIGFjY2VzcyBjb250cm9sIGxpc3RzIGFz IGENCj4+ICAgICAgbW9yZSBzZWN1cmUgcmVwbGFjZW1lbnQgZm9yIElQdjYgYWRkcmVzc2VzLiAg QmVzaWRlcyBzZWN1cml0eSwgSElUDQo+PiAgICAgIGJhc2VkIGFjY2VzcyBjb250cm9sIGhhcyB0 d28gb3RoZXIgYmVuZWZpdHMuDQo+IA0KPiAiSElULWJhc2VkIg0KPiANCj4+ICAgICAgZW52aXJv bm1lbnRzLiAgRm9yIGluc3RhbmNlLCB0aGUgYmVuZWZpdHMgb2YgSElUIGJhc2VkIGFjY2Vzcw0K PiANCj4gIkhJVC1iYXNlZCINCg0KZml4ZWQNCg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gDQo+ IMKnMTEuMjoNCj4gDQo+PiAgIFRoZSBrZXkgZXhjaGFuZ2UgaW50cm9kdWNlcyBzb21lIGV4dHJh IGxhdGVuY3kgKHR3byByb3VuZCB0cmlwcykgaW4NCj4+ICAgdGhlIGluaXRpYWwgdHJhbnNwb3J0 IGxheWVyIGNvbm5lY3Rpb24gZXN0YWJsaXNobWVudCBiZXR3ZWVuIHR3bw0KPiANCj4gInRyYW5z cG9ydC1sYXllciINCg0KZml4ZWQNCg0KPj4gICBrZXlzIGFuZCBEaWZmaWUtSGVsbG1hbiBrZXkg ZGVyaXZhdGlvbiBhdCB0aGUgY29udHJvbCBwbGFuZSwgYnV0IHRoaXMNCj4+ICAgb2NjdXJzIG9u bHkgZHVyaW5nIHRoZSBrZXkgZXhjaGFuZ2UsIGl0cyBtYWludGVuYW5jZSAoaGFuZG9mZnMsDQo+ PiAgIHJlZnJlc2hpbmcgb2Yga2V5IG1hdGVyaWFsKSBhbmQgdGVhciBkb3duIHByb2NlZHVyZXMg b2YgSElQDQo+IA0KPiAidGVhci1kb3duIg0KDQpmaXhlZA0KDQo+IC0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LQ0KPiANCj4gwqcxMS4zLjE6DQo+IA0KPj4gICBOZXR3b3JrcyBbaGVuZGVyc29uLXZwbHNdIHRv IGZhY2lsaXRhdGUsIGUuZywgc3VwZXJ2aXNvcnkgY29udHJvbCBhbmQNCj4gDQo+ICJlLmcuLCIN Cg0KZml4ZWQNCg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gDQo+IMKnMTEuNDoNCj4gDQo+PiAg ICAgICAgICBBIEhJIGlzIGEgY3J5cHRvZ3JhcGhpYyBwdWJsaWMga2V5LiAgSG93ZXZlciwgaW5z dGVhZCBvZiB1c2luZw0KPj4gICAgICAgICAgdGhlIGtleXMgZGlyZWN0bHksIG1vc3QgcHJvdG9j b2xzIHVzZSBhIGZpeGVkIHNpemUgaGFzaCBvZiB0aGUNCj4+ICAgICAgICAgIHB1YmxpYyBrZXku DQo+IA0KPiAiZml4ZWQtc2l6ZSINCj4gDQo+PiAgICAgICAgICBISVAgcHJvdmlkZXMgYm90aCBz dGFibGUgYW5kIHRlbXBvcmFyeSBIb3N0IElkZW50aWZpZXJzLg0KPj4gICAgICAgICAgU3RhYmxl IEhJcyBhcmUgdHlwaWNhbGx5IGxvbmcgbGl2ZWQsIHdpdGggYSBsaWZldGltZSBvZiB5ZWFycw0K PiANCj4gImxvbmctbGl2ZWQiDQo+IA0KPj4gICAgICAgICAgbmV0d29yayBzZXJ2aWNlcy4gIEFk ZGl0aW9uYWxseSwgdGhlIEhvc3QgSWRlbnRpZmllcnMsIGFzDQo+PiAgICAgICAgICBwdWJsaWMg a2V5cywgYXJlIHVzZWQgaW4gdGhlIGJ1aWx0IGluIGtleSBhZ3JlZW1lbnQgcHJvdG9jb2wsDQo+ IA0KPiAiYnVpbHQtaW4iDQo+IA0KPj4gICAgICAgICAgSElQIHJlZHVjZXMgZGVwZW5kZW5jeSBv biBJUCBhZGRyZXNzZXMsIG1ha2luZyB0aGUgc28gY2FsbGVkDQo+IA0KPiAic28tY2FsbGVkIg0K DQpmaXhlZA0KDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiANCj4gwqcxMi4xOg0KPiANCj4+ICAg T3RoZXIgdHlwZXMgb2YgTWl0TSBhdHRhY2tzIGFnYWluc3QgSElQIGNhbiBiZSBtb3VudGVkIHVz aW5nIElDTVANCj4+ICAgbWVzc2FnZXMgdGhhdCBjYW4gYmUgdXNlZCB0byBzaWduYWwgYWJvdXQg cHJvYmxlbXMuICBBcyBhIG92ZXJhbGwNCj4gDQo+ICIuLi5hbiBvdmVyYWxsLi4uIg0KPiANCj4+ ICAgYmUgYWJvcnRlZCBhZnRlciBzb21lIHJldHJpZXMpLiAgQXMgYSBkcmF3YmFjaywgdGhpcyBs ZWFkcyB0byBhbg0KPj4gICA2LXdheSBiYXNlIGV4Y2hhbmdlIHdoaWNoIG1heSBzZWVtIGJhZCBh dCBmaXJzdC4gIEhvd2V2ZXIsIHNpbmNlIHRoaXMNCj4gDQo+ICIuLi5hIDYtd2F5Li4uIg0KDQpm aXhlZC4gVGhhbmtzIQ0KDQo= From nobody Sun Jan 6 12:40:21 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BFCE130E43 for ; Sun, 6 Jan 2019 12:40:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.365 X-Spam-Level: X-Spam-Status: No, score=-4.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=XqqwqeFC; dkim=pass (1024-bit key) header.d=ericsson.com header.b=RFcELhPV Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rIOsRcL8Itrz for ; Sun, 6 Jan 2019 12:40:18 -0800 (PST) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F5AD130E3E for ; Sun, 6 Jan 2019 12:40:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1546807213; x=1549399213; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=pg/ORSqWA76ZpN2u6t/Jmn0p4FsdXM9PuotoySCiS1U=; b=XqqwqeFCpn/S0PxCp6CjNCL6ZMrrFWLFD622zaYxrnM7LQv2iW/QfLZ+XpOE75hw eZagOhSh9NDL0as10cnSW/Bk7Mt0urkyMD2H00aMM3G2cdt8BT69jM37W4S74YIX DCGfn/Q7ww70SoDujkWs1VcoiqHQ2GRhSSkcEZKXq6Q=; X-AuditID: c1b4fb2d-d9dff7000000062f-28-5c3267ada0cc Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 90.E8.01583.DA7623C5; Sun, 6 Jan 2019 21:40:13 +0100 (CET) Received: from ESESBMR504.ericsson.se (153.88.183.139) by ESESSMB501.ericsson.se (153.88.183.189) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Sun, 6 Jan 2019 21:40:13 +0100 Received: from ESESBMB501.ericsson.se (153.88.183.168) by ESESBMR504.ericsson.se (153.88.183.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Sun, 6 Jan 2019 21:40:13 +0100 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB501.ericsson.se (153.88.183.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Sun, 6 Jan 2019 21:40:12 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pg/ORSqWA76ZpN2u6t/Jmn0p4FsdXM9PuotoySCiS1U=; b=RFcELhPV+IiDGIFaQ0/l/zpk0h9xPHAlL21NIuo6zLUDNMctfo61euYSn7yvZbT7aQq+m1joBU4Xe+VYRqci79j2uXzEacM4UDuOm2qONhZ512qHxTMzMUcoNtmqdXtlhF4z49zwsCFp6jI56CQX8CDdvKESpppbnqJ7cajisoo= Received: from DB6PR0701MB2952.eurprd07.prod.outlook.com (10.168.84.14) by DB6PR0701MB2133.eurprd07.prod.outlook.com (10.168.58.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.6; Sun, 6 Jan 2019 20:40:11 +0000 Received: from DB6PR0701MB2952.eurprd07.prod.outlook.com ([fe80::c0a7:ff82:2739:57cb]) by DB6PR0701MB2952.eurprd07.prod.outlook.com ([fe80::c0a7:ff82:2739:57cb%9]) with mapi id 15.20.1516.010; Sun, 6 Jan 2019 20:40:11 +0000 From: Miika Komu To: Ben Campbell , The IESG CC: "draft-ietf-hip-rfc4423-bis@ietf.org" , Gonzalo Camarillo , "hip-chairs@ietf.org" , "hipsec@ietf.org" Thread-Topic: Ben Campbell's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) Thread-Index: AQHT6Aoe0ygHAuA5PkOcLpVYyHQV+qWkL/KA Date: Sun, 6 Jan 2019 20:40:11 +0000 Message-ID: References: <152592082640.10421.10127781203317885108.idtracker@ietfa.amsl.com> In-Reply-To: <152592082640.10421.10127781203317885108.idtracker@ietfa.amsl.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM5P189CA0036.EURP189.PROD.OUTLOOK.COM (2603:10a6:206:15::49) To DB6PR0701MB2952.eurprd07.prod.outlook.com (2603:10a6:4:72::14) authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB6PR0701MB2133; 6:wCMCfnTq8Owq12eKo5adm5OvrlfOwmSBthPCTLGDjaJoZy2GjzoD93NN/bs7LYuGyb/pk99JgvSbTjm8S8yHH8RUcEWhiKA5nHEJfeovQ2ZGJXrMKmzGXnsmg1o6TPpxDO2Odn94UdYI+xs/LFWIZL/AewKJr7zKmctocaV0WMXoXgi0773U8yk8G0Bzpgiz91rvftPqqIsaZA3kPsrAQqkb+pUOD6uwtU1/pOHyzplD+TB9XYJIbemjFnQAd4hwzxUN18PIgO6PFvoSDs7mRfYQ1kaHImkTnunYwUkXNHWS1pObXVGcJ6tJTvSfbP/V5jIEO2Spp3NyG1VtzzfOzy+WbENXk5g6kDuJTrFm6EzgbUV5pVmaWwlCNvOjdrzh3EODq50TivJabMILXsAJluf7Dr8Clh5tLBmVCbfE3zjS9rlUZ472b0Q7A9cFHaOMwOf/u0W9I0fzZt1x6CWxVg==; 5:YVV2LdpARuOPe62PEuvZPGxYbV9huKdBoTTCfbBgrMuDhrVM7oCCuFFhgbhPIBc05rqtg66ocu7BaMBlHTrYT3wblIgHRIPbhsyeSwXuktzV8Ir7aQtE1i0NQLG9k+j0L39aZOoownF3R+e37cXCCLfeqfcGiPZbW27EsA6JHtzKPN1f8tW9R2Kezir8jE+Q5L6xbuy/uDC9DZnD2a8S+A==; 7:/wGWMs8wgCEtVqhhR6sj4iTjO77JCzli/eysgJ9+Bwjr9ClEnT/4+LRULMr1C7tLSz+lmWo8rgO8x6tXj2LRKSgnzMApdOhYK1zOteVi11f9oHAz3rYKRCieWIu/zrZyABAJ2jBcPR24gOMuM+tZ0Q== x-ms-office365-filtering-correlation-id: 6c1a0079-abfc-4c3d-8e52-08d674172733 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:DB6PR0701MB2133; x-ms-traffictypediagnostic: DB6PR0701MB2133: x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(93006095)(93001095)(3231475)(944501520)(52105112)(3002001)(10201501046)(6041310)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:DB6PR0701MB2133; BCL:0; PCL:0; RULEID:; SRVR:DB6PR0701MB2133; x-forefront-prvs: 09090B6B69 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(366004)(376002)(136003)(396003)(39860400002)(189003)(199004)(6512007)(6306002)(2616005)(71200400001)(54906003)(316002)(229853002)(110136005)(2906002)(6246003)(476003)(6436002)(4326008)(99286004)(52116002)(11346002)(446003)(8676002)(66066001)(53936002)(8936002)(68736007)(81156014)(81166006)(5660300001)(6486002)(305945005)(7736002)(25786009)(76176011)(36756003)(486006)(97736004)(31696002)(256004)(44832011)(31686004)(966005)(86362001)(478600001)(186003)(71190400001)(386003)(102836004)(53546011)(6506007)(26005)(6116002)(3846002)(14454004)(105586002)(106356001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0701MB2133; H:DB6PR0701MB2952.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Gd4mUM476AeqBA9GvrmWkdkB1imoaeKQw4rRh6Hv+D/cgLBOjIofdbbaa3bNcFAJOz8Ew9bQko8wjTgniRwS88+jrXC6qUDTm1Mj8rWTq4GZPyKE968k/B+ZFVrF6VcE15sr7JqDSK/zJ0ANF+QJbLvmEILLXXwNbw6EbeSimOHNYIezlV+aCDr8lEHpFOI6PmsSyNkOVWojtDi8mg/Js11vjGwLdT92WPoPY9kijQNNS6u0fYB8FcQfuQI5ULT3rgCogozX5IUo9LDHQNPjLeoCFKTaiIyxj9iR0ZuIUKuQKO8wN1WCo0dBWo5UDPRg spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <827EBE2F40FBA84AB2229E1B63F67F4C@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 6c1a0079-abfc-4c3d-8e52-08d674172733 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jan 2019 20:40:10.6045 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0701MB2133 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA01SbUhTURjm7N5td8vlcSm+aQoOCxS/7ccSSw0q/WFWYIhObOlFJb+6V00D QytJJ9bGTHNCK5uIZporNU2lTSXMVBJhaEWJEzLLCsrwI8vtKvTv+Xif9zzncChCque7UZk5 +TSTo8ySCcRkfULPJf9H6SGKIO2ip1xfOSaUvx++K5QPl6uE8tuNWkJ+Z0NDRPKjDYZVXrSu 10qe4iWKw9PorMxCmgk8ck6cMWbdQHmD+4pmukcEpeijuwpRFOCDYJlLVSExJcXDCCx/vwo4 8gvBkOEDT4VEHFnSSDnjAQ/GzRPIRkisJqBtoJPgHC0PjOvliCMLCG7WjApseQH2hdZ3FsKG nXE4NJsW7YcQ+C0CY7WWtBl7cBKsVK4Iba2csQI6Ww9zMASGTEG2CRJ7w5vBFXslCY6ARbUO cfVOQv+rNvt6EY6DrmvtfBtG2ANanmzadQK7wqxVb88CxmDonyQ47AKL85t8Wx3AtQjMlUs8 LpwIVZ9vkdyQH4xbrIjDXjC+PLe9yAOm9FWIC18XQlN5O8m9aiyUjiVz+hSC6TKNYGdRR0X1 djgXKgZaCDUK1f1XULcVJ7APdPQFcnI0mNYMJIe9oKZqTqiz398JRuut5D3Eb0UuLM2y2ekh oQE0k5nKsrk5ATl0vhFtfRvT03X/Z+jhUpQZYQrJHCR+qSEKKV9ZyBZnmxFQhMxZkrUQrJBK 0pTFl2kmN4UpyKJZM3KnSJmrZEPqpJDidGU+fYGm82hmx+VRIrdStD9u/cxRrxijw7ezn455 r8aHNUxkNHVHhb9e262x1hV49vbI++IGTWzJ4/khnzLH4NkOw3Ffn/mYHzcS6iaDVl2df55u vr9LlDJ3Mflq2PPzPtq9a3EjByLj1dPWjmmR8c9sScMaw2yMfG+88mLlS1PEzEvHpENdU5HL qtrYmN8nimQkm6EM9iUYVvkPfzZuYTIDAAA= Archived-At: Subject: Re: [Hipsec] Ben Campbell's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jan 2019 20:40:20 -0000 SGkgQmVuLA0KDQpPbiA1LzEwLzE4IDA1OjUzLCBCZW4gQ2FtcGJlbGwgd3JvdGU6DQo+IEJlbiBD YW1wYmVsbCBoYXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3INCj4g ZHJhZnQtaWV0Zi1oaXAtcmZjNDQyMy1iaXMtMTk6IE5vIE9iamVjdGlvbg0KPiANCj4gV2hlbiBy ZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkg dG8gYWxsDQo+IGVtYWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVz LiAoRmVlbCBmcmVlIHRvIGN1dCB0aGlzDQo+IGludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2 ZXIuKQ0KPiANCj4gDQo+IFBsZWFzZSByZWZlciB0byBodHRwczovL3d3dy5pZXRmLm9yZy9pZXNn L3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwNCj4gZm9yIG1vcmUgaW5mb3JtYXRpb24g YWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCj4gDQo+IA0KPiBUaGUg ZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5k IGhlcmU6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtaGlw LXJmYzQ0MjMtYmlzLw0KPiANCj4gDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IENPTU1FTlQ6DQo+ IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0NCj4gDQo+IEkgaGF2ZSBtb3N0bHkganVzdCByZXZpZXdlZCB0aGUgZGlm ZiBmcm9tIFJGQzQ0MjMuIE15IGNvbW1lbnRzIGFyZSBtb3N0bHkNCj4gZWRpdG9yaWFsLg0KPiAN Cj4gRmlyc3QsIGEgbWlub3IgcmFudCB0aGF0IEkgZG9uJ3QgZXhwZWN0IHRvIGJlIGFkZHJlc3Nl ZCBhdCB0aGlzIHBvaW50IGluIHRoZQ0KPiBwcm9jZXNzOyBJIG1haW5seSBzYXkgdGhpcyB0byB0 cnkgdG8gZGlzY291cmFnZSBpdCBmdXR1cmUgYmlzIGRyYWZ0czogVGhlcmUgYXJlDQo+IHF1aXRl IGEgZmV3IGNoYW5nZXMgZnJvbSA0NDIzIHRoYXQgYXJlIGVudGlyZWx5IHN0eWxpc3RpYywgYnV0 IGRvIG5vdA0KPiBtYXRlcmlhbGx5IGNoYW5nZSB0aGUgY29udGVudCBvciBpbXByb3ZlIHJlYWRh YmlsaXR5LiBJIHdpc2ggcGVvcGxlIHdvdWxkbid0IGRvDQo+IHRoYXQsIGJlY2F1c2UgaXQgbWFr ZXMgaXQgaGFyZGVyIHRvIHJldmlldyBtYXRlcmlhbCBjaGFuZ2VzIHdpdGggdGhlIGRpZmYNCj4g dG9vbHMuIChJIHdpbGwgb25seSBwb2ludCBvdXQgc3VjaCBjaGFuZ2VzIHdoZXJlIEkgdGhpbmsg dGhlIG9yaWdpbmFsIHdhcyBtb3JlDQo+IGNvcnJlY3QuKQ0KDQphcG9sb2dpZXMgZm9yIHRoaXMh DQoNCj4gLUdlbmVyYWw6IFRoZXJlIHNlZW1zIHRvIGhhdmUgYmVlbiBhIHN5c3RlbWF0aWMgYXR0 ZW1wdCB0byByZW1vdmUgaHlwaGVucyBmcm9tDQo+IGNvbXBvdW5kIGFkamVjdGl2ZXMuIFRoZXJl IGFsc28gc2VlbXMgdG8gYmUgYSBzeXN0ZW1hdGljIGF0dGVtcHQgdG8gY2hhbmdlDQo+IGhlYWRp bmdzIGZyb20gdGl0bGUgY2FzZSB0byBub3JtYWwgc2VudGVuY2UgY2FzZS4gIEkgc3VzcGVjdCB0 aGUgUkZDIGVkaXRvcg0KPiB3aWxsIGNoYW5nZSB0aG9zZSBhbGwgYmFjay4NCg0KKEFkYW0gYWxy ZWFkeSBhc2tlZCB0byBmaXggYSBudW1iZXIgb2YgY29tcG91bmQgYWRqZWN0aXZlcykNCg0KPiBB YnN0cmFjdDogVGhlIGFic3RyYWN0IG1hbmFnZXMgdG8gY29tcGxldGVseSBhdm9pZCBzYXlpbmcg d2hhdCB0aGlzIG5hbWVzcGFjZQ0KPiBpcyBfZm9yXy4gKFllcywgSSByZWFsaXplIHRoYXQgaXMg b2xkIHRleHQgOi0pICkNCg0KSSBjaGFuZ2VkIHRoZSBmaXJzdCBzZW50ZW5jZSB0bzoNCg0KICAg IFRoaXMgbWVtbyBkZXNjcmliZXMgdGhlIEhvc3QgSWRlbnRpdHkgKEhJKSBuYW1lc3BhY2UsIHRo YXQgcHJvdmlkZXMgYQ0KICAgIGNyeXB0b2dyYXBoaWMgbmFtZXNwYWNlIHRvIGFwcGxpY2F0aW9u cywgYW5kIHRoZSBhc3NvY2lhdGVkIHByb3RvY29sDQogICAgbGF5ZXIsIHRoZSBIb3N0IElkZW50 aXR5IFByb3RvY29sLCBsb2NhdGVkIGJldHdlZW4gdGhlDQogICAgaW50ZXJuZXR3b3JraW5nIGFu ZCB0cmFuc3BvcnQgbGF5ZXJzLCB0aGF0IHN1cHBvcnRzIGVuZC1ob3N0DQogICAgbW9iaWxpdHks IG11bHRpaG9taW5nIGFuZCBOQVQgdHJhdmVyc2FsLg0KDQpJcyB0aGlzIG9rIGZvciB5b3U/DQoN Cj4gwqcxLCBmaXJzdCBwYXJhZ3JhcGg6IHMvICJ0cnkgYW5kIGRvIi8idHJ5IHRvIGRvIg0KPiAN Cj4gwqc0LjI6IFBsZWFzZSBtZW50aW9uIHRoZSBISVQgYWJicmV2aWF0aW9uIGluIHRoZSB0ZXh0 LCBub3QganVzdCB0aGUgaGVhZGluZy4NCj4gKFRoZSB0ZXh0IHNob3VsZCBtYWtlIHNlbnNlIGV2 ZW4gd2l0aG91dCB0aGUgaGVhZGluZ3MuKQ0KPiANCj4gwqc1Og0KPiAtIHRoaXJkIHBhcmFncmFw aDogTWlzc2luZyBhcnRpY2xlcyBiZWZvcmUgIkxlZnQiIGFuZCAicmlnaHQiLg0KPiAtIDJuZCB0 byBsYXN0IHBhcmFncmFwaDogTWlzc2luZyBhcnRpY2xlIGJlZm9yZSAiSElQIGxheWVyIiAobXVs dGlwbGUNCj4gaW5zdGFuY2VzKS4NCg0KZml4ZWQsIHRoYW5rcyENCg0K From nobody Mon Jan 7 04:19:33 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D00130EA0 for ; Mon, 7 Jan 2019 04:19:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.366 X-Spam-Level: X-Spam-Status: No, score=-4.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=L036WBxA; dkim=pass (1024-bit key) header.d=ericsson.com header.b=ET1axGKw Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D17s6UExOhvK for ; Mon, 7 Jan 2019 04:19:18 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47F80124BAA for ; Mon, 7 Jan 2019 04:19:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1546863552; x=1549455552; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=cEodPqXeyMdphn37sOasShY2QwCvOVRzqjRDhBQhBNo=; b=L036WBxAL5Y6VL1rWTYQKb6D1XYcCLtmK2ygnUf6eZhFkMjoF8X7E8ACopJIN56+ Bp0NgfK+utyweVq2OJ3DLDfNIBwI1nlFPm+bcQuD0kQ/DxFJZNGSpQSSDkonNsvh SoQg2OwFbq1SZnYsANpQoPzdFx183aliJB3+nUQ6UMM=; X-AuditID: c1b4fb25-209009e000005ff7-f2-5c3343c033a1 Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id F1.DB.24567.0C3433C5; Mon, 7 Jan 2019 13:19:12 +0100 (CET) Received: from ESESSMR503.ericsson.se (153.88.183.112) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 7 Jan 2019 13:19:12 +0100 Received: from ESESBMB501.ericsson.se (153.88.183.168) by ESESSMR503.ericsson.se (153.88.183.112) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 7 Jan 2019 13:19:10 +0100 Received: from EUR01-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB501.ericsson.se (153.88.183.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Mon, 7 Jan 2019 13:19:09 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cEodPqXeyMdphn37sOasShY2QwCvOVRzqjRDhBQhBNo=; b=ET1axGKwi3z9glYgbyB6KINx/QLMdktguhHjGLHo9xMEKuoKuMhELxjXPN5h1/5ANmyH9mHvh5f3koSr8qt5bXlcu44nLYOLsSykXMzadHtAY7TYwEdLlppRDdy2fMpv9fpJwGyop3+oc5gMan3h4xb70J7JbXC3MbrNEcPVWgA= Received: from VI1PR0701MB2957.eurprd07.prod.outlook.com (10.173.72.135) by VI1PR0701MB2095.eurprd07.prod.outlook.com (10.169.136.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.3; Mon, 7 Jan 2019 12:19:09 +0000 Received: from VI1PR0701MB2957.eurprd07.prod.outlook.com ([fe80::116c:b456:232b:a2ea]) by VI1PR0701MB2957.eurprd07.prod.outlook.com ([fe80::116c:b456:232b:a2ea%3]) with mapi id 15.20.1516.010; Mon, 7 Jan 2019 12:19:09 +0000 From: Miika Komu To: Will LIU , "ops-dir@ietf.org" CC: "draft-ietf-hip-rfc4423-bis.all@ietf.org" , "hipsec@ietf.org" , "ietf@ietf.org" Thread-Topic: Opsdir last call review of draft-ietf-hip-rfc4423-bis-19 Thread-Index: AQHT6D+nAyub/lFQ0USr2ozDuQMSsqWlNd+A Date: Mon, 7 Jan 2019 12:19:09 +0000 Message-ID: <6697618c-6e64-830b-4c04-7d4b912cc583@ericsson.com> References: <152594381959.10451.9615415806066075335@ietfa.amsl.com> In-Reply-To: <152594381959.10451.9615415806066075335@ietfa.amsl.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0202CA0048.eurprd02.prod.outlook.com (2603:10a6:3:e4::34) To VI1PR0701MB2957.eurprd07.prod.outlook.com (2603:10a6:800:87::7) authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1PR0701MB2095; 6:rvdQScED02gElP4Rt+XV99hxP6do3/A+DjawsgXHwWnLgQwOqGUOmUTnuxIRQ4cacMvtJEdff7FDmV5C2fLuM7wRPvixfOUBJ5SrmqSK1JvTniMTkCeQD3pBlzshxsWwWaEYRW3dnkpFFYxUu9iut/oFLhLLMDxxvZ0nubVUYFPw6ag3ZbAXNXeXERaK7ygQJiR9eJ0YhBLhDpLq9aJPYVTHRzWruGQ8D32uyyUlGk1xu6SMP7g2mF5C1q2zTFOowUkqMTSUVxlPEImQFh2NU5UbFGPLQ8MRm/WexTEUlZpxoJbepNyygtgfJL1raG7Alx1xpLCaEv3sAzKr8EOowahGO0sf6R8csR0Tvo1f5x3b36PTqgWSIKpIOVIsAmfeU31mEmwPDWNRx5xTOEgMxcVutt2FwytdIeHLnjM76bcu/wQe3VyKi+r0V/nJG6opbD6gx8WhPakdCmdI0Hbl7Q==; 5:+KW+lWC1sSGoukraghHQkMYzUNFxKLGJ85+BCu1SN9wUCBQP1nVKaiC6n8rkwp8cS4Q89s3mp2/4nwKEZDnIhkVpE8oV+ZW1pz7m0QpDzqg9FlZ19EJhmemzuZb1aWn18Ax07xNHyeJJXu0DBQgPf+ao96DUW8Kcqcb0n1RNp/4IE+qmY/PrnDAZsOuDvGQlBGMzhSGoWa8BHjM5bBXk2g==; 7:9EjGdOxMsLq88PWPjr5kLFtMYmUBBtGD/cZ7CDDoHjLpaUoAdk3IJh8YHRs1lMFIGcDcaODhtIlFfnoTnmocNXYN+d/GkGk4t+Sm19KuTW0R8ZBt9dGoMfy+sQ/ECJJg0eLhGQ995DuXqzk7uQmLtg== x-ms-office365-filtering-correlation-id: 11b5e590-f5d2-4454-b664-08d6749a532f x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:VI1PR0701MB2095; x-ms-traffictypediagnostic: VI1PR0701MB2095: x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(93006095)(93001095)(3231475)(944501520)(52105112)(3002001)(6041310)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:VI1PR0701MB2095; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0701MB2095; x-forefront-prvs: 0910AAF391 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(396003)(366004)(136003)(346002)(51914003)(189003)(199004)(53754006)(6116002)(3846002)(36756003)(25786009)(4326008)(5660300001)(446003)(11346002)(2616005)(68736007)(476003)(2906002)(305945005)(7736002)(99286004)(81156014)(81166006)(8676002)(8936002)(110136005)(54906003)(316002)(2501003)(66066001)(6512007)(6506007)(478600001)(106356001)(105586002)(229853002)(102836004)(6486002)(386003)(76176011)(53546011)(6436002)(44832011)(186003)(486006)(256004)(14444005)(26005)(31686004)(53936002)(14454004)(6246003)(31696002)(86362001)(71190400001)(52116002)(97736004)(71200400001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2095; H:VI1PR0701MB2957.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Xo9XrBKHNNeQrPqUzLnO2l/0Kj2uabOwtXG9JeFVZHhA0YQGl6fsY6Qv/QRe0WPy8wEEC1xR7bKyx4xupTzlIgRhC480kwEdOdp9ago9/bP5W0maW0qLMfWUsZJzEBCTSn+Aob8Rbew+TtPCObeoynN5i5IP0e8tCKAoomN7Av6TKrE84+0eopiyA3TqtLwz2bnYqTcd7Pn5cQHBw/VjvBL0mB8jWUqQWHE3qi1TfxPqJ3zw3xx+8Yd0l9zGOCjBeAmEcX56i/jVdfO+nRp+HBK/tyRQVMEstrWPUhPWSzAuSIXGShHeZt0/+TLrQaGu spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <3B8684B4D293A84DA99A98DCC54E1AA5@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 11b5e590-f5d2-4454-b664-08d6749a532f X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jan 2019 12:19:08.5932 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2095 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrEKsWRmVeSWpSXmKPExsUyM2J7ue4BZ+MYg30X1C3OnTjGajF10WRm i2cb57NYbL/4ntmit2kJswOrR8uRt6weS5b8ZApgiuKySUnNySxLLdK3S+DK2HfrHEvBPcmK 4y/mMzUwdkh2MXJySAiYSLR29bB1MXJxCAkcYZT40vyVBcL5yihx580JRjjn1b5+VghnMZPE rgOrwMpYBCYwSzxacQOqbBqTRPekpVDTnjJK7Fi7kA1kDZuAlsSqO9eZQWwRAR+JOXvvgXUw CyxklPg/bRlYQljAVWLex9MsEEVuEk07tjNB2EYSD2b3sILYLAIqEufP/AOr5xWwl9hy8BPQ Ag6gbc4S26/ogYQ5BVwkNs7ZDTaGUUBWYuVmiHJmAXGJW0/mM0G8LSCxZM95ZghbVOLl439g v0kIzGCUaF/WywjRHCXR/aqfBaJIR+Ls9SeMELaixNl3D6EGyUpcmt8NFW9hl1j+nR3C9pWY 3fydGWLoJUaJa492s8EMuvj5GNTmfIl171+zTGA0noXkwFlA/zALaEqs36UPEfaQWNv/hg3C VpSY0v2QfRbY+4ISJ2c+YVnAyLqKUbQ4tTgpN93IWC+1KDO5uDg/Ty8vtWQTIzDlHNzyW3UH 4+U3jocYBTgYlXh4HxoYxwixJpYVV+YeYpTgYFYS4c15ahgjxJuSWFmVWpQfX1Sak1p8iFGa g0VJnPePkGCMkEB6YklqdmpqQWoRTJaJg1OqgdFwkZhLhjHbTt5bxnX3hWVe8zxZlSspvs+t f8JB8Zk1mZP+NU5lZGJsaT0lu0Bf+3Khz2zNl+88NdIYz/w5cvbPNsODK8ujZi6SOX9CLzOx zvK7lOLHkG829evZWZMXl7qqe7++EfLryT7BkDcPzRjc5a7usQid1HeZ1SbHKCdln9bc7H/a UUosxRmJhlrMRcWJAPGX8Hw1AwAA Archived-At: Subject: Re: [Hipsec] Opsdir last call review of draft-ietf-hip-rfc4423-bis-19 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jan 2019 12:19:30 -0000 SGkgV2lsbCwNCg0KT24gNS8xMC8xOCAxMjoxNiwgV2lsbCBMSVUgd3JvdGU6DQo+IFJldmlld2Vy OiBXaWxsIExJVQ0KPiBSZXZpZXcgcmVzdWx0OiBSZWFkeQ0KPiANCj4gSGkgYWxsLA0KPiANCj4g KFNvcnJ5ICwgaXQgc2VlbXMgdG8gbWUgdGhhdCB0aGUgbm90aWZpY2F0aW9uIHdhcyBibG9ja2Vk IGJ5IHRoZSBmaWx0ZXIuIEkNCj4gZ3Vlc3MgaXQncyBhIGxpdHRsZSBiaXQgbGF0ZS4pDQoNCm5v IGl0J3Mgbm90ISBJdCdzIG1lIHdobyBpcyBydW5uaW5nIGxhdGUuDQoNCj4gSSBoYXZlIHJldmll d2VkIGRyYWZ0LWlldGYtaGlwLXJmYzQ0MjMtYmlzLTE5IGFzIHBhcnQgb2YgdGhlIE9wZXJhdGlv bmFsDQo+IGRpcmVjdG9yYXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRv Y3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkNCj4gdGhlIElFU0cuICBUaGVzZSBjb21tZW50cyB3 ZXJlIHdyaXR0ZW4gd2l0aCB0aGUgaW50ZW50IG9mIGltcHJvdmluZyB0aGUNCj4gb3BlcmF0aW9u YWwgYXNwZWN0cyBvZiB0aGUgSUVURiBkcmFmdHMuIENvbW1lbnRzIHRoYXQgYXJlIG5vdCBhZGRy ZXNzZWQgaW4gbGFzdA0KPiBjYWxsIG1heSBiZSBpbmNsdWRlZCBpbiBBRCByZXZpZXdzIGR1cmlu ZyB0aGUgSUVTRyByZXZpZXcuICBEb2N1bWVudCBlZGl0b3JzDQo+IGFuZCBXRyBjaGFpcnMgc2hv dWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsDQo+ IGNvbW1lbnRzLg0KPiANCj4g4oCcVGhpcyBtZW1vIGRlc2NyaWJlcyBhIG5ldyBuYW1lc3BhY2Us IHRoZSBIb3N0IElkZW50aXR5IG5hbWVzcGFjZSwgYW5kDQo+ICAgICBhIG5ldyBwcm90b2NvbCBs YXllciwgdGhlIEhvc3QgSWRlbnRpdHkgUHJvdG9jb2wsIGJldHdlZW4gdGhlDQo+ICAgICBpbnRl cm5ldHdvcmtpbmcgYW5kIHRyYW5zcG9ydCBsYXllcnMuICBIZXJlaW4gYXJlIHByZXNlbnRlZCB0 aGUNCj4gICAgIGJhc2ljcyBvZiB0aGUgY3VycmVudCBuYW1lc3BhY2VzLCB0aGVpciBzdHJlbmd0 aHMgYW5kIHdlYWtuZXNzZXMsIGFuZA0KPiAgICAgaG93IGEgbmV3IG5hbWVzcGFjZSB3aWxsIGFk ZCBjb21wbGV0ZW5lc3MgdG8gdGhlbS4gIFRoZSByb2xlcyBvZiB0aGlzDQo+ICAgICBuZXcgbmFt ZXNwYWNlIGluIHRoZSBwcm90b2NvbHMgYXJlIGRlZmluZWQuDQo+IA0KPiAgICAgVGhpcyBkb2N1 bWVudCBvYnNvbGV0ZXMgUkZDIDQ0MjMgYW5kIGFkZHJlc3NlcyB0aGUgY29uY2VybnMgcmFpc2Vk IGJ5DQo+ICAgICB0aGUgSUVTRywgcGFydGljdWxhcmx5IHRoYXQgb2YgY3J5cHRvIGFnaWxpdHku ICBJdCBpbmNvcnBvcmF0ZXMNCj4gICAgIGxlc3NvbnMgbGVhcm5lZCBmcm9tIHRoZSBpbXBsZW1l bnRhdGlvbnMgb2YgUkZDIDUyMDEgYW5kIGdvZXMgZnVydGhlcg0KPiAgICAgdG8gZXhwbGFpbiBo b3cgSElQIHdvcmtzIGFzIGEgc2VjdXJlIHNpZ25hbGluZyBjaGFubmVsLuKAnQ0KPiANCj4gTXkg b3ZlcmFsbCB2aWV3IG9mIHRoZSBkb2N1bWVudCBpcyAnUmVhZHknIGZvciBwdWJsaWNhdGlvbi4N Cg0KdGhhbmtzIQ0KDQo+IFNvbWUgc21hbGwgb25lczoNCj4gDQo+IDEuIEVzcGVjaWFsbHksIEkg YW0gZ2xhZCB0byBzZWUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gcGFydCB3ZWxsIGV4cGxh aW5lZC4NCj4gSSBndWVzcyBpdCdzIHN0aWxsIHdvcnRoIHdyaXRpbmcgc29tZXRoaW5nIGFib3V0 IHRoZSBzZWN1cml0eSB0cmFkZW9mZg0KPiBpbmZsdWVuY2UgZm9yIHRoZSBkaWZmZXJlbnQgbW9k ZXMgbWVudGlvbmVkIGluIHByZXZpb3VzIHNlY3Rpb25zLiBJbiBmYWN0LA0KPiB0aGVyZSBhcmUg c29tZSB3b3JkcyBpbiBwcmV2aW91cyBzZWN0aW9ucywgbWF5YmUgYSBzdW1tYXJ5IGNhbiBiZSBw dXQgaGVyZS4NCg0KSSBhZGRlZCBvbmUgbGluZSBxdWljayBzdW1tYXJ5IHRvIHRoZSBhYnN0cmFj dDoNCg0KWy4uLl0gVGhlIHNlY3Rpb24gb24gc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZGVzY3Jp YmUgYWxzbyBtZWFzdXJlcyANCmFnYWluc3QgZmxvb2RpbmcgYXR0YWNrcywgdXNhZ2Ugb2YgaWRl bnRpdGllcyBpbiBhY2Nlc3MgY29udHJvbCBsaXN0cywgDQp3ZWFrZXIgdHlwZXMgb2YgaWRlbnRp ZmllcnMgYW5kIHRydXN0IG9uIGZpcnN0IHVzZS4gWy4uLl0NCg0KRG9lcyB0aGlzIGFkZHJlc3Mg eW91ciBjb25jZXJuPw0KDQo+IDIuIEl0J3MgZ29vZCB0byBoYXZlIGEgc2luZ2xlIHN1YnNlY3Rp b24gYWJvdXQgIiBBbnN3ZXJzIHRvIE5TUkcgcXVlc3Rpb25zIi4NCj4gSG93ZXZlciwgbWF5YmUg aXQncyBiZXR0ZXIgdG8gcHV0IGl0IGluIGFwcGVuZGl4Pw0KDQppdCdzIGFscmVhZHkgaW4gYXBw ZW5kaXggKGR1ZSB0byBvdGhlciByZXZpZXcgY29tbWVudHMpLg0KDQpUaGFua3MgZm9yIHRoZSBm ZWVkYmFjayENCg0K From nobody Tue Jan 8 05:58:26 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58788124BE5 for ; Tue, 8 Jan 2019 05:58:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gsgJsDkZQbLZ for ; Tue, 8 Jan 2019 05:58:20 -0800 (PST) Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 559B71277D2 for ; Tue, 8 Jan 2019 05:58:20 -0800 (PST) Received: by mail-lj1-x233.google.com with SMTP id t18-v6so3484151ljd.4 for ; Tue, 08 Jan 2019 05:58:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dTgEupotgLajl/g5/HnthK+tzIB+TAwiwE8xZb1zgqk=; b=Q5fxdFQcULoz3kaTNyhjSaAtG0P5DHQamDLAwUHWIffiB7e8rJk246vBBDEx0RV88D JwngN/k+iin0bblWdbo8Lz0hBut3+UZPLUmaBOw3U1UbzfgeKrkWufwmXfoeZn4HoeoW fWrnx3sfikRaDOVOozblU7s2k9jZOe3MzvhBpwsWBM6kaHLruyACSjV7OcNlbARYCBRr 1b3VVoH70J98OjI19PNvl+SYHKTW2Mp03neBVpCY0xcNPai45TVqGfGEwIBWy12NDNbT bFLbqLOB1nsBhZ9S/T/Pmupx6fbIwyFWmYKTLWiNQ0cG5dKqpH4ToCaKVdStj36sye4Z CbJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dTgEupotgLajl/g5/HnthK+tzIB+TAwiwE8xZb1zgqk=; b=GGfjid6UczsX0m8XkZL5PKjKa5c6JgZ9YTt/iY/9nQ8ChBn1mLfhXCYhKXEjQKTRce bgkMeLmlE5j+7d4KlLfl0FHJ7LDgEbXtvbo6caPabgBGDGXElV9+CVF6mHdbF9fxRcVH c66hkOvIhErguMw/7pAPhI9thSGMw/X6qs6Ik6D8+BwXCdy/9jMj2+DUF5sT4xduOEtE G5lOdBFhyPKTBoSLGOo7WoOrIV1DmKstffoxKN41xbJempFH2a/C4cCsadA5vKFHNYq1 X7G0YRJXWxKJBRcTHPUST3609nlRPEyc/u+TR6a5Qy0+2rGzdxJl6yBQhbDshfpTgBcZ gwfw== X-Gm-Message-State: AJcUukfFjRrZwukxpvoQ/n7JB7e0j97p6A5sxRFYzwKPx2iqkNUnY6Rm WRj/kWPg7jrleg0U4u19AqU0WafZzLGB/aPdmkjoUQ== X-Google-Smtp-Source: ALg8bN72J8vViWoBiO4w7pbc1qL4f8uBggz7JFzDiu/DRly38wGE9q78qCgXxAeKVL+vQTJHaB4xi8V3baqA7aEWjGo= X-Received: by 2002:a2e:3218:: with SMTP id y24-v6mr1229419ljy.157.1546955898498; Tue, 08 Jan 2019 05:58:18 -0800 (PST) MIME-Version: 1.0 References: <152564286489.26793.2457846656783140871.idtracker@ietfa.amsl.com> <70e4c94f-0097-0b13-140c-db0a5732ab67@kapsi.fi> In-Reply-To: From: Eric Rescorla Date: Tue, 8 Jan 2019 05:57:41 -0800 Message-ID: To: Tom Henderson Cc: mkomu@kapsi.fi, draft-ietf-hip-rfc4423-bis@ietf.org, hipsec@ietf.org, hip-chairs@ietf.org, IESG Content-Type: multipart/alternative; boundary="000000000000d04731057ef2bcde" Archived-At: Subject: Re: [Hipsec] Eric Rescorla's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2019 13:58:25 -0000 --000000000000d04731057ef2bcde Content-Type: text/plain; charset="UTF-8" On Mon, Jan 7, 2019 at 9:58 PM Tom Henderson wrote: > Eric, Miika asked me to share some off-list discussion we had on your > questions about second preimage attacks in HIP (inline below, trimming to > the relevant parts). > > - Tom > > On 11/21/18 11:37 AM, Eric Rescorla wrote: > > > > On Tue, Nov 20, 2018 at 12:07 PM Miika Komu wrote: > >> >> > Eric Rescorla has entered the following ballot position for >> > draft-ietf-hip-rfc4423-bis-19: No Objection >> > >> > > > > > >> > COMMENTS >> > S 3.1. >> >> were obtained. For 64 bits, this number is roughly 4 >> billion. A >> >> hash size of 64 bits may be too small to avoid collisions in a >> >> large population; for example, there is a 1% chance of >> collision >> >> in a population of 640M. For 100 bits (or more), we would not >> >> expect a collision until approximately 2**50 (1 quadrillion) >> >> hashes were generated. >> > >> > It's not just a matter of collisions being hard, but also of being >> > difficult to produce an HI with a given name. >> >> ....where name would be the hash (i.e. HIT). So I added: >> >> Besides accidental collisions, it is also worth noting that intentional >> collisions are difficult to accomplish because generating a valid, >> colliding hash along with its private-public key is computationally >> challenging. >> >> Did I capture your thinking correctly? >> > > Well, this isn't a collision; it's what's called a preimage. I.e., > computing a public > key with a given HIT. Anyway, as far as I can tell, in HIP being able to > compute > a preimage for HIT Y = H(K_X) is equivalent to breaking key K_X, so that > means > that that function must have reasonable strength. 2^64 is nowhere near > enough and the typical expected security level of IETF protocols is 2^128, > so that means that the full width of the IPv6 address has to be used. > > The second preimage attack resistance is 96 bits, plus whatever work is > needed to generate the keys. > I agree that this is in RFC 7343, but it doesn't seem to be stated anywhere in this document, and given that this text talks about both 64 bit and >= 100 bit hash functions, I'm not sure how to get it from this text, which is in context quite confusing/ There isn't any mechanism defined to extend this, such as the CGA Hash > Extension, but it seems to me that HIP could be extended in a similar way. > My recollection is that the WG had thought 96 bits to be strong enough > preimage resistance. > Generally, we are targeting the 128-bit security level for new deployments > > > >> > S 4.3. >> >> packet. Consequently, a HIT should be unique in the whole IP >> >> universe as long as it is being used. In the extremely rare >> case of >> >> a single HIT mapping to more than one Host Identity, the Host >> >> Identifiers (public keys) will make the final difference. If >> there >> >> is more than one public key for a given node, the HIT acts as a >> hint >> >> for the correct public key to use. >> > >> > How do you handle second-preimage attacks on the hash? >> >> I guess you are referring to this: >> >> https://tools.ietf.org/html/rfc7343#section-5 >> >> (Please let me know if an explicit reference is needed) >> > > No, I'm referring to the point I raised above. > > Would you prefer to add a statement such as "The defense against second > preimage attacks on the hash is the length of the hash truncation (96 > bits), the work required to generate keys to try, and the possible > distribution of both the host identity and HIT to end systems."? > I think you need to lay the situation out rather more completely than this. I mean, the current text doesn't even say "preimage". You need to describe the threat, how the-potential attack works, and why it's difficult -Ekr --000000000000d04731057ef2bcde Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Mon, Jan 7, 2019 at 9:58 PM Tom Henderson <tomh@tomh.org> wrote:
=20 =20 =20
Eric, Miika a= sked me to share some off-list discussion we had on your questions about second preimage attacks in HIP (inline below, trimming to the relevant parts).

- Tom

On 11/21/18 1= 1:37 AM, Eric Rescorla wrote:
=20


On Tue, Nov 20, 2018 at 12:07 PM Miika Komu <mkomu@k= apsi.fi> wrote:

> Eric Rescorla has entered the following ballot position for
> draft-ietf-hip-rfc4423-bis-19: No Objection
>
>

=C2=A0
> COMMENTS
> S 3.1.
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 were obtained.=C2=A0= For 64 bits, this number is roughly 4 billion.=C2=A0 A
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 hash size of 64 bits= may be too small to avoid collisions in a
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 large population; fo= r example, there is a 1% chance of collision
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 in a population of 6= 40M.=C2=A0 For 100 bits (or more), we would not
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 expect a collision u= ntil approximately 2**50 (1 quadrillion)
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 hashes were generate= d.
>
> It's not just a matter of collisions being hard, but also of being
> difficult to produce an HI with a given name.

....where name would be the hash (i.e. HIT). So I added:

Besides accidental collisions, it is also worth noting that intentional
collisions are difficult to accomplish because generating a valid,
colliding hash along with its private-public key is computationally
challenging.

Did I capture your thinking correctly?

Well, this isn't a collision; it's what's called= a preimage. I.e., computing a public
key with a given HIT. Anyway, as far as I can tell, in HIP being able to compute
a preimage for HIT Y =3D H(K_X) is equivalent to breaking key K_X, so that means
that that function must have reasonable strength. 2^64 is nowhere near
enough and the typical expected security level of IETF protocols is 2^128,
so that means that the full width of the IPv6 address has to be used.

The second preimage attack resistance is 96 bits, plus whatever work is needed to generate the keys.=C2=A0

I agree that this is in RFC 7343, but it doesn't seem to be stated an= ywhere in this document, and=C2=A0 given that this text talks about both 64= bit and >=3D 100 bit hash functions, I'm not sure how to get it fro= m this text, which is in context quite confusing/

<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">
<= p>There isn't any mechanism defined to extend this, such as the CGA Hash Extension, but it seems to me that HIP could be extended in a similar way.=C2=A0 My recollection is that the WG had thought 96 bits to be strong enough preimage resistance.

Generally, we = are targeting the 128-bit security level for new deployments
= =C2=A0




> S 4.3.
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0packet.=C2=A0 Consequently, = a HIT should be unique in the whole IP
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0universe as long as it is be= ing used.=C2=A0 In the extremely rare case of
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0a single HIT mapping to more= than one Host Identity, the Host
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0Identifiers (public keys) wi= ll make the final difference.=C2=A0 If there
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0is more than one public key = for a given node, the HIT acts as a hint
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0for the correct public key t= o use.
>
> How do you handle second-preimage attacks on the hash?

I guess you are referring to this:

https://tools.ietf.org/html/rfc7343#secti= on-5

(Please let me know if an explicit reference is needed)

No, I'm referring to the point I raised above.

Would you prefer to add a statement such as "The defense agains= t second preimage attacks on the hash is the length of the hash truncation (96 bits), the work required to generate keys to try, and the possible distribution of both the host identity and HIT to end systems."?

I think you need t= o lay the situation out rather more completely than this. I mean, the curre= nt text doesn't even say "preimage". You need to describe the= threat, how the-potential attack works, and why it's difficult

-Ekr

--000000000000d04731057ef2bcde-- From nobody Tue Jan 8 07:49:04 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79724130EAE for ; Tue, 8 Jan 2019 07:49:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.365 X-Spam-Level: X-Spam-Status: No, score=-4.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=RuuXI0hq; dkim=pass (1024-bit key) header.d=ericsson.com header.b=UOtrY41k Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Svrop493kLeq for ; Tue, 8 Jan 2019 07:48:58 -0800 (PST) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECD03130EA1 for ; Tue, 8 Jan 2019 07:48:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1546962536; x=1549554536; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=gHaCWuP9dl51kmFA+D2lwbX55FW1DVrYDdzLvL12QjM=; b=RuuXI0hq8AO4inTGVgZHDJNh+88lpEY75+CzFji52JClKAyIdtPKuQW3fZaIsHc9 w2JicuPA67cIAUgY5pn3Bpn5RCxdAflCqqcNAp8llOMnFBfIv+lIrQwsw65vBKmt 6PRnecNKhsfePJX9aJZFvozC0LWm8vPP7MZbggXXzFA=; X-AuditID: c1b4fb3a-167ff7000000672c-d6-5c34c668fad6 Received: from ESESSMB502.ericsson.se (Unknown_Domain [153.88.183.120]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 62.E5.26412.866C43C5; Tue, 8 Jan 2019 16:48:56 +0100 (CET) Received: from ESESSMR506.ericsson.se (153.88.183.128) by ESESSMB502.ericsson.se (153.88.183.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 8 Jan 2019 16:48:55 +0100 Received: from ESESBMB501.ericsson.se (153.88.183.168) by ESESSMR506.ericsson.se (153.88.183.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 8 Jan 2019 16:48:55 +0100 Received: from EUR01-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB501.ericsson.se (153.88.183.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Tue, 8 Jan 2019 16:48:55 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gHaCWuP9dl51kmFA+D2lwbX55FW1DVrYDdzLvL12QjM=; b=UOtrY41kA7EIkjU2tBl2zuFf0XsEz2AzRNueNorUYkIgojaTng1VDx01NzBxXvjTwpoMEOxNB3jf6UPm5G1P0420IaZ4IO/fsHCM5JciYi3Xui5ifWIQ0RcYAwu9X5IILanPtyBWx9b1eLQnY+Z/t3S2O176w/2WO1S0H8sSrHQ= Received: from VI1PR0701MB2957.eurprd07.prod.outlook.com (10.173.72.135) by VI1PR0701MB2288.eurprd07.prod.outlook.com (10.169.137.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.4; Tue, 8 Jan 2019 15:48:54 +0000 Received: from VI1PR0701MB2957.eurprd07.prod.outlook.com ([fe80::116c:b456:232b:a2ea]) by VI1PR0701MB2957.eurprd07.prod.outlook.com ([fe80::116c:b456:232b:a2ea%3]) with mapi id 15.20.1516.010; Tue, 8 Jan 2019 15:48:54 +0000 From: Miika Komu To: Eric Rescorla , "mkomu@kapsi.fi" CC: IESG , "hipsec@ietf.org" , "Gonzalo Camarillo" , "draft-ietf-hip-rfc4423-bis@ietf.org" , "hip-chairs@ietf.org" Thread-Topic: Eric Rescorla's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) Thread-Index: AQHT5YLxe6LepMqB0kKL89VZqk/vXKVaTjGAgAGJ8ICASzAnAA== Date: Tue, 8 Jan 2019 15:48:54 +0000 Message-ID: References: <152564286489.26793.2457846656783140871.idtracker@ietfa.amsl.com> <70e4c94f-0097-0b13-140c-db0a5732ab67@kapsi.fi> In-Reply-To: Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR09CA0085.eurprd09.prod.outlook.com (2603:10a6:7:3d::29) To VI1PR0701MB2957.eurprd07.prod.outlook.com (2603:10a6:800:87::7) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1PR0701MB2288; 6:/i4rN9b5OB4JAY1jrSukU+1a/hicjnAql8vF7+wpy6lSH6XAyzPObnUGsUCWq7ihkKNqSjIjTskSfcCh3hSBZA+AdL3THD3HMQwZu4FwW/dOS7C0202Q1UAucuxleoS018+3MEr42rlXkc0Y0Je2E8NnjmxOp9h0Ip9MIliEij1xGjIp7092o7uneLUt9ACIKG5DU6zB46Lt9Ayn0mGDmSj6Mz6q9BFIA4JiQrVrsR0pWpCPCbiAzeOV1X5k/G5QRzPDwOVAWyrg9QCXG1gWlECM1pF96Iwpi42FY/o3XIeYHN+Yd7Y1gpR8A+xcSzPg2cnPa24sUUzndB2HcmtyAMoCGy0tqDot4PHo62cn8qD/43K23HbpI5u7vwGg72LLAyptLr94yNZRDxepI/XCPlMYm8aZQzee84KJlBysviTy20FOtmy52YAjv+a51nMAjdqnrd44v3kqd9Z936qiUw==; 5:gmTPdFzLVsUBteXWzW25ZJqKcTBHzXu6xGuaBHd8KZ2od/MgKULoCu0TFcKGU/Noya13fsTKZWrlZpCC49ldkfdCrlCGf/f6XQduQNnWfDXJVg96vYObN5WT6BHpWf1C/RRLUBirwEazFlWTD/FCGTRrNO83Ko9gGDG0C+DgSDg/HrNl4W5L4EoR4qL8nUodafj8J87h+vW2bJvGD7kYGw==; 7:OqH45YiYTBSmrdkflnlc1xKiL66EfIDuKxryJwDBKAEZAjaRrbYQ0XBdF+vV3zQ/koMOiOgcs4VWM80AVyFVOJG87cUIztwbvU01Dcol9IalWOYbIPx2OWUD1FjYCjw+P/tj9rRD10Tfbji6G/MjjA== x-ms-office365-filtering-correlation-id: 80a8878e-d1ad-4a16-06ce-08d67580cae7 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(7193020); SRVR:VI1PR0701MB2288; x-ms-traffictypediagnostic: VI1PR0701MB2288: x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(93006095)(93001095)(3002001)(3231475)(944501520)(52105112)(6041310)(20161123562045)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:VI1PR0701MB2288; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0701MB2288; x-forefront-prvs: 0911D5CE78 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(136003)(39860400002)(396003)(366004)(376002)(199004)(189003)(97736004)(2616005)(229853002)(31686004)(11346002)(99286004)(476003)(14454004)(8676002)(81156014)(81166006)(316002)(446003)(2906002)(256004)(486006)(6346003)(186003)(478600001)(26005)(66066001)(14444005)(52116002)(44832011)(966005)(106356001)(105586002)(8936002)(386003)(7736002)(102836004)(305945005)(86362001)(6436002)(36756003)(6512007)(76176011)(53546011)(6506007)(71200400001)(71190400001)(6116002)(3846002)(31696002)(4326008)(6486002)(6246003)(54906003)(561944003)(110136005)(5660300001)(25786009)(53936002)(6306002)(68736007)(2501003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2288; H:VI1PR0701MB2957.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: pHIUj8xKd7zSKbma8dSRxlyQg9Y42gsXcAzilPnvn+4H3nXjV2InsJOZdTUAM3PodchEizoNYt2zWOpwEUN4mr1v465gJTac9+iNTXiA/GRhyg2F2329H4LkjxB2afprfSmT4yxoNj53o0bbsB+oWoHL6q4TLxZsWkNtEOcO/Os8RWipAFqDvAM24rLOUFYp6A0OHs+Pc4sEr/BrXmb/L7c+l88He4Uo5elelSxBO5dtVlNMoaOrpvl/z3xUu8JDoo5ezBPoPi9d5bYI938CxOqyIy/gLvKFHFTFGS5Kxzt7YCob0lq82FrF9T0fmV67 spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <78522C80A2353B4A8BF81E270E28F4EC@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 80a8878e-d1ad-4a16-06ce-08d67580cae7 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jan 2019 15:48:53.5952 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2288 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA02SfyzUYRzH99zzvbsv6/I4zGdizY3ERHTL1STqn/uDlvxTXKtbvsO4Y/fF 6C81tXYKEYXWUZooOxRRnc3tXKqRXaTFMb9KS0zFZnHr7r60/nu9P+/383me9/bQWPyE70Nn qHMZjVqZJRG4UjWnnxfsSzdLFftvzFMyq+meUPbo+5BQZrqiFcqq7ldi2Z2Nm1g2WjrLjxXI GxvXeXLL0AaWV85exSdxsmt0KpOVkc9owmPOu6Z/mV7HOXNJBYs/+/hFaDhRi1xoIFLQGUqE WuRKi4kJwepy05ZYRfCufkjwT+gfd/A48YAHFQvdfIegSDmGl5X1W7FqHgwuDSNOzCMYLO0U OK4RkBBomRjDDvYkx0F/rRI7Qpj8QjD7ts4Z8iAKWCvrEHChs2CcMVNaRNv5GJQOhDvGFAmA j9YB5x4ROQo9NhNysJiYEVjakh3sQhKht6vBuQYRP2h+anPmMfGGz3M6HlebQOOr95hjL/g2 a+NzXI2gqvkQx6EwODaHOPa3F5veOusHFl2JsySQYiHcfd0r4IwEmDLUUZxhQdDaXyTc3lS8 XMN3lAGSDW3tgVxmFEObbRKVowO1/z2w1h7DJBj0L8K5sRxWdIMUx/5wq2RaWOvs7w5vauao esRvQV4sw7KqtMjIMEaTcYFls9Vhaia3A9n/UN+zP4e7Ud/XOCMiNJLsEG0YpAoxX5nPFqqM CGgs8RTp8+wjUaqy8CKjyT6nyctiWCPaRVMSb9GG2F0hJmnKXCaTYXIYzbbLo118ilB0m8r6 MDNe78cb6zw1EhA1uffgB8XSwu+gFGv/J1/pTIH3np7+H5urlvzdUa0qX99Ydi0iWOw2Fb8z UDu+6F+w2dikXD0Tx44YUtjuxDJGNx596fpwQ+GR0Nsn2usnpNLsrpgEozm44rLKjSSveCe1 h6JWUZAHKQ+eNkz0LkooNl0ZEYI1rPIvt/MYSD8DAAA= Archived-At: Subject: Re: [Hipsec] Eric Rescorla's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2019 15:49:02 -0000 SGkgRXJpYywNCg0KKHNvbWUgb3RoZXIgcXVlc3Rpb25zIHN0aWxsIHJlbWFpbiB0byBiZSBkaXNj dXNzZWQgYmVzaWRlcyB0aGUgc2Vjb25kIA0KcHJlaW1hZ2UgY29sbGlzaW9uIGlzc3VlKQ0KDQpP biAxMS8yMS8xOCAyMTozNywgRXJpYyBSZXNjb3JsYSB3cm90ZToNCj4gDQo+IA0KPiBPbiBUdWUs IE5vdiAyMCwgMjAxOCBhdCAxMjowNyBQTSBNaWlrYSBLb211IDxta29tdUBrYXBzaS5maSANCj4g PG1haWx0bzpta29tdUBrYXBzaS5maT4+IHdyb3RlOg0KPiANCj4gICAgIEhpIEVyaWMsDQo+IA0K PiAgICAgT24gNS83LzE4IDAwOjQxLCBFcmljIFJlc2NvcmxhIHdyb3RlOg0KPiAgICAgID4gRXJp YyBSZXNjb3JsYSBoYXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3IN Cj4gICAgICA+IGRyYWZ0LWlldGYtaGlwLXJmYzQ0MjMtYmlzLTE5OiBObyBPYmplY3Rpb24NCj4g ICAgICA+DQo+ICAgICAgPiBXaGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0 IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGwNCj4gICAgICA+IGVtYWlsIGFkZHJlc3NlcyBp bmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAoRmVlbCBmcmVlIHRvDQo+ICAgICBjdXQg dGhpcw0KPiAgICAgID4gaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pDQo+ICAgICAg Pg0KPiAgICAgID4NCj4gICAgICA+IFBsZWFzZSByZWZlciB0bw0KPiAgICAgaHR0cHM6Ly93d3cu aWV0Zi5vcmcvaWVzZy9zdGF0ZW1lbnQvZGlzY3Vzcy1jcml0ZXJpYS5odG1sDQo+ICAgICAgPiBm b3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRp b25zLg0KPiAgICAgID4NCj4gICAgICA+DQo+ICAgICAgPiBUaGUgZG9jdW1lbnQsIGFsb25nIHdp dGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6DQo+ICAgICAgPiBo dHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLWhpcC1yZmM0NDIzLWJp cy8NCj4gICAgICA+DQo+ICAgICAgPg0KPiAgICAgID4NCj4gICAgICA+DQo+ICAgICAtLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tDQo+ICAgICAgPiBDT01NRU5UOg0KPiAgICAgID4NCj4gICAgIC0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N Cj4gICAgICA+DQo+ICAgICAgPiBSaWNoIHZlcnNpb24gb2YgdGhpcyByZXZpZXcgYXQ6DQo+ICAg ICAgPiBodHRwczovL21venBoYWItaWV0Zi5kZXZzdmNkZXYubW96YXdzLm5ldC9EMzcwOQ0KPiAg ICAgID4NCj4gICAgICA+DQo+ICAgICAgPiBNYXliZSBJJ20gbWlzc2luZyBzb21ldGhpbmcgaW1w b3J0YW50LCBidXQgSSBkb24ndCBzZWUgaW4gdGhpcw0KPiAgICAgID4gZG9jdW1lbnQgaG93IHlv dSBnbyBmcm9tIGEgSEkgKG9yIEhJVCkgdG8gdGhlIGNvcnJlc3BvbmRpbmcgSVANCj4gICAgICA+ IGxvY2F0b3IuIFRoYXQgc2VlbXMgcHJldHR5IGNyaXRpY2FsIHRvIG1ha2luZyB0aGlzIHdvcmsu IENhbiB5b3UNCj4gICAgIHBvaW50DQo+ICAgICAgPiBtZSBpbiB0aGUgcmlnaHQgZGlyZWN0aW9u Pw0KPiANCj4gICAgIChJIGludGVycHJldCAicmlnaHQiIGRpcmVjdGlvbiBoZXJlIGFzIGhvdyB0 byBpbXBsZW1lbnQgdGhpcyBpbg0KPiAgICAgcHJhY3RpY2U7IHBsZWFzZSBsZXQgbWUga25vdyBp ZiB5b3Ugd2VyZSBhc2tpbmcgZm9yIHNvbWV0aGluZyBlbHNlKQ0KPiANCj4gICAgIEV4aXN0aW5n IGFwcGxpY2F0aW9ucyBjYW4gdXRpbGl6ZSBMU0lzIG9yIEhJVHMsIGZvciBpbnN0YW5jZSwgdmlh DQo+ICAgICAvZXRjL2hvc3RzIGluIExpbnV4IG9yIGlmIHRoZSBkZXZlbG9wZXIvdXNlciB1c2Vz IHRoZW0gZGlyZWN0bHkuDQo+ICAgICBNYXBwaW5ncyBjYW4gYmUgY29uZmlndXJlZCBtYW51YWxs eS4gQSBiZXR0ZXIgd2F5IGlzIHRvIHVzZSAsZS5nLiwgRE5TDQo+ICAgICB0byBzdG9yZSB0aGUg RlFETiwgSElzLCBJUCBhZGRyZXNzIG1hcHBpbmdzOg0KPiANCj4gICAgIGh0dHBzOi8vdG9vbHMu aWV0Zi5vcmcvaHRtbC9yZmM4MDA1DQo+IA0KPiAgICAgQW4gYXBwbGljYXRpb24gY2FuIHJlY2Vp dmUgTFNJcyBvciBISVRzIGZyb20gRE5TIHF1ZXJpZXMgd2hlbiBhIEhJDQo+ICAgICByZWNvcmQg ZXhpc3RzIGZvciBhIGhvc3QuIFRoaXMgY2FuIGJlIGltcGxlbWVudGVkwqAgaW4gdGhlIGxvY2Fs DQo+ICAgICByZXNvbHZlcg0KPiAgICAgbGlicmFyeSAoZS5nLiBnbGliYyBpbiBMaW51eCkgc3Vw cG9ydHMgaXQgYW5kIHNlbmRzIHRoZSBISS10by1JUA0KPiAgICAgYWRkcmVzcw0KPiAgICAgbWFw cGluZyB0byB0aGUgbG9jYWwgSElQIGRhZW1vbi4gQXMgYW4gYWx0ZXJuYXRpdmUgaW1wbGVtZW50 YXRpb24NCj4gICAgIHRlY2huaXF1ZSwgZHluYW1pYyByZWxpbmtpbmcgb2YgYXBwbGljYXRpb25z IChpLmUuLCBMRF9QUkVMT0FEIGluDQo+ICAgICBMaW51eCk6DQo+IA0KPiAgICAgaHR0cHM6Ly90 b29scy5pZXRmLm9yZy9odG1sL3JmYzY1Mzgjc2VjdGlvbi00LjENCj4gDQo+ICAgICBBcyB5ZXQg YW5vdGhlciBhbHRlcm5hdGl2ZSwgUkZDNTMzOCAoc2VjdGlvbiAzLjIpIHN1Z2dlc3RzIGludGVy cG9zaW5nDQo+ICAgICBISVAtYXdhcmUgYWdlbnRzICh0aGluayBhYm91dCBISVAtY2FwYWJsZSBE TlMgcHJveHkgbGlrZSAiZG5zbWFzcSIgaW4NCj4gICAgIExpbnV4KSB0aGF0IHRyYW5zbGF0ZSBI SXMgaW50byBMU0lzIGFuZCBISVRzIHRvIHRoZSBhcHBsaWNhdGlvbiBhbmQNCj4gICAgIGNhY2hl IHRoZSBJUCBhZGRyZXNzIG1hcHBpbmcgdG8gdGhlIEhJUCBkYWVtb246DQo+IA0KPiAgICAgaHR0 cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzUzMzgjc2VjdGlvbi0zLjINCj4gDQo+ICAgICBU aGF0J3MgYWxsIGZvciBleGlzdGluZyBhcHBsaWNhdGlvbnMuIE5ldyBISVAgbmF0aXZlIGFwcGxp Y2F0aW9ucyBjb3VsZA0KPiAgICAgdXNlIEROUyBsaWJyYXJ5IGV4dGVuc2lvbnMgZm9yIGdldGFk ZHJpbmZvKCkgdGhhdCB3b3VsZCBiZSBpbXBsZW1lbnRlZA0KPiAgICAgZS5nLiBpbiBnbGliYyBp biBMaW51eDoNCj4gDQo+ICAgICBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNjMxNw0K PiANCj4gICAgIEFsbCBvZiB0aGUgbWVudGlvbmVkIHJlZmVyZW5jZXMgYXJlIG1lbnRpb25lZCBp biB0aGUgZHJhZnQuIFNob3VsZCBJDQo+ICAgICBhZGQNCj4gICAgIHNvbWV0aGluZyBtb3JlIGNv bXByZXNzZWQgYWxvbmcgdGhlc2UgbGluZXMgb2YgdGV4dCBvciBpcyB0aGlzIHRvbw0KPiAgICAg ZGV0YWlsZWQ/DQo+IA0KPiANCj4gTWF5YmUgSSdtIG1pc3Npbmcgc29tZXRoaW5nLCBidXQgaXQg c2VlbXMgbGlrZSB0aGlzIGlzIG5vdCBhbiANCj4gaW50ZXJvcGVyYWJsZSBzdGF0ZSBvZiBhZmZh aXJzLg0KDQp0aGUgV0cgaGFzIGJlZW4gZXhwZXJpbWVudGluZyB3aXRoIGRpZmZlcmVudCB3YXlz IGltcGxlbWVudGluZyB0aGluZ3MuIA0KU29tZSB0aGluZ3MgYXJlIGltcGxlbWVudGF0aW9uIHNw ZWNpZmljIChhbmQgaGVuY2Ugb3V0c2lkZSBvZiB0aGUgZm9jdXMgDQpvZiBJRVRGKSwgYnV0LCBp biBnZW5lcmFsLCBJIHdvdWxkIGFyZ3VlIHRoZSBtb3N0IGNvbW1vbiBhcHByb2FjaCB0byAiZ28g DQpmcm9tIEhJIG9yIEhJVCB0byB0aGUgY29ycmVzcG9uZGluZyBsb2NhdG9yIiBpbiBhIHR5cGlj YWwgTGludXggc3lzdGVtIA0KaW4gdGhlIGNhc2Ugb2YgYSBub24taGlwLWF3YXJlIGFwcGxpY2F0 aW9uIHdvcmtzIGFzIGZvbGxvd3M6DQoNCjEuIGNsaWVudCBhcHAgbWFrZXMgYXJlIGdldGFkZHJp bmZvKCkgY2FsbCB0byBsb29rIHVwIGZvby5iYXIgZnJvbSBETlMNCjIuIGxvY2FsIGRucyBwcm94 eSAoZS5nLiBzdGFuZGFyZCBkbnNtYXNxIGluIExpbnV4KSBjYXRjaGVzIHRoZSBjYWxsDQozLiBk bnMgcHJveHkgbG9va3MgdXAgQSwgQUFBQSBhbmQgSEkgcmVjb3JkcyBmb3IgZm9vLmJhcg0KMy5h LiBubyBISSBmb3VuZDogZG5zIHByb3h5IG9wZXJhdGVzIGFzIG5vcm1hbGx5IGFuZCByZXR1cm5z IG9ubHkgQS9BQUFBIA0KcmVjb3JkcyB0byB0aGUgZ2V0YWRkcmluZm8oKSBjYWxsICh2aWEgZ2xp YmMpIGFzIGl0IHdvdWxkIG5vcm1hbGx5DQozLmIuIEhJIGZvdW5kOg0KLSBkbnNtYXNxIHNlbmRz IHRoZSBISSwgSElUIGFuZCBJUCBhZGRyZXNzIHRvIHRoZSBsb2NhbCBISVAgZGFlbW9uDQotIGRu c21hc3EgcmV0dXJucyB0aGUgSElUIHRvIHRoZSBhcHBsaWNhdGlvbg0KDQpUaGUgImdlbmVyaWMi IGFwcHJvYWNoIGxpc3RlZCBoZXJlIGhhcyBiZWVuIHRlc3RlZCBhbmQgaW1wbGVtZW50ZWQgKGlu IA0KYWRkaXRpb24gc29tZSBvdGhlciBpbXBsZW1lbnRhdGlvbiBhbHRlcm5hdGl2ZXMgbWVudGlv bmVkIGluIHRoZSBISVAgDQpleHBlcmltZW50IHJlcG9ydCkuIEFuZCB0aHJlZSBkaWZmZXJlbnQg SElQIGltcGxlbWVudGF0aW9ucyBoYXZlIGJlZW4gDQp0ZXN0ZWQgdG8gaW50ZXJvcGVyYXRlIHdp dGggZWFjaCBvdGhlci4NCg0KSWYgdGhpcyBzdGlsbCBkb2VzIG5vdCBhZGRyZXNzIHlvdSBjb25j ZXJuLCBwbGVhc2UgYmUgbW9yZSBzcGVjaWZpYz8NCg0KPiAgICAgID4gSU1QT1JUQU5UDQo+ICAg ICAgPiBTIDExLjMuMS4NCj4gICAgICA+PsKgIMKgIMKgIMKgYXZvaWRpbmcgbWFudWFsIGNvbmZp Z3VyYXRpb25zLsKgVGhlIHRocmVlIGNvbXBvbmVudHMgYXJlDQo+ICAgICBmdXJ0aGVyDQo+ICAg ICAgPj7CoCDCoCDCoCDCoGRlc2NyaWJlZCBpbiB0aGUgSElQIGV4cGVyaW1lbnQgcmVwb3J0IFtS RkM2NTM4XS4NCj4gICAgICA+Pg0KPiAgICAgID4+wqAgwqAgwqAgwqBCYXNlZCBvbiB0aGUgaW50 ZXJ2aWV3cywgTGV2YWUgZXQgYWwgc3VnZ2VzdCBmdXJ0aGVyDQo+ICAgICBkaXJlY3Rpb25zIHRv DQo+ICAgICAgPj7CoCDCoCDCoCDCoGZhY2lsaXRhdGUgSElQIGRlcGxveW1lbnQuwqAgVHJhbnNp dGlvbmluZyB0aGUgSElQDQo+ICAgICBzcGVjaWZpY2F0aW9ucyB0bw0KPiAgICAgID4+wqAgwqAg wqAgwqB0aGUgc3RhbmRhcmRzIHRyYWNrIG1heSBoZWxwLCBidXQgb3RoZXIgbWVhc3VyZXMgY291 bGQgYmUNCj4gICAgIHRha2VuLsKgIEFzDQo+ICAgICAgPg0KPiAgICAgID4gVGhpcyBjb25mdXNl cyBtZSwgYmVjYXVzZSB3ZSBzZWVtIHRvIGJlIGxvb2tpbmcgdG8gYWR2YW5jZSBzb21lDQo+ICAg ICBvZiB0aGUNCj4gICAgICA+IEhJUCBzcGVjcyAoZS5nLiwgaGlwLWRleCkgYXQgUFMNCj4gDQo+ ICAgICBDYW4geW91IGVsYWJvcmF0ZT8gQW5kIGRvIHlvdSBtZWFuIHByb3RvY29sIHN0YWNrIGJ5 IFBTPw0KPiANCj4gDQo+IFByb3Bvc2VkIFN0YW5kYXJkLg0KDQpXb3VsZCB0aGUgZm9sbG93aW5n IHJlcGxhY2VtZW50IHRleHQgZml4IHRoZSBpc3N1ZT8NCg0KIlRyYW5zaXRpb25pbmcgYSBudW1i ZXIgb2YgSElQIHNwZWNpZmljYXRpb25zIHRvIHRoZSBzdGFuZGFyZHMgdHJhY2sgaW4gDQpJRVRG IGhhcyBhbHJlYWR5IHRha2VuIHBsYWNlLCBidXQgdGhlIGF1dGhvcnMgc3VnZ2VzdCBvdGhlciBh ZGRpdGlvbmFsIA0KbWVhc3VyZXMgIGJhc2VkIG9uIHRoZSBpbnRlcnZpZXdzLiINCg0KQXMgYW4g YWx0ZXJuYXRpdmUsIEkgY2FuIGp1c3Qgb21pdCB0aGUgcmVsYXRlZCBwYXJhZ3JhcGguDQoNCj4g ICAgICA+IFMgNS4xLg0KPiAgICAgID4+wqAgwqAgwqAgwqBBdCB0aGUgc2VydmVyIHNpZGUsIHV0 aWxpemluZyBETlMgaXMgYSBiZXR0ZXIgYWx0ZXJuYXRpdmUNCj4gICAgIHRoYW4gYQ0KPiAgICAg ID4+wqAgwqAgwqAgwqBzaGFyZWQgSG9zdCBJZGVudGl0eSB0byBpbXBsZW1lbnQgbG9hZCBiYWxh bmNpbmcuwqAgQQ0KPiAgICAgc2luZ2xlIEZRRE4NCj4gICAgICA+PsKgIMKgIMKgIMKgZW50cnkg Y2FuIGJlIGNvbmZpZ3VyZWQgdG8gcmVmZXIgdG8gbXVsdGlwbGUgSG9zdA0KPiAgICAgSWRlbnRp dGllcy7CoCBFYWNoDQo+ICAgICAgPj7CoCDCoCDCoCDCoG9mIHRoZSBGUUROIGVudHJpZXMgY2Fu IGJlIGFzc29jaWF0ZWR3aXRoIHRoZSByZWxhdGVkDQo+ICAgICBsb2NhdG9ycywgb3IgYQ0KPiAg ICAgID4+wqAgwqAgwqAgwqBzaW5nbGUgc2hhcmVkIGxvY2F0b3IgaW4gdGhlIGNhc2UgdGhlc2Vy dmVycyBhcmUgdXNpbmcNCj4gICAgIHRoZSBzYW1lIEhJUA0KPiAgICAgID4+wqAgwqAgwqAgwqBy ZW5kZXp2b3VzIHNlcnZlciBTZWN0aW9uIDYuMyBvciBISVAgcmVsYXkgc2VydmVyIFNlY3Rpb24g Ni40Lg0KPiAgICAgID4NCj4gICAgICA+IFRoaXMgaXMgYmVjb21pbmcgYSBsZXNzIGNvbW1vbiBw cmFjdGljZS4gSG93IGRvIHlvdSBoYW5kbGUgYW55Y2FzdCwNCj4gICAgICA+IHdoaWNoIGlzIHRo ZSBtb2Rlcm4gcHJhY3RpY2U/DQo+IA0KPiAgICAgSSBhZGRlZCB0aGUgZm9sbG93aW5nIHN0YXRl bWVudDoNCj4gDQo+ICAgICAiSXQgaXMgYWxzbyB3b3J0aCBub3RpbmcgdGhhdCBvcHBvcnR1bmlz dGljIG1vZGUgaXMgYWxzbyByZXF1aXJlZA0KPiANCj4gDQo+ICAgICBpbiBwcmFjdGljZSB3aGVu IGFueWNhc3QgSVAgYWRkcmVzc2VzIHdvdWxkIGJlIHV0aWxpemVkIGFzIGxvY2F0b3JzOiINCj4g DQo+ICAgICBEb2VzIHRoaXMgYWRkcmVzcyB5b3VyIGNvbmNlcm4/DQo+IA0KPiAgICAgQnR3LCBv cHBvcnR1bmlzdGljIG1vZGUgaXMgZnVydGhlciBkZXNjcmliZWQgaW4gdGhlIGZvbGxvd2luZyBk b2N1bWVudHM6DQo+IA0KPiANCj4gSSdtIG5vdCBmb2xsb3dpbmcgaG93IHRoaXMgc29sdmVzIHRo ZSBwcm9ibGVtLiBJdCBzZWVtcyBsaWtlIHlvdSdyZSANCj4gc3RpbGwgZ29pbmcgdG8gZ2V0DQo+ IGJhZGx5IHN1Ym9wdGltYWwgcm91dGluZy4NCg0KV2l0aG91dCBvcHBvcnR1bmlzdGljIEhJUCwg aS5lLCBieSB1c2luZyBhIGRlc3RpbmF0aW9uIEhJVCBleHBsaWNpdGx5LCANCnRoZSBzaXR1YXRp b24gaXMgY2hhbGxlbmdpbmcgYmVjYXVzZSB0aGUgSEkoVCktSVAgYmluZGluZyBhdCB0aGUgY2xp ZW50IA0Kd291bGQgYmU6DQoNCiogQSBISShUKSBiZWxvbmdpbmcgdG8gc2VydmVyIEEgKHJldHVy bmVkIGJ5IEROUyBsb29rIHVwKQ0KKiBJUCBhbnljYXN0IGFkZHJlc3MgKHdvdWxkIGJlIGJvdW5k IHRvIHNvbWUgc2VydmVyIEIgZHVyaW5nIHJvdXRpbmcgDQpwcm9jZXNzKQ0KDQpUaGUgY2hhbGxl bmdlIGhlcmUgaXMgdGhhdCB3ZSB3YW50IG1ha2Ugc3VyZSB0aGF0IHNlcnZlciBBIGlzIHRoZSBz YW1lIA0Kc2VydmVyIGFzIEIuIEFGQUlLLCB0aGlzIGhhcyBub3QgYmVlbiBleHBlcmltZW50ZWQg YmVmb3JlLiBJcyB0aGlzIHdoYXQgDQp5b3UgbWVhbnQgYnkgc3Vib3B0aW1hbCByb3V0aW5nPw0K DQpXaXRoIG9wcG9ydHVuaXN0aWMgSElQLCB0aGUgcHJvYmxlbSBpcyBlYXNpZXIgYmVjYXVzZSB0 aGUgSEkoVCktSVAgDQpiaW5kaW5nIGF0IHRoZSBjbGllbnQgd291bGQgYmU6DQoNCiogIldpbGQg Y2FyZCIgSElUICh3b3VsZCBiZSBib3VuZCB0byBhIHNwZWNpZmljIEhJVCBhZnRlciByZWNlaXZp bmcgUjEgDQpwYWNrZXQgZnJvbSB0aGUgYW55Y2FzdCBhZGRyZXNzKQ0KKiBJUCBhbnljYXN0IGFk ZHJlc3MgKHdvdWxkIGJlIGJvdW5kIHRvIHNvbWUgc2VydmVyIEIgZHVyaW5nIHJvdXRpbmcgDQpw cm9jZXNzKQ0KDQpJbXBsZW1lbnRhdGlvbiBleHBlcmllbmNlIGV4aXN0IG9uIEhJUCBvcHBvcnR1 bmlzdGljIG1vZGUsIGJ1dCBBRkFJSyANCm5vbmUgaW4gdGhlIGNvbnRleHQgb2YgSVAgYW55Y2Fz dC4NCg0KV291bGQgdGhpcyBhZGRyZXNzIHlvdXIgY29uY2VybiAoc28gdGhhdCBJIGNhbiBkcmFm dCBzb21lIHByb3Bvc2FsIHRleHQpPw0KDQo= From nobody Tue Jan 8 13:37:00 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E03F6131184; Tue, 8 Jan 2019 13:36:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.678 X-Spam-Level: X-Spam-Status: No, score=-1.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAu0GesDojUf; Tue, 8 Jan 2019 13:36:50 -0800 (PST) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4BB7130F96; Tue, 8 Jan 2019 13:36:50 -0800 (PST) Received: from [10.0.1.45] (cpe-70-122-203-106.tx.res.rr.com [70.122.203.106]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x08LajTX042040 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 8 Jan 2019 15:36:46 -0600 (CST) (envelope-from ben@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1546983407; bh=ZMx3cf1I/KDCoZL5Xe2kAHMaAE1QwUbM2Nbrf8VrAHQ=; h=From:Subject:Date:In-Reply-To:Cc:To:References; b=bnDXnHAEL9NGtxTU6IejD5OthpWHUqKpOZivCvCHLR/ULqRlHi8eQnBnPBMEoUM+o YZyj1sODyNKDxk/T7rhZsk/zg9WdEeI7eXT5IUn6odwvXkwFAoL7tVOONgZxuen+9r zyZ+E50FfEZXOIzTtMllu09Frd6ftCbENj6V4IVo= X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-203-106.tx.res.rr.com [70.122.203.106] claimed to be [10.0.1.45] From: Ben Campbell Message-Id: <8D08F48A-F9A9-4E9A-A588-AB338650ACB8@nostrum.com> Content-Type: multipart/signed; boundary="Apple-Mail=_7400284A-3110-4159-B859-87A7BCD0A9F3"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Date: Tue, 8 Jan 2019 15:36:44 -0600 In-Reply-To: Cc: The IESG , "hipsec@ietf.org" , "hip-chairs@ietf.org" , "draft-ietf-hip-rfc4423-bis@ietf.org" , Gonzalo Camarillo To: Miika Komu References: <152592082640.10421.10127781203317885108.idtracker@ietfa.amsl.com> X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: Re: [Hipsec] Ben Campbell's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2019 21:36:52 -0000 --Apple-Mail=_7400284A-3110-4159-B859-87A7BCD0A9F3 Content-Type: multipart/alternative; boundary="Apple-Mail=_DC0FC6D5-300A-48F0-865D-49DB0AC5E7B2" --Apple-Mail=_DC0FC6D5-300A-48F0-865D-49DB0AC5E7B2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Jan 6, 2019, at 2:40 PM, Miika Komu = wrote: >=20 >>=20 >> Abstract: The abstract manages to completely avoid saying what this = namespace >> is _for_. (Yes, I realize that is old text :-) ) >=20 > I changed the first sentence to: >=20 > This memo describes the Host Identity (HI) namespace, that provides = a > cryptographic namespace to applications, and the associated = protocol > layer, the Host Identity Protocol, located between the > internetworking and transport layers, that supports end-host > mobility, multihoming and NAT traversal. >=20 > Is this ok for you? Yes, thanks! Ben. --Apple-Mail=_DC0FC6D5-300A-48F0-865D-49DB0AC5E7B2 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

On Jan 6, 2019, at 2:40 PM, Miika Komu <miika.komu@ericsson.com> wrote:


Abstract: The abstract manages to = completely avoid saying what this namespace
is _for_. = (Yes, I realize that is old text :-) )

I changed the first sentence = to:

   This memo describes the Host Identity (HI) = namespace, that provides a
   cryptographic namespace to applications, = and the associated protocol
   layer, the Host Identity Protocol, located = between the
   internetworking and transport layers, that = supports end-host
   mobility, multihoming and NAT = traversal.

Is this ok = for you?

Yes, thanks!

Ben.
= --Apple-Mail=_DC0FC6D5-300A-48F0-865D-49DB0AC5E7B2-- --Apple-Mail=_7400284A-3110-4159-B859-87A7BCD0A9F3 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIzBAEBCgAdFiEExW9rpd7ez4DexOFOgFZKbJXz1A0FAlw1F+wACgkQgFZKbJXz 1A07lRAAkqBc/zzLCwP8O2lpmuQdhjSaZYw/193BaIZP8TDr9YwHhBqOnVb5Jffs c2xu9jwaY30m8+falOUXngnN8xyG/nkK5oUAV/O5vI2G8pXgyTLEDFUx/HQ4HP0w 5tEcY6b8CglYIoYwq4JgnCUhe2HbjXA6kgvYcnp8NaAVo2zLgjI9ODiXcPUGO+Q5 wHfXa0TVdwej2kESg+zoLnhZfTvs8MFDAR3PEToeaUeEDx7sTA+ko6AeZ4qJodIK 5x0I2xwhMPz/QeRe0jdt1aIAtAAbvufa+VihdQQVPk/x0Sm+ki/slj/kthAG6D2G vl1u4ERndfuGZCtLIpgLGAO4Q5t0fEI15gs/VNqXmrJ5nJCKsTj5xOexwN8j+Twx B2ql0hYWg3P0UJ+jFj3XF9F0m24XeEJVtWmhWqiF0DyAlajExSOipH0bCdNHnvnx Lc9JkTpFbNKkZu6G+kNoqViX6uAbXiafkXyV2ytt2vZ4TdaemNkZbaVsIt2k6LDS 61ZLiSkoYHYLWH7SQsa05+34JzKT2sXH5g67FFwjBGND08bIaXq6bh7BLkE5pFMc 0PYB3SWzKJknwvWaCI38a5k2KcuhHaT7xoE6X+SI/PFgD6I3lhStUZZTXV7kP/1d XubPKyryN36HumEDJEr/eJfubL1AUeeUDPahf7k6LweNmtVMiMs= =jkZl -----END PGP SIGNATURE----- --Apple-Mail=_7400284A-3110-4159-B859-87A7BCD0A9F3-- From nobody Tue Jan 8 15:45:25 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E08A131205 for ; Tue, 8 Jan 2019 15:45:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d5y406VuXXkN for ; Tue, 8 Jan 2019 15:45:19 -0800 (PST) Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52423131207 for ; Tue, 8 Jan 2019 15:45:19 -0800 (PST) Received: by mail-lj1-x22e.google.com with SMTP id v15-v6so4900716ljh.13 for ; Tue, 08 Jan 2019 15:45:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kz2Xcu962mZug0mUOQIXgAFlOGBffJ+5/3jnI1yHWVs=; b=rQ6wFKo00TkFSJ0Qyw4+NfIq3+e4yxwF2xQi/O1ftiL5c27m/swk8B2Fj+52brwaIa QzPki1xRECJ5ldvZXfCcrUGeoEjkaV/vS4mMKtoraOZcYeSpGS8HbLy0uW3oQBIeeHaj LZWRHsQaZ9YmKQAxpPL56n2sVqjwKFIQOXID18kXR/SbmEOlGBoVzJ1D6BEQizNfFaHl tpeaeQ8ye5bZSvWnm8gX82Bc2HcggecJNpi6M1ZB+deFKRZCmbXm0HNwl4JQrQXodXHA +kJoJJ0oPh2Zgqh7O8B7NTJ22+P1ybXq7Ct9zBMVu8jiJXB7deJhdeskZGyKOmFky0pc Y7WA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kz2Xcu962mZug0mUOQIXgAFlOGBffJ+5/3jnI1yHWVs=; b=VhQsWeYRDgSWkrFO9Xeq4S9u97Cz0ezwuZ9CwgajWLvNErf20omhzf7ldxd2w/bMjI JLciooE3FFkYArEVwX1NA2xgTdXiosVW+ic+3Pl8EIPOaU7fmOklqW8cfxLoSME0cS6I GYnsM3Xw+PARuIxHcr1Ga0lQlJZz6bzrMDE7HRgcrl1+hmyg1iLXPpVM0Jrn9dyOmBsY EaFg6M+zNFWlK+ZsY+0fz+XlFWRvuWpJcK8I1Iz/ypKW7/k5H/M49NxCgBi+EQRVEIND FlP1F/56dKIraFfNGty9NO4u/K74PP/r7iJmJUH/hfQY81pH8bF0EDOEBcK263itXlC5 sYhA== X-Gm-Message-State: AJcUukfhkksHmnKrsrOTxRMtrTWimVKaS9qapSV0fbGGhpgz1Atfgwxo SCzPOY1kR0uB8WLVw27Lnt/WVdluemFI/CDp2fZI2g== X-Google-Smtp-Source: ALg8bN4Ernv+I15qFQgDU/+3t1WZIoubVn+2+k0+OBHGU2+oNyyqMhtNgh+V5qLAninRCKs3Wzow/2aR9bjNzNAZN9I= X-Received: by 2002:a2e:5418:: with SMTP id i24-v6mr2350651ljb.51.1546991117485; Tue, 08 Jan 2019 15:45:17 -0800 (PST) MIME-Version: 1.0 References: <152564286489.26793.2457846656783140871.idtracker@ietfa.amsl.com> <70e4c94f-0097-0b13-140c-db0a5732ab67@kapsi.fi> In-Reply-To: From: Eric Rescorla Date: Tue, 8 Jan 2019 15:44:37 -0800 Message-ID: To: Tom Henderson Cc: mkomu@kapsi.fi, draft-ietf-hip-rfc4423-bis@ietf.org, hipsec@ietf.org, hip-chairs@ietf.org, IESG Content-Type: multipart/alternative; boundary="000000000000076577057efaf086" Archived-At: Subject: Re: [Hipsec] Eric Rescorla's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2019 23:45:23 -0000 --000000000000076577057efaf086 Content-Type: text/plain; charset="UTF-8" On Tue, Jan 8, 2019 at 9:50 AM Tom Henderson wrote: > On 1/8/19 5:57 AM, Eric Rescorla wrote: > > > The second preimage attack resistance is 96 bits, plus whatever work > > is needed to generate the keys. > > > > I agree that this is in RFC 7343, but it doesn't seem to be stated > > anywhere in this document, and given that this text talks about both 64 > > bit and >= 100 bit hash functions, I'm not sure how to get it from this > > text, which is in context quite confusing/ > > I agree that the text could be clarified; I will try to suggest > something more. > > > > > There isn't any mechanism defined to extend this, such as the CGA > > Hash Extension, but it seems to me that HIP could be extended in a > > similar way. My recollection is that the WG had thought 96 bits to > > be strong enough preimage resistance. > > > > Generally, we are targeting the 128-bit security level for new > deployments > > > > Can you provide a reference for the 128-bit recommendation? > I don't believe there is a policy, but for instance, see: https://tools.ietf.org/html/rfc7525#section-4.1 > Also, how are legacy uses like SEND/CGA handling this new target (or are > they just considered legacy at this point)? > As far as I understand it, they are legacy. -Ekr > - Tom > --000000000000076577057efaf086 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Tue, Jan 8, 2019 at 9:50 AM Tom Hender= son <tomh@tomh.org> wrote:
On 1/8/19 5:57 AM, Er= ic Rescorla wrote:

>=C2=A0 =C2=A0 =C2=A0The second preimage attack resistance is 96 bits, p= lus whatever work
>=C2=A0 =C2=A0 =C2=A0is needed to generate the keys.
>
> I agree that this is in RFC 7343, but it doesn't seem to be stated=
> anywhere in this document, and=C2=A0 given that this text talks about = both 64
> bit and >=3D 100 bit hash functions, I'm not sure how to get it= from this
> text, which is in context quite confusing/

I agree that the text could be clarified; I will try to suggest
something more.

>
>=C2=A0 =C2=A0 =C2=A0There isn't any mechanism defined to extend thi= s, such as the CGA
>=C2=A0 =C2=A0 =C2=A0Hash Extension, but it seems to me that HIP could b= e extended in a
>=C2=A0 =C2=A0 =C2=A0similar way.=C2=A0 My recollection is that the WG h= ad thought 96 bits to
>=C2=A0 =C2=A0 =C2=A0be strong enough preimage resistance.
>
> Generally, we are targeting the 128-bit security level for new deploym= ents
>

Can you provide a reference for the 128-bit recommendation?

I don't believe there is a policy, but for instanc= e, see:

<= /div>
=C2=A0
Also, how are legacy uses like SEND/CGA handling this new target (or are they just considered legacy at this point)?

=
As far as I understand it, they are legacy.

-= Ekr


- Tom
--000000000000076577057efaf086-- From nobody Thu Jan 10 03:15:00 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81017130E13; Thu, 10 Jan 2019 03:14:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yVhxiPReBy5B; Thu, 10 Jan 2019 03:14:46 -0800 (PST) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06EBB130E0E; Thu, 10 Jan 2019 03:14:43 -0800 (PST) Received: from lhreml709-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 5DD77F61CBE5E035BD29; Thu, 10 Jan 2019 11:14:40 +0000 (GMT) Received: from DGGEML401-HUB.china.huawei.com (10.3.17.32) by lhreml709-cah.china.huawei.com (10.201.108.32) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 10 Jan 2019 11:14:39 +0000 Received: from DGGEML529-MBX.china.huawei.com ([169.254.6.240]) by DGGEML401-HUB.china.huawei.com ([fe80::89ed:853e:30a9:2a79%31]) with mapi id 14.03.0415.000; Thu, 10 Jan 2019 19:14:34 +0800 From: "Liushucheng (Will Liu)" To: Miika Komu , "ops-dir@ietf.org" CC: "draft-ietf-hip-rfc4423-bis.all@ietf.org" , "hipsec@ietf.org" , "ietf@ietf.org" Thread-Topic: Opsdir last call review of draft-ietf-hip-rfc4423-bis-19 Thread-Index: AQHUpoM2yJ3ruDzPfUSEQi82BJyaDKWoXfoA Date: Thu, 10 Jan 2019 11:14:33 +0000 Message-ID: References: <152594381959.10451.9615415806066075335@ietfa.amsl.com> <6697618c-6e64-830b-4c04-7d4b912cc583@ericsson.com> In-Reply-To: <6697618c-6e64-830b-4c04-7d4b912cc583@ericsson.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.40.19.185] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [Hipsec] Opsdir last call review of draft-ietf-hip-rfc4423-bis-19 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jan 2019 11:14:49 -0000 SEkgTWlpa2EsDQoNCg0KDQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IE1p aWthIEtvbXUgW21haWx0bzptaWlrYS5rb211QGVyaWNzc29uLmNvbV0NCj4gU2VudDogTW9uZGF5 LCBKYW51YXJ5IDA3LCAyMDE5IDg6MTkgUE0NCj4gVG86IExpdXNodWNoZW5nIChXaWxsIExpdSkg PGxpdXNodWNoZW5nQGh1YXdlaS5jb20+OyBvcHMtZGlyQGlldGYub3JnDQo+IENjOiBkcmFmdC1p ZXRmLWhpcC1yZmM0NDIzLWJpcy5hbGxAaWV0Zi5vcmc7IGhpcHNlY0BpZXRmLm9yZzsgaWV0ZkBp ZXRmLm9yZw0KPiBTdWJqZWN0OiBSZTogT3BzZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQt aWV0Zi1oaXAtcmZjNDQyMy1iaXMtMTkNCj4gDQo+IEhpIFdpbGwsDQo+IA0KPiBPbiA1LzEwLzE4 IDEyOjE2LCBXaWxsIExJVSB3cm90ZToNCj4gPiBSZXZpZXdlcjogV2lsbCBMSVUNCj4gPiBSZXZp ZXcgcmVzdWx0OiBSZWFkeQ0KPiA+DQo+ID4gSGkgYWxsLA0KPiA+DQo+ID4gKFNvcnJ5ICwgaXQg c2VlbXMgdG8gbWUgdGhhdCB0aGUgbm90aWZpY2F0aW9uIHdhcyBibG9ja2VkIGJ5IHRoZQ0KPiA+ IGZpbHRlci4gSSBndWVzcyBpdCdzIGEgbGl0dGxlIGJpdCBsYXRlLikNCj4gDQo+IG5vIGl0J3Mg bm90ISBJdCdzIG1lIHdobyBpcyBydW5uaW5nIGxhdGUuDQpbV2lsbF0gQWhhLCBsaWZlIGlzIGJ1 c3kuOikNCg0KDQo+IA0KPiA+IEkgaGF2ZSByZXZpZXdlZCBkcmFmdC1pZXRmLWhpcC1yZmM0NDIz LWJpcy0xOSBhcyBwYXJ0IG9mIHRoZQ0KPiA+IE9wZXJhdGlvbmFsIGRpcmVjdG9yYXRlJ3Mgb25n b2luZyBlZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cw0KPiA+IGJlaW5nIHByb2Nl c3NlZCBieSB0aGUgSUVTRy4gIFRoZXNlIGNvbW1lbnRzIHdlcmUgd3JpdHRlbiB3aXRoIHRoZQ0K PiA+IGludGVudCBvZiBpbXByb3ZpbmcgdGhlIG9wZXJhdGlvbmFsIGFzcGVjdHMgb2YgdGhlIElF VEYgZHJhZnRzLg0KPiA+IENvbW1lbnRzIHRoYXQgYXJlIG5vdCBhZGRyZXNzZWQgaW4gbGFzdCBj YWxsIG1heSBiZSBpbmNsdWRlZCBpbiBBRA0KPiA+IHJldmlld3MgZHVyaW5nIHRoZSBJRVNHIHJl dmlldy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBzaG91bGQNCj4gPiB0cmVhdCB0 aGVzZSBjb21tZW50cyBqdXN0IGxpa2UgYW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCj4g Pg0KPiA+IOKAnFRoaXMgbWVtbyBkZXNjcmliZXMgYSBuZXcgbmFtZXNwYWNlLCB0aGUgSG9zdCBJ ZGVudGl0eSBuYW1lc3BhY2UsDQo+IGFuZA0KPiA+ICAgICBhIG5ldyBwcm90b2NvbCBsYXllciwg dGhlIEhvc3QgSWRlbnRpdHkgUHJvdG9jb2wsIGJldHdlZW4gdGhlDQo+ID4gICAgIGludGVybmV0 d29ya2luZyBhbmQgdHJhbnNwb3J0IGxheWVycy4gIEhlcmVpbiBhcmUgcHJlc2VudGVkIHRoZQ0K PiA+ICAgICBiYXNpY3Mgb2YgdGhlIGN1cnJlbnQgbmFtZXNwYWNlcywgdGhlaXIgc3RyZW5ndGhz IGFuZCB3ZWFrbmVzc2VzLCBhbmQNCj4gPiAgICAgaG93IGEgbmV3IG5hbWVzcGFjZSB3aWxsIGFk ZCBjb21wbGV0ZW5lc3MgdG8gdGhlbS4gIFRoZSByb2xlcyBvZiB0aGlzDQo+ID4gICAgIG5ldyBu YW1lc3BhY2UgaW4gdGhlIHByb3RvY29scyBhcmUgZGVmaW5lZC4NCj4gPg0KPiA+ICAgICBUaGlz IGRvY3VtZW50IG9ic29sZXRlcyBSRkMgNDQyMyBhbmQgYWRkcmVzc2VzIHRoZSBjb25jZXJucyBy YWlzZWQNCj4gYnkNCj4gPiAgICAgdGhlIElFU0csIHBhcnRpY3VsYXJseSB0aGF0IG9mIGNyeXB0 byBhZ2lsaXR5LiAgSXQgaW5jb3Jwb3JhdGVzDQo+ID4gICAgIGxlc3NvbnMgbGVhcm5lZCBmcm9t IHRoZSBpbXBsZW1lbnRhdGlvbnMgb2YgUkZDIDUyMDEgYW5kIGdvZXMgZnVydGhlcg0KPiA+ICAg ICB0byBleHBsYWluIGhvdyBISVAgd29ya3MgYXMgYSBzZWN1cmUgc2lnbmFsaW5nIGNoYW5uZWwu 4oCdDQo+ID4NCj4gPiBNeSBvdmVyYWxsIHZpZXcgb2YgdGhlIGRvY3VtZW50IGlzICdSZWFkeScg Zm9yIHB1YmxpY2F0aW9uLg0KPiANCj4gdGhhbmtzIQ0KPiANCj4gPiBTb21lIHNtYWxsIG9uZXM6 DQo+ID4NCj4gPiAxLiBFc3BlY2lhbGx5LCBJIGFtIGdsYWQgdG8gc2VlIHRoZSBzZWN1cml0eSBj b25zaWRlcmF0aW9uIHBhcnQgd2VsbA0KPiBleHBsYWluZWQuDQo+ID4gSSBndWVzcyBpdCdzIHN0 aWxsIHdvcnRoIHdyaXRpbmcgc29tZXRoaW5nIGFib3V0IHRoZSBzZWN1cml0eSB0cmFkZW9mZg0K PiA+IGluZmx1ZW5jZSBmb3IgdGhlIGRpZmZlcmVudCBtb2RlcyBtZW50aW9uZWQgaW4gcHJldmlv dXMgc2VjdGlvbnMuIEluDQo+ID4gZmFjdCwgdGhlcmUgYXJlIHNvbWUgd29yZHMgaW4gcHJldmlv dXMgc2VjdGlvbnMsIG1heWJlIGEgc3VtbWFyeSBjYW4gYmUNCj4gcHV0IGhlcmUuDQo+IA0KPiBJ IGFkZGVkIG9uZSBsaW5lIHF1aWNrIHN1bW1hcnkgdG8gdGhlIGFic3RyYWN0Og0KPiANCj4gWy4u Ll0gVGhlIHNlY3Rpb24gb24gc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZGVzY3JpYmUgYWxzbyBt ZWFzdXJlcyBhZ2FpbnN0DQo+IGZsb29kaW5nIGF0dGFja3MsIHVzYWdlIG9mIGlkZW50aXRpZXMg aW4gYWNjZXNzIGNvbnRyb2wgbGlzdHMsIHdlYWtlciB0eXBlcyBvZg0KPiBpZGVudGlmaWVycyBh bmQgdHJ1c3Qgb24gZmlyc3QgdXNlLiBbLi4uXQ0KPiANCj4gRG9lcyB0aGlzIGFkZHJlc3MgeW91 ciBjb25jZXJuPw0KW1dpbGxdIFllcC4NCg0KPiANCj4gPiAyLiBJdCdzIGdvb2QgdG8gaGF2ZSBh IHNpbmdsZSBzdWJzZWN0aW9uIGFib3V0ICIgQW5zd2VycyB0byBOU1JHDQo+IHF1ZXN0aW9ucyIu DQo+ID4gSG93ZXZlciwgbWF5YmUgaXQncyBiZXR0ZXIgdG8gcHV0IGl0IGluIGFwcGVuZGl4Pw0K PiANCj4gaXQncyBhbHJlYWR5IGluIGFwcGVuZGl4IChkdWUgdG8gb3RoZXIgcmV2aWV3IGNvbW1l bnRzKS4NCj4gDQo+IFRoYW5rcyBmb3IgdGhlIGZlZWRiYWNrIQ0KDQpSZWdhcmRzLCAvICDoh7Tn pLwNCldpbGwgTElVICAgLyAg5YiY5qCR5oiQDQo= From nobody Tue Jan 15 06:27:48 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57A93129C6A for ; Tue, 15 Jan 2019 06:27:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.854 X-Spam-Level: X-Spam-Status: No, score=-8.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N1vXsb1Im3XR for ; Tue, 15 Jan 2019 06:27:45 -0800 (PST) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75B0F129BBF for ; Tue, 15 Jan 2019 06:27:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1547562463; x=1550154463; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=F643zuwnwwenLBkSF0tWeo46k6xTm5q/XeNS8wG6n4Q=; b=BNNzP+ARSOL18s/G3NilOSKKfoaUmKj7wbeNq8irdvBHQSfREAYDVsp7Y/roUobq WlLHytjOou2Z94+4Kw6RbKXhrAetyaVJ6z8Wi6XNMVEV12SbnslZODzOhEWBLBjA 0MbGgn0OMhp0ZlKBxmJb7XKLm7wA4kzTEPDLUjqCU/A=; X-AuditID: c1b4fb2d-2198b9e00000062f-23-5c3deddfcc88 Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 4A.8B.01583.FDDED3C5; Tue, 15 Jan 2019 15:27:43 +0100 (CET) Received: from ESESBMB504.ericsson.se (153.88.183.171) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 15 Jan 2019 15:27:35 +0100 Received: from [100.94.2.59] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.187) with Microsoft SMTP Server id 15.1.1466.3 via Frontend Transport; Tue, 15 Jan 2019 15:27:35 +0100 To: HIP From: Gonzalo Camarillo Openpgp: preference=signencrypt Autocrypt: addr=Gonzalo.Camarillo@ericsson.com; prefer-encrypt=mutual; keydata= xsBNBEtSyYUBCADL7itybUN0VVtGQuO81AdviJNSo/BIc6xuVUofHlr/U9CbQcSrRSggvTfa 6n5o9t9zAuwp9pp+hQfSzn4/LrEaV2BmEfAFclSl57IhsXDJecw58JqGZrjahIjgU+rmZKPE RqLzubmI3ltEolLb4kkB9Y8FIQBnE1N3O0wHp7BE8VI5pQX24UkRkEtUptmhwnaehURg9atb 1myxbt1nUDEA5PLJNbPeXxPRJ058OEnPtToRinSCJ7BFtD6PoeUWgOL4kKdRbMyswDikiXnN Ntj1VkDQ6yi7pOb2qkviOzKOf/smqm4ovMxUrET7SzKw4icArL+xQUW3ayJyfSju1o5rABEB AAHNJkdvbnphbG8gQ2FtYXJpbGxvIDxnY2FtYXJpbEBnbWFpbC5jb20+wsCBBBMBAgArAhsj BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCWhwGngUJFGzXmQAKCRDRM1CYcD+HNkjG CACG39D/tNsA5xxSqRtN3JJCTfpj+BWqRckMEpBjBWlOOtb94QY8r9NHRIDwvA5qCVYRqQTI qVyReNw/CkOuaah2rbCdhsng6ZAMzFovXSEnbz+wse4QiKybHvjlJJA9qQiNlne57NVlNvLN LrpZJGmSJlJBBEQRq3Z9Crl2tWFkB6mmoXNnoRej6eVmhFoAo3td5loHo55nqYVZYtAHbXan ggmPI12gUigKf4PuvIISpdokSlkpam02Y61ygtqrlYvNnM+GpbayW2X3ZY5x6bwUwfkRSUCj +xslGaRfJUwr8kUxhVlcLR6qVcjNxWeZf9XKVH86OxEJVUVFsChlDAvHzsBNBEtSyYUBCADB qzP0B7lWge5Hn1648WPWrmUg8r3723XL/zUZe1zyEVsY9VyWhrBmuEy7Xm7wdLt0+BBXWJez 7/wWR9w/63qT+3+W0fe6SDXeZqF+HtYO5QPuu/VYtex0e3TI2w4s53ZM5KQCQF60kTDoK43e 5a6/G2GCKMPpkVKxpIeOiDITiRXq9GV7KHkQpPczqj9ImWp2M9sEIngZRaKILU//TaiWnRGR i6vN/sAvfEuu1fXTwpR6bBdD9wIZgyeSqEgxnioDdyFZYkTFl9G8TuLxNIdpVPzW2M9PKRQs i/kl/Kadsgnd8RtlP7cPoIqLMjmOfGwR8EVbKpmkM1+iKJ+g9F/bABEBAAHCwGUEGAECAA8C GwwFAlocBq4FCRRs16kACgkQ0TNQmHA/hzamwgf/Tnr7/WYnKNmEYvwr/GxhSelVYsBwejkz tCXa4gmVkErgPBEYsUtWAP+jVoYndG74v/3zBPHl4CehE9RnAJ+lpsWjwsn0qPI7sCik3Xqv c44g/RQF9RSI8DckQM0MqLJNazzq4tBi/ZbILWNx2N4LrEzhwoePug3MDn3rCv1Xpr/B60or p1zixtSRKyZo+L7UjttUdJkqxUbC35pBlZlDAL2Dop9He7XwUFofyW1Xvn9xxx0NasnlJX9G 288peTb41bQrs9SqaH1aVLXBTo7S9o+8oB9DLTIIwDQqfxqTWpGIfBhiTm9d7ai9WcFC8jSW zJtc/6luXoGjvUlBzQx0jQ== Message-ID: Date: Tue, 15 Jan 2019 16:27:35 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrELMWRmVeSWpSXmKPExsUyM2J7ue79t7YxBt2XtC2mLprM7MDosWTJ T6YAxigum5TUnMyy1CJ9uwSujN3rPjAXvGapeHJkGlsD4zPmLkZODgkBE4lVO48xdTFycQgJ HGGU+Nr0khXC+cYo0bvlAJRziFFi09rJjCAtIgKSEj13l7KA2GwCFhJbbt0Hs4UFVCUuz58C ZvMLyEt0LbgKtoJR4B6vxISn+SA2r4C9xIT+Q2wgNgtQ/dKG++wgtqhArET7m/VMEDWCEidn PgGaw8HBLKApsX6XPkiYWUBc4taT+UwQtrzE9rdzwMYLCWhLLH/WwjKBUXAWku5ZCN2zkHTP QtK9gJFlFaNocWpxcW66kbFealFmcnFxfp5eXmrJJkZgyB7c8lt3B+Pq146HGAU4GJV4eHde s40RYk0sK67MBYYHB7OSCG+Zk02MEG9KYmVValF+fFFpTmrxIUZpDhYlcd4/QoIxQgLpiSWp 2ampBalFMFkmDk6pBkav5L9/Tc/tMLrnrfRMc/r1osSMlMlLEg80tc2t3tEyQ+dqSpsCr8CL nFBJ/qiNHi37JGrTZiytljsbrWR5cdItFcH7L1NYd0Wd27E22P3pv+Bl8eevvFlbXplcpeSx 9l+B7d4ZKo2Vu1S6+5L6U1VdnWZIS33Unnp3l+Hj81qs9k3bODdO61JiKc5INNRiLipOBACB o6CvVQIAAA== Archived-At: Subject: [Hipsec] Status of draft-ietf-hip-dex X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2019 14:27:47 -0000 Hi, I want to give the group a status update on the HIP DEX draft. Terry, our AD, had to remove it from the agenda of the telechat where it was going to be discussed (in May) because of security-related concerns about the draft (from the Security ADs). We have been periodically pinging Rene and Bob (authors of the draft) since then (9 months!), but we have not been able to get any response from them... note that we had added Rene as a coauthor of this draft because Bob's lack of cycles. Terry would like to get this done by the end of February. Any proposals on how to proceed? Cheers, Gonzalo From nobody Tue Jan 15 15:25:37 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A91BC12D4EF for ; Tue, 15 Jan 2019 15:25:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4XuKtrreZVjS for ; Tue, 15 Jan 2019 15:25:33 -0800 (PST) Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06815128766 for ; Tue, 15 Jan 2019 15:25:33 -0800 (PST) Received: by mail-wm1-x333.google.com with SMTP id a62so151148wmh.4 for ; Tue, 15 Jan 2019 15:25:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-transfer-encoding:content-language:thread-index; bh=/s579tRw3xkR//EPzVClgfztJBfnz5vjM0AOW+OIMIA=; b=ChbwEZX1Zl3fMNOLwjZZx+HR14POIM6vuhEg8WzzpHNhkYEStJI4WOtmEERomtIy8y OamZu8PO9nRQFjKRH3CJF8YIddc+A9JwZX4Tk1Dtfb+kbyb7mcSS7q5rtTEPdPx5Hi1a urooFdVYdhZA6ufPLERD48gQq0OkOzZPWo8+616tFl0sRLeYv7yb4bIkINPCbrk2Gjva xMAaKFdpxvOYbXe9bFGiPQt7Pd6SZ5ruj5bcEVR8tFDALaMLElpkqnHeDxFJaB+vocvW MvJgAsd+gg+6kG94DymWxcrkRL10GLEA+N4EBZW2RjBtBg84ILtjrIbaOvghsDLmpE1X v3Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:content-language :thread-index; bh=/s579tRw3xkR//EPzVClgfztJBfnz5vjM0AOW+OIMIA=; b=Uc6yj4PZ45aXAekRfK48TJxMH7ytMN95jfbuSTeFkU2ClHtih/PRlcvn01vtWVwn1T FoCxPr3WaC9Q2DpyfwwROdlDnmyEvzwMT/PAjOTwBuH+wrbJrexW7/CGDx2cjfXQFkk8 wAVFybXn/dauLIUwL2TQXK/gYBkapThn+3JeKzgcnGcSZxGIlz/jt8br6G+QLejW5sT8 RRLIcKage3zLmAwIG0WZGfdrr5+MugJxGEyldLLl7/z7QRVHB6cTAtUGWOKuinKWlsFw A9yjPonC36nIauEebj6crkZE42b5tRhEI5gcjTSKmIqfNxGn4Mgv27bdG7x2BkshjpwX PRXw== X-Gm-Message-State: AJcUukfH0Wlz1+leOEpk5GNVwInZMbS/b90YmCqECUmlJmT33arB1kB5 SdpwIk+OySqT+r0VuwIXvw== X-Google-Smtp-Source: ALg8bN5KMJ0LpBJ0duMYUZAipyqp4xUnRj7uDUWwHGq0h8goroeH8s/eGJoPiWVy/WvMouQxQP9o5g== X-Received: by 2002:a1c:c87:: with SMTP id 129mr4901934wmm.116.1547594731430; Tue, 15 Jan 2019 15:25:31 -0800 (PST) Received: from DESKTOPPC (HSI-KBW-046-005-004-028.hsi8.kabel-badenwuerttemberg.de. [46.5.4.28]) by smtp.gmail.com with ESMTPSA id c8sm61366238wrx.42.2019.01.15.15.25.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Jan 2019 15:25:30 -0800 (PST) From: =?iso-8859-1?Q?Ren=E9_Hummen?= To: "'Gonzalo Camarillo'" , "'Robert Moskowitz'" , "'HIP'" References: In-Reply-To: Date: Wed, 16 Jan 2019 00:25:30 +0100 Message-ID: <074001d4ad29$9b24eda0$d16ec8e0$@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Content-Language: de Thread-index: AQFs7PeVk3qFTDFxKJbfcw4P+czNoaaAUW6Q Archived-At: Subject: Re: [Hipsec] Status of draft-ietf-hip-dex X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2019 23:25:36 -0000 Hi Gonzalo, Bob, all, sorry for being unresponsive.=20 I have been working extensively on the draft in the past since becoming co-editor of draft-moskowitz-hip-dex-01 back in March 2014, but I have = not been following HIP-related emails lately in accordance with Bob. I also = want to take this opportunity to note that I will not have any significant = amount of time for contributions in the future. That said, I still would like to briefly explain the high-level = rationale behind our choice of cryptographic primitives for HIP DEX, which are = Eric's key points as I see it: In 2014 and beyond, many (Industrial) IoT devices often did not offer communication security or relied on fixed symmetric keys, potentially resulting in overuse of these keys. This was - and to my understanding = still is - a direct result of the relatively high cost (ROM, RAM, CPU cycles, network usage) of public key cryptography on many microcontroller-based embedded devices. Taking HIP BEX as a starting point, the idea therefore was to reduce the overhead of the cryptographic primitives by omitting public-key = signatures and hash functions as the main overhead drivers regarding the above cost factors. That also meant losing some cryptographic properties such as = PFS and SIGMA-compliance, many of which are taken for granted for = traditional Internet security. This is the trade-off that we were willing to accept for HIP DEX in = order to improve on deployed state of the art and our approach is to be very open about these trade-offs. This is why we added text to that direction = right to the start of the document (https://tools.ietf.org/html/draft-ietf-hip-dex-06#section-1). I suggest for the WG to decide whether this rationale and these = trade-offs are still valid and acceptable in 2019 and to proceed accordingly. @Bob: Please comment if your view differs. Regards, Ren=E9 -----Original Message----- From: Hipsec On Behalf Of Gonzalo Camarillo Sent: Dienstag, 15. Januar 2019 15:28 To: HIP Subject: [Hipsec] Status of draft-ietf-hip-dex Hi, I want to give the group a status update on the HIP DEX draft. Terry, = our AD, had to remove it from the agenda of the telechat where it was going = to be discussed (in May) because of security-related concerns about the = draft (from the Security ADs). We have been periodically pinging Rene and Bob (authors of the draft) since then (9 months!), but we have not been able = to get any response from them... note that we had added Rene as a coauthor = of this draft because Bob's lack of cycles. Terry would like to get this done by the end of February. Any proposals = on how to proceed? Cheers, Gonzalo _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec From nobody Wed Jan 16 00:16:35 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48B441310F4 for ; Wed, 16 Jan 2019 00:16:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.853 X-Spam-Level: X-Spam-Status: No, score=-8.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ptwo8RoYG2PZ for ; Wed, 16 Jan 2019 00:16:31 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 463AA13115C for ; Wed, 16 Jan 2019 00:16:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1547626586; x=1550218586; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=lqKqWrEDm3K46AVM7qaUhBDesmD3BE8i84gyNkAcVNw=; b=PLel3KDzFIUxmMsW17JKuPgmrbfPkBfF9PxPf+DFspFWPs5jik3eT9TEQ8tPwtks qCtmUREAu4oasw7qIDafXeppDeXp5yzrShrPqeXzRievriTYEO4znmGQWfUCGWTE RaMTZo3X2cBWnWngs62GMNS4ZwotkX5w1O4ly4JtL1o=; X-AuditID: c1b4fb25-209009e000005ff7-9a-5c3ee85a1088 Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id F5.C4.24567.A58EE3C5; Wed, 16 Jan 2019 09:16:26 +0100 (CET) Received: from ESESSMB505.ericsson.se (153.88.183.166) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 16 Jan 2019 09:15:26 +0100 Received: from [100.94.2.65] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.193) with Microsoft SMTP Server id 15.1.1466.3 via Frontend Transport; Wed, 16 Jan 2019 09:15:25 +0100 To: =?UTF-8?Q?Ren=c3=a9_Hummen?= , 'Robert Moskowitz' , 'HIP' References: <074001d4ad29$9b24eda0$d16ec8e0$@gmail.com> From: Gonzalo Camarillo Openpgp: preference=signencrypt Autocrypt: addr=Gonzalo.Camarillo@ericsson.com; prefer-encrypt=mutual; keydata= xsBNBEtSyYUBCADL7itybUN0VVtGQuO81AdviJNSo/BIc6xuVUofHlr/U9CbQcSrRSggvTfa 6n5o9t9zAuwp9pp+hQfSzn4/LrEaV2BmEfAFclSl57IhsXDJecw58JqGZrjahIjgU+rmZKPE RqLzubmI3ltEolLb4kkB9Y8FIQBnE1N3O0wHp7BE8VI5pQX24UkRkEtUptmhwnaehURg9atb 1myxbt1nUDEA5PLJNbPeXxPRJ058OEnPtToRinSCJ7BFtD6PoeUWgOL4kKdRbMyswDikiXnN Ntj1VkDQ6yi7pOb2qkviOzKOf/smqm4ovMxUrET7SzKw4icArL+xQUW3ayJyfSju1o5rABEB AAHNJkdvbnphbG8gQ2FtYXJpbGxvIDxnY2FtYXJpbEBnbWFpbC5jb20+wsCBBBMBAgArAhsj BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCWhwGngUJFGzXmQAKCRDRM1CYcD+HNkjG CACG39D/tNsA5xxSqRtN3JJCTfpj+BWqRckMEpBjBWlOOtb94QY8r9NHRIDwvA5qCVYRqQTI qVyReNw/CkOuaah2rbCdhsng6ZAMzFovXSEnbz+wse4QiKybHvjlJJA9qQiNlne57NVlNvLN LrpZJGmSJlJBBEQRq3Z9Crl2tWFkB6mmoXNnoRej6eVmhFoAo3td5loHo55nqYVZYtAHbXan ggmPI12gUigKf4PuvIISpdokSlkpam02Y61ygtqrlYvNnM+GpbayW2X3ZY5x6bwUwfkRSUCj +xslGaRfJUwr8kUxhVlcLR6qVcjNxWeZf9XKVH86OxEJVUVFsChlDAvHzsBNBEtSyYUBCADB qzP0B7lWge5Hn1648WPWrmUg8r3723XL/zUZe1zyEVsY9VyWhrBmuEy7Xm7wdLt0+BBXWJez 7/wWR9w/63qT+3+W0fe6SDXeZqF+HtYO5QPuu/VYtex0e3TI2w4s53ZM5KQCQF60kTDoK43e 5a6/G2GCKMPpkVKxpIeOiDITiRXq9GV7KHkQpPczqj9ImWp2M9sEIngZRaKILU//TaiWnRGR i6vN/sAvfEuu1fXTwpR6bBdD9wIZgyeSqEgxnioDdyFZYkTFl9G8TuLxNIdpVPzW2M9PKRQs i/kl/Kadsgnd8RtlP7cPoIqLMjmOfGwR8EVbKpmkM1+iKJ+g9F/bABEBAAHCwGUEGAECAA8C GwwFAlocBq4FCRRs16kACgkQ0TNQmHA/hzamwgf/Tnr7/WYnKNmEYvwr/GxhSelVYsBwejkz tCXa4gmVkErgPBEYsUtWAP+jVoYndG74v/3zBPHl4CehE9RnAJ+lpsWjwsn0qPI7sCik3Xqv c44g/RQF9RSI8DckQM0MqLJNazzq4tBi/ZbILWNx2N4LrEzhwoePug3MDn3rCv1Xpr/B60or p1zixtSRKyZo+L7UjttUdJkqxUbC35pBlZlDAL2Dop9He7XwUFofyW1Xvn9xxx0NasnlJX9G 288peTb41bQrs9SqaH1aVLXBTo7S9o+8oB9DLTIIwDQqfxqTWpGIfBhiTm9d7ai9WcFC8jSW zJtc/6luXoGjvUlBzQx0jQ== Message-ID: <4fc59ec2-8ff3-f1ca-ef41-222dc103666f@ericsson.com> Date: Wed, 16 Jan 2019 10:15:23 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <074001d4ad29$9b24eda0$d16ec8e0$@gmail.com> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrLLMWRmVeSWpSXmKPExsUyM2J7uW7UC7sYg96TPBZTF01mtnh39DuL RcO6z4wOzB47Z91l99g9qYndY8mSn0wBzFFcNimpOZllqUX6dglcGadO3GYpmCVZcXfLeuYG xikiXYycHBICJhIT/v5g7WLk4hASOMIoMXPPWyaQhJDAN0aJy1d8IRKHGCX2vD7BApIQFjCS 2LZ5GjNIQkSgmVFi2ZzVLBAduRLrGuYygthsAhYSW27dB4vzC8hLdC24ygxiMwrc45WY8DS/ i5GDg1fAXuJvoxBImEVAVWJ94wewclGBWIn2N+vBjuAVEJQ4OfMJWJwTaOT9K/PYQFqZBTQl 1u/SBwkzC4hL3HoynwnClpdo3jqbGeIabYnlz1pYJjAKz0IyaRZC9ywk3bOQdC9gZFnFKFqc WpyUm25krJdalJlcXJyfp5eXWrKJERgJB7f8Vt3BePmN4yFGAQ5GJR7e41ftYoRYE8uKK3OB 4cTBrCTC+3MJUIg3JbGyKrUoP76oNCe1+BCjNAeLkjjvHyHBGCGB9MSS1OzU1ILUIpgsEwen VAMjb8RipgKvVdN3ZB3elZ73ckoVc6p22jSxAjWzG6/Td+o3HLP0XN/oc/R3WuWGE2d6X125 ElniO3ft1a78B4e///h/fHLu2c9aE5tyw56e+FS/+WGpxu6I5Vx+Zhdr1k3J1VM4+KTJZsXl XzV+jCsEJ87v/vbH5z7/uYUqD1bP3SEhJd7Hu4d1rxJLcUaioRZzUXEiAM8vc0uAAgAA Archived-At: Subject: Re: [Hipsec] Status of draft-ietf-hip-dex X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2019 08:16:33 -0000 Hi Rene, if you do not hear anything against your explanation before, please engage with Terry and Eric so that we can move forward. Thanks! Cheers, Gonzalo On 16-Jan-19 01:25, René Hummen wrote: > Hi Gonzalo, Bob, all, > > sorry for being unresponsive. > > I have been working extensively on the draft in the past since becoming > co-editor of draft-moskowitz-hip-dex-01 back in March 2014, but I have not > been following HIP-related emails lately in accordance with Bob. I also want > to take this opportunity to note that I will not have any significant amount > of time for contributions in the future. > > That said, I still would like to briefly explain the high-level rationale > behind our choice of cryptographic primitives for HIP DEX, which are Eric's > key points as I see it: > In 2014 and beyond, many (Industrial) IoT devices often did not offer > communication security or relied on fixed symmetric keys, potentially > resulting in overuse of these keys. This was - and to my understanding still > is - a direct result of the relatively high cost (ROM, RAM, CPU cycles, > network usage) of public key cryptography on many microcontroller-based > embedded devices. > > Taking HIP BEX as a starting point, the idea therefore was to reduce the > overhead of the cryptographic primitives by omitting public-key signatures > and hash functions as the main overhead drivers regarding the above cost > factors. That also meant losing some cryptographic properties such as PFS > and SIGMA-compliance, many of which are taken for granted for traditional > Internet security. > > This is the trade-off that we were willing to accept for HIP DEX in order to > improve on deployed state of the art and our approach is to be very open > about these trade-offs. This is why we added text to that direction right to > the start of the document > (https://tools.ietf.org/html/draft-ietf-hip-dex-06#section-1). > > I suggest for the WG to decide whether this rationale and these trade-offs > are still valid and acceptable in 2019 and to proceed accordingly. > > @Bob: Please comment if your view differs. > > Regards, > René > > > -----Original Message----- > From: Hipsec On Behalf Of Gonzalo Camarillo > Sent: Dienstag, 15. Januar 2019 15:28 > To: HIP > Subject: [Hipsec] Status of draft-ietf-hip-dex > > Hi, > > I want to give the group a status update on the HIP DEX draft. Terry, our > AD, had to remove it from the agenda of the telechat where it was going to > be discussed (in May) because of security-related concerns about the draft > (from the Security ADs). We have been periodically pinging Rene and Bob > (authors of the draft) since then (9 months!), but we have not been able to > get any response from them... note that we had added Rene as a coauthor of > this draft because Bob's lack of cycles. > > Terry would like to get this done by the end of February. Any proposals on > how to proceed? > > Cheers, > > Gonzalo > > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec > From nobody Wed Jan 23 03:18:29 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E1F3130E57 for ; Wed, 23 Jan 2019 03:18:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.854 X-Spam-Level: X-Spam-Status: No, score=-8.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=dETndc4U; dkim=pass (1024-bit key) header.d=ericsson.com header.b=V2rfZGKP Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ha2dk7mWtI4y for ; Wed, 23 Jan 2019 03:18:17 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66C83130E59 for ; Wed, 23 Jan 2019 03:18:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1548242292; x=1550834292; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=1wCF76rsqumlo+SOrMU6rzDUv9zlgedh3KVSewOlN0I=; b=dETndc4UbJYhaa2Q6BGnUOMh7KmCzoDSLImo2rIFY4qG6yy9zYIhW1RgTyZwfEMb H1gfYuR7iV3EMTpcDbDkB4Dvg8zasuyA3jgo4ohCHra9YMSndUvoYmDXgS6on2od 7XcUHdg5z2vy+hRZ0q+WVtauBLRxy26LsqavX8dSwpc=; X-AuditID: c1b4fb25-209009e000005ff7-8f-5c484d7474c4 Received: from ESESBMB501.ericsson.se (Unknown_Domain [153.88.183.114]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 05.03.24567.47D484C5; Wed, 23 Jan 2019 12:18:12 +0100 (CET) Received: from ESESBMB501.ericsson.se (153.88.183.168) by ESESBMB501.ericsson.se (153.88.183.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 23 Jan 2019 12:18:12 +0100 Received: from EUR01-DB5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB501.ericsson.se (153.88.183.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Wed, 23 Jan 2019 12:18:12 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1wCF76rsqumlo+SOrMU6rzDUv9zlgedh3KVSewOlN0I=; b=V2rfZGKP0n4Nw1k8h66Uhokdj+fo8tqhVw6qkLUcHgXBep1CaJmYqwMRxpoEqRqNGEBjyy/5du4H1aoApWPyxZUsu5e7jDeem1HWWkphB4+UMDVZYarGcKp/dyJBx56NEOOwGlAtYv4x71bxS5VxiXcaS7uuwEgpMy03U/zbQT0= Received: from AM4PR0701MB2194.eurprd07.prod.outlook.com (10.167.132.155) by AM4PR0701MB2163.eurprd07.prod.outlook.com (10.167.132.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.5; Wed, 23 Jan 2019 11:18:11 +0000 Received: from AM4PR0701MB2194.eurprd07.prod.outlook.com ([fe80::a15f:7d17:876c:b965]) by AM4PR0701MB2194.eurprd07.prod.outlook.com ([fe80::a15f:7d17:876c:b965%12]) with mapi id 15.20.1558.016; Wed, 23 Jan 2019 11:18:11 +0000 From: Miika Komu To: Tom Henderson , Eric Rescorla CC: "mkomu@kapsi.fi" , "draft-ietf-hip-rfc4423-bis@ietf.org" , "hipsec@ietf.org" , "hip-chairs@ietf.org" , IESG Thread-Topic: [Hipsec] Eric Rescorla's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) Thread-Index: AQHT5YLxe6LepMqB0kKL89VZqk/vXKVaTjGAgAGJ8ICASqy+AIAAZFmAgACkQ7KAEdPFAIAE7luA Date: Wed, 23 Jan 2019 11:18:11 +0000 Message-ID: References: <152564286489.26793.2457846656783140871.idtracker@ietfa.amsl.com> <70e4c94f-0097-0b13-140c-db0a5732ab67@kapsi.fi> <4068edc0-76c5-9931-1b52-8f147b24d854@tomh.org> In-Reply-To: <4068edc0-76c5-9931-1b52-8f147b24d854@tomh.org> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0402CA0019.eurprd04.prod.outlook.com (2603:10a6:3:d0::29) To AM4PR0701MB2194.eurprd07.prod.outlook.com (2603:10a6:200:49::27) authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR0701MB2163; 6:iaIhV8rkLmsHT4SJakxNjLZAw2+e6L+PfF4QP0xLUF9g/dnUUZMFwDrJVJZm2LOqSB4bKpMoQZmJ3Jv3lAcofToyJkDcu+agblBjdLtRz9P7zA4JaGOWK21JLmSVn/jPJyTZWn9X5oVhzkwz+sUCJL4/n8frSEtGe1tfTmSqozceOrp8RxA0CD+ByapZ5oSGJ/Y+FWtBb36W6uoDetHsGQNEgzVW+j5daC32leaATuv0ghKtyAh+m1Z08x+Hjk6IUAazTEz713+IVbsB89NJE82CPIj/V4+ihgTIipPOnya4Q7FBddP7VeFGR04QV6NyHl2UzOH448yF43Dqwjxm26LTDB1gDxmGLaQcMDNbFgxBYs/ObtAzY74vaRFMB+df+Z1wZ98hfgOWAy5Rp19Ff4CUgti+gdg6Oj7QKmNcTMLA4k5uNihuRxJ5OjJPBTpdYb3O7nXwQaFK8CtCN4tdhQ==; 5:9uEYrtb7ljitWo5aRevxoU/TaGf5MidbbtUMmvikhcgacOCHYiNo95NlXjAf8pawO5WLEZGzlOVMNT/J06TJ24Ie4OagiNtsVm8cCqvgmPWBQwUVekCx4SkEaSbKqZiJtDgpwsMJy+g+bNIJp0thBQhHPJimFah8Dcpjb25lPIogR7NMQb+xdFkQ5SCZarFjX7TpdSYUf1Lq0HQcESYDjw==; 7:K83G+dlhoKX7PaEaVGIvFKsh8Qgi9BAQC4+cCtyekc8wKNcTjertBFHc3/cAVblIUX2b/rEc8rczyCm7zO6y8B0qz/kY8zvobGq9Hk7DtCe7h03b1oxxTO8zsin4Tl3EZnVH8VPtwq7VcIppLuyfxg== x-ms-office365-filtering-correlation-id: 30a639a6-9989-4a97-18d2-08d68124758d x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605077)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:AM4PR0701MB2163; x-ms-traffictypediagnostic: AM4PR0701MB2163: x-microsoft-antispam-prvs: x-forefront-prvs: 0926B0E013 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(136003)(346002)(366004)(396003)(189003)(199004)(14444005)(256004)(31696002)(6512007)(86362001)(2906002)(106356001)(36756003)(31686004)(68736007)(6246003)(4326008)(305945005)(7736002)(105586002)(53936002)(966005)(14454004)(93886005)(81166006)(8676002)(81156014)(8936002)(25786009)(478600001)(26005)(6306002)(186003)(6116002)(76176011)(3846002)(102836004)(44832011)(486006)(229853002)(110136005)(476003)(71190400001)(54906003)(386003)(71200400001)(11346002)(446003)(2616005)(97736004)(316002)(66066001)(6436002)(6486002)(99286004)(52116002)(6506007)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0701MB2163; H:AM4PR0701MB2194.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ljM5ADJVCZ11gJhDK06609F0hXBejy34GlN4q0kJUOv2Q1nqNdqkIdAqbMC5pUMv7N7P+JlEKZub0HlJVTWAMl3Nh5BQo76vesq/RUgJGd2NOFWQb/w2+B5cm41S++SqoV9P0oPoox375s9RnzHurT7KrygQSJuLbxnxrZkWGy4r8RfJtKpB9+IUkTDxF0ozkENWJuyMuWEU+GTMxM1sofiU52N/kKwDoSeRvZYPyH77Cq+3WEQQOTsy/YPxDpQCU4qSzkybnlcmXBrcXubULPv+I59IAsDPkHbGJotVWlEdpls2O0BL/0BBfKSW3g1I1gsfR+DdoYYItlhjKu3Of/C5ZiDK8IXZWZLcgZlRjbwkYrSczA+4KYOQ1DMUGVKl4IB7rp1bZUBpWyOkhA579C/XSDeuKMfLAPdpgkwtdDA= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 30a639a6-9989-4a97-18d2-08d68124758d X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2019 11:18:10.7468 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0701MB2163 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA02SfyzUYRzHPfd8z33R5euQz5Q116SuolPs/lCxVW42q/RPdJuufHMWzr4n S1Nh8sddSZPF1RJdxW2NZGXcNJf1G8XC/Dg7jvyKZaS4yN33bP33+jzvz/v9eZ7PHhIL6rm+ ZHJaBs2kyVOEzq5E2alXzJ6MGKls78DYLslg6wOepGqqnSdpva7mSUoqi7Gk1HobS74VjnAl uYNWTgRPqtP94Ug7261YWjxSgKWG7h3HiXjX8EQ6JTmTZoIPnnFVWDoaOOkvQy6NGj7jHFQk ViMXEqj9MD54z1mNXEkB1Ypg5d4iYotfCBqH3hFsoePAjcIuu0JQRRjan9Q5PKUcGFnUY7b4 juB531NkS3amRKAf6ME29qIOgWlBw7U1YcqEoHuhk7AJnhQN9R9LOGzTebB+yXVmOR5MfRV2 M0EFwEDDuJ35a0F6g9kxehJDjnWJZxNcqHDQDa1ybYwoP6h+sWI3YMoH+izlHPatFOgMHZhl b5gYWeGyXIZgeR6x3njQTN4i2PPd0NZjQSz7Q9uM2ZHjB53lGvsygMrnQXPZa0doDIyNFzgM /Qg008x6UO19DY9lJVTPVzkGbIGWORMuQiHa/+6qReQa74SaxmAWpdDSu4nt8Ic7GjNPa1+F B3wosxAPEVePvFW06mxqUsi+IJpJPqdSKdOC0uiMOrT2l1rqlwMaUNd0pBFRJBJu4NeESmUC rjxTlZVqREBioRf/yNejMgE/UZ51mWaUCczFFFplRJtJQujDtwo8ZAIqSZ5BX6DpdJpZVzmk i28Oirni5v9DPFxaOwvbpaIOsdPPiLD3htXZ3KminK2FxpltA9Fx1oq/7gs4yk09Hph4+pmo 5kSI4q1S62GwtHTcfZM6+ui3p/Kqi/tQ+IQl9vDsteTY4mZz3FwUnFSEbVQ/zos8xgwPBzbl aRVL+Q3Bnyqzs0N7b/YnRPceaCIynYSESiEXizCjkv8DIlXNk0cDAAA= Archived-At: Subject: Re: [Hipsec] Eric Rescorla's No Objection on draft-ietf-hip-rfc4423-bis-19: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2019 11:18:19 -0000 SGksDQoNCk9uIDEvMjAvMTkgMDc6NTksIFRvbSBIZW5kZXJzb24gd3JvdGU6DQo+IE9uIDEvOC8x OSAzOjQ0IFBNLCBFcmljIFJlc2NvcmxhIHdyb3RlOg0KPj4NCj4+DQo+PiBPbiBUdWUsIEphbiA4 LCAyMDE5IGF0IDk6NTAgQU0gVG9tIEhlbmRlcnNvbiA8dG9taEB0b21oLm9yZyANCj4+IDxtYWls dG86dG9taEB0b21oLm9yZz4+IHdyb3RlOg0KPj4NCj4+IMKgwqDCoCBPbiAxLzgvMTkgNTo1NyBB TSwgRXJpYyBSZXNjb3JsYSB3cm90ZToNCj4+DQo+PiDCoMKgwqDCoCA+wqAgwqAgwqBUaGUgc2Vj b25kIHByZWltYWdlIGF0dGFjayByZXNpc3RhbmNlIGlzIDk2IGJpdHMsIHBsdXMNCj4+IMKgwqDC oCB3aGF0ZXZlciB3b3JrDQo+PiDCoMKgwqDCoCA+wqAgwqAgwqBpcyBuZWVkZWQgdG8gZ2VuZXJh dGUgdGhlIGtleXMuDQo+PiDCoMKgwqDCoCA+DQo+PiDCoMKgwqDCoCA+IEkgYWdyZWUgdGhhdCB0 aGlzIGlzIGluIFJGQyA3MzQzLCBidXQgaXQgZG9lc24ndCBzZWVtIHRvIGJlIHN0YXRlZA0KPj4g wqDCoMKgwqAgPiBhbnl3aGVyZSBpbiB0aGlzIGRvY3VtZW50LCBhbmTCoCBnaXZlbiB0aGF0IHRo aXMgdGV4dCB0YWxrcyBhYm91dA0KPj4gwqDCoMKgIGJvdGggNjQNCj4+IMKgwqDCoMKgID4gYml0 IGFuZCA+PSAxMDAgYml0IGhhc2ggZnVuY3Rpb25zLCBJJ20gbm90IHN1cmUgaG93IHRvIGdldCBp dA0KPj4gwqDCoMKgIGZyb20gdGhpcw0KPj4gwqDCoMKgwqAgPiB0ZXh0LCB3aGljaCBpcyBpbiBj b250ZXh0IHF1aXRlIGNvbmZ1c2luZy8NCj4+DQo+PiDCoMKgwqAgSSBhZ3JlZSB0aGF0IHRoZSB0 ZXh0IGNvdWxkIGJlIGNsYXJpZmllZDsgSSB3aWxsIHRyeSB0byBzdWdnZXN0DQo+PiDCoMKgwqAg c29tZXRoaW5nIG1vcmUuDQo+Pg0KPj4gwqDCoMKgwqAgPg0KPj4gwqDCoMKgwqAgPsKgIMKgIMKg VGhlcmUgaXNuJ3QgYW55IG1lY2hhbmlzbSBkZWZpbmVkIHRvIGV4dGVuZCB0aGlzLCBzdWNoIGFz IA0KPj4gdGhlIENHQQ0KPj4gwqDCoMKgwqAgPsKgIMKgIMKgSGFzaCBFeHRlbnNpb24sIGJ1dCBp dCBzZWVtcyB0byBtZSB0aGF0IEhJUCBjb3VsZCBiZSBleHRlbmRlZA0KPj4gwqDCoMKgIGluIGEN Cj4+IMKgwqDCoMKgID7CoCDCoCDCoHNpbWlsYXIgd2F5LsKgIE15IHJlY29sbGVjdGlvbiBpcyB0 aGF0IHRoZSBXRyBoYWQgdGhvdWdodCA5Ng0KPj4gwqDCoMKgIGJpdHMgdG8NCj4+IMKgwqDCoMKg ID7CoCDCoCDCoGJlIHN0cm9uZyBlbm91Z2ggcHJlaW1hZ2UgcmVzaXN0YW5jZS4NCj4+IMKgwqDC oMKgID4NCj4+IMKgwqDCoMKgID4gR2VuZXJhbGx5LCB3ZSBhcmUgdGFyZ2V0aW5nIHRoZSAxMjgt Yml0IHNlY3VyaXR5IGxldmVsIGZvciBuZXcNCj4+IMKgwqDCoCBkZXBsb3ltZW50cw0KPj4gwqDC oMKgwqAgPg0KPj4NCj4+IMKgwqDCoCBDYW4geW91IHByb3ZpZGUgYSByZWZlcmVuY2UgZm9yIHRo ZSAxMjgtYml0IHJlY29tbWVuZGF0aW9uPw0KPj4NCj4+DQo+PiBJIGRvbid0IGJlbGlldmUgdGhl cmUgaXMgYSBwb2xpY3ksIGJ1dCBmb3IgaW5zdGFuY2UsIHNlZToNCj4+IGh0dHBzOi8vdG9vbHMu aWV0Zi5vcmcvaHRtbC9yZmM3NTI1I3NlY3Rpb24tNC4xDQo+Pg0KPj4gwqDCoMKgIEFsc28sIGhv dyBhcmUgbGVnYWN5IHVzZXMgbGlrZSBTRU5EL0NHQSBoYW5kbGluZyB0aGlzIG5ldyB0YXJnZXQg KG9yDQo+PiDCoMKgwqAgYXJlDQo+PiDCoMKgwqAgdGhleSBqdXN0IGNvbnNpZGVyZWQgbGVnYWN5 IGF0IHRoaXMgcG9pbnQpPw0KPj4NCj4+DQo+PiBBcyBmYXIgYXMgSSB1bmRlcnN0YW5kIGl0LCB0 aGV5IGFyZSBsZWdhY3kuDQo+Pg0KPj4gLUVrcg0KPj4NCj4gDQo+IEVyaWMgYW5kIGFsbCwNCj4g DQo+IEluIHJlc3BvbnNlIHRvIHRoaXMgdGhyZWFkLCBJIHByb3Bvc2UgYmVsb3cgYW4gYWRkaXRp b25hbCBwYXJhZ3JhcGggdG8gDQo+IHRoZSBkcmFmdC4NCj4gDQo+IEluIHNlY3Rpb24gMy4xLCBp dCBkaXNjdXNzZXMgcmVxdWlyZW1lbnRzIG9uIHRoZSBuZXcgbmFtZXNwYWNlIGluDQo+IGdlbmVy YWwgYW5kIG1lbnRpb25zIHRoZSBkZXNpcmUgdG8gYXZvaWQgY29sbGlzaW9ucywgYnV0IGp1c3Qg bGlzdHMgYQ0KPiBnZW5lcmljIHJlcXVpcmVtZW50IHRvIHByb3ZpZGUgJ2F1dGhlbnRpY2F0aW9u IHNlcnZpY2VzJyBiZWNhdXNlIHRoZQ0KPiBjcnlwdG9ncmFwaGljIGRldGFpbHMgYXJlIHByb3Zp ZGVkIGxhdGVyLsKgIEFzIGEgcmVzdWx0LCBJIGRlY2lkZWQNCj4gYWdhaW5zdCBkZXNjcmliaW5n IHNlY29uZCBwcmUtaW1hZ2UgcmVzaXN0YW5jZSBoZXJlLg0KPiANCj4gSW4gc2VjdGlvbiA0LjMs IHRoZSBmb2xsb3dpbmcgcGFyYWdyYXBoIGN1cnJlbnRseSBjb25jbHVkZXMgdGhlIHNlY3Rpb246 DQo+IA0KPiAgwqDCoCBJbiB0aGUgSElQIHBhY2tldHMsIHRoZSBISVRzIGlkZW50aWZ5IHRoZSBz ZW5kZXIgYW5kIHJlY2lwaWVudCBvZiBhDQo+ICDCoMKgIHBhY2tldC7CoCBDb25zZXF1ZW50bHks IGEgSElUIHNob3VsZCBiZSB1bmlxdWUgaW4gdGhlIHdob2xlIElQDQo+ICDCoMKgIHVuaXZlcnNl IGFzIGxvbmcgYXMgaXQgaXMgYmVpbmcgdXNlZC7CoCBJbiB0aGUgZXh0cmVtZWx5IHJhcmUgY2Fz ZSBvZg0KPiAgwqDCoCBhIHNpbmdsZSBISVQgbWFwcGluZyB0byBtb3JlIHRoYW4gb25lIEhvc3Qg SWRlbnRpdHksIHRoZSBIb3N0DQo+ICDCoMKgIElkZW50aWZpZXJzIChwdWJsaWMga2V5cykgd2ls bCBtYWtlIHRoZSBmaW5hbCBkaWZmZXJlbmNlLsKgIElmIHRoZXJlDQo+ICDCoMKgIGlzIG1vcmUg dGhhbiBvbmUgcHVibGljIGtleSBmb3IgYSBnaXZlbiBub2RlLCB0aGUgSElUIGFjdHMgYXMgYSBo aW50DQo+ICDCoMKgIGZvciB0aGUgY29ycmVjdCBwdWJsaWMga2V5IHRvIHVzZS4NCj4gDQo+IEkg c3VnZ2VzdCB0byBhZGQgYSBwYXJhZ3JhcGggYXMgZm9sbG93czoNCj4gDQo+ICDCoMKgIEFsdGhv dWdoIGl0IG1heSBiZSByYXJlIGZvciBhbiBhY2NpZGVudGFsIGNvbGxpc2lvbiB0byBjYXVzZSBh IHNpbmdsZQ0KPiAgwqDCoCBISVQgbWFwcGluZyB0byBtb3JlIHRoYW4gb25lIEhvc3QgSWRlbnRp dHksIGl0IG1heSBiZSB0aGUgY2FzZSB0aGF0DQo+ICDCoMKgIGFuIGF0dGFja2VyIHN1Y2NlZWRz IHRvIGZpbmQsIGJ5IGJydXRlIGZvcmNlIG9yIGFsZ29yaXRobWljIHdlYWtuZXNzLA0KPiAgwqDC oCBhIHNlY29uZCBIb3N0IElkZW50aXR5IGhhc2hpbmcgdG8gdGhlIHNhbWUgSElULsKgIFRoaXMg dHlwZSBvZiBhdHRhY2sNCj4gIMKgwqAgaXMga25vd24gYXMgYSBwcmVpbWFnZSBhdHRhY2ssIGFu ZCB0aGUgcmVzaXN0YW5jZSB0byBmaW5kaW5nIGEgc2Vjb25kDQo+ICDCoMKgIEhvc3QgSWRlbnRp ZmllciAocHVibGljIGtleSkgdGhhdCBoYXNoZXMgdG8gdGhlIHNhbWUgSElUIGlzIGNhbGxlZA0K PiAgwqDCoCBzZWNvbmQgcHJlaW1hZ2UgcmVzaXN0YW5jZS7CoCBTZWNvbmQgcHJlaW1hZ2UgcmVz aXN0YW5jZSBpbiBISVAgaXMNCj4gIMKgwqAgYmFzZWQgb24gdGhlIGhhc2ggYWxnb3JpdGhtIHN0 cmVuZ3RoIGFuZCB0aGUgbGVuZ3RoIG9mIHRoZSBoYXNoDQo+ICDCoMKgIG91dHB1dCB1c2VkLsKg IFRocm91Z2ggSElQdjIgW1JGQyA3NDAxXSwgdGhpcyByZXNpc3RhbmNlIGlzIDk2IGJpdHMNCj4g IMKgwqAgKGxlc3MgdGhhbiB0aGUgMTI4IGJpdCB3aWR0aCBvZiBhbiBJUHY2IGFkZHJlc3MgZmll bGQgZHVlIHRvIHRoZQ0KPiAgwqDCoCBwcmVzZW5jZSBvZiB0aGUgT1JDSElEIHByZWZpeCBbUkZD NzM0M10pLsKgIDk2IGJpdHMgb2YgcmVzaXN0YW5jZQ0KPiAgwqDCoCB3YXMgY29uc2lkZXJlZCBh Y2NlcHRhYmxlIHN0cmVuZ3RoIGR1cmluZyB0aGUgZGVzaWduIG9mIEhJUCwgYnV0IG1heQ0KPiAg wqDCoCBldmVudHVhbGx5IGJlIGNvbnNpZGVyZWQgaW5zdWZmaWNpZW50IGZvciB0aGUgdGhyZWF0 IG1vZGVsIG9mIGFuDQo+ICDCoMKgIGVudmlzaW9uZWQgZGVwbG95bWVudC7CoCBPbmUgcG9zc2li bGUgbWl0aWdhdGlvbiB3b3VsZCBiZSB0byBhdWdtZW50DQo+ICDCoMKgIHRoZSB1c2Ugb2YgSElU cyBpbiB0aGUgZGVwbG95bWVudCB3aXRoIHRoZSBISXMgdGhlbXNlbHZlcyAoYW5kDQo+ICDCoMKg IG1lY2hhbmlzbXMgdG8gc2VjdXJlbHkgYmluZCB0aGUgSElzIHRvIHRoZSBISVRzKSwgc28gdGhh dCB0aGUgSEkNCj4gIMKgwqAgYmVjb21lcyB0aGUgZmluYWwgYXV0aG9yaXR5LsKgIEl0IGFsc28g bWF5IGJlIHBvc3NpYmxlIHRvIGluY3JlYXNlDQo+ICDCoMKgIHRoZSBkaWZmaWN1bHR5IG9mIGJy dXRlIGZvcmNlIGF0dGFjayBieSBtYWtpbmcgdGhlIGdlbmVyYXRpb24gb2YgdGhlDQo+ICDCoMKg IEhJIG1vcmUgY29tcHV0YXRpb25hbGx5IGRpZmZpY3VsdCwgc3VjaCBhcyB0aGUgaGFzaCBleHRl bnNpb24NCj4gIMKgwqAgYXBwcm9hY2ggb2YgU0VORCBDR0FzIFtSRkMgMzk3Ml0sIGFsdGhvdWdo IHRoZSBISVAgc3BlY2lmaWNhdGlvbnMNCj4gIMKgwqAgdGhyb3VnaCBISVB2MiBkbyBub3QgcHJv dmlkZSBzdWNoIGEgbWVjaGFuaXNtLsKgIEZpbmFsbHksIGRlcGxveW1lbnRzDQo+ICDCoMKgIHRo YXQgZG8gbm90IHVzZSBPUkNISURzIChzdWNoIGFzIGNlcnRhaW4gdHlwZXMgb2Ygb3ZlcmxheSBu ZXR3b3JrcykNCj4gIMKgwqAgbWlnaHQgYWxzbyB1c2UgdGhlIGZ1bGwgMTI4LWJpdCB3aWR0aCBv ZiBhbiBJUHY2IGFkZHJlc3MgZmllbGQgZm9yDQo+ICDCoMKgIHRoZSBISVQuDQoNCnRoYW5rcyEg RXJpYywgZG9lcyB0aGlzIGFkZHJlc3MgeW91ciBjb25jZXJucz8NCg0K