From mkomu@cs.hut.fi Sun Jan 1 21:46:22 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB9E921F8491; Sun, 1 Jan 2012 21:46:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.299 X-Spam-Level: X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5y+kXYOavBxw; Sun, 1 Jan 2012 21:46:17 -0800 (PST) Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by ietfa.amsl.com (Postfix) with ESMTP id E6D1A21F84A9; Sun, 1 Jan 2012 21:46:16 -0800 (PST) Received: from hutcs.cs.hut.fi ([130.233.192.10] helo=[127.0.0.1]) by mail.cs.hut.fi with esmtp (Exim 4.54) id 1Rhair-0002Eq-0n; Mon, 02 Jan 2012 07:46:13 +0200 Message-ID: <4F0144A5.5030101@cs.hut.fi> Date: Mon, 02 Jan 2012 07:46:13 +0200 From: Miika Komu User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111108 Thunderbird/3.1.16 MIME-Version: 1.0 To: =?windows-1252?Q?Ren=E9_Hummen?= References: <04D43087-E2BF-464F-BE5E-D57FC3FFA746@cs.rwth-aachen.de> <4EC15495.3000700@gmail.com> <4EC5B600.1040700@gmail.com> <4EEF5D92.5020503@gmail.com> <02E1CC7E-A9A4-4051-A0FA-7D12E9EF371C@cs.rwth-aachen.de> In-Reply-To: <02E1CC7E-A9A4-4051-A0FA-7D12E9EF371C@cs.rwth-aachen.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Cc: hipsec@ietf.org, core Subject: Re: [Hipsec] [core] [hiprg] Research topics discussion - meeting suggestion: Wednesday 7:30pm X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jan 2012 05:46:22 -0000 Hi, I sent privately a number of references for Struik but here's the most essential ones. Regarding to ease-of-use considerations, and UIA [1] extends HIP-like security to user-level identities. We have also conducted some usability tests with a HIP GUI [2] earlier. Regarding to security, references [3,4] are worth checking out because they have helped to improve the security in HIP. [1] http://www.pdos.lcs.mit.edu/papers/uia:osdi06.pdf [2] Kristiina Karvonen, Miika Komu and Andrei Gurtov, Usable Security Management with Host Identity Protocol, published in The 7th ACS/IEEE International Conference on Computer Systems and Applications (AICCSA-2009) [3] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)", RFC 5869, May 2010. [4] Aura, T., Nagarajan, A., and A. Gurtov, "Analysis of the HIP Base Exchange Protocol", in Proceedings of 10th Australasian Conference on Information Security and Privacy, July 2003. On 31/12/11 19:04, René Hummen wrote: > Hello René, > > this email contains a few references to papers regarding the security properties and embedding of HIP in today's network environments. > > First of all, HIP is a SIGMA-compliant key exchange protocol [1]. To be exact, it is a derivate of the basic protocol described in Section 5.1, as the HIP BEX is triggered by a separate (empty) message that is not included in the SIGMA protocol family. This allows HIP to perform DoS protection against exhaustive public key-based operations by the responder by means of cryptographic puzzles. Furthermore, the public key (A) of the responder is already sent in the first response message. However, this does not impact the security properties, but rather the anonymity of the responder. > > Regarding the usage of HIP, there is a rather comprehensive journal article [2] that describes the architecture as well as the operation system and infrastructure requirements of HIP. It also provides some pointers to further papers that may be worth reading for you. Additionally, Samu Varjonen recently published a paper on the "Secure Resolution of End-Host Identifiers for Mobile Clients" [3]. However, it seems to be inaccessible at the moment. Still, you may want to refer to it at later point in time, as it describes an approach to resolve HITs to IP addresses. > > I hope that this small selection is helping you in understanding the properties of HIP. I would also like to invite other people to contribute to this discussion, e.g., by providing further references relevant for the CoRE WG. > > Regards, > René > > > [1] Krawczyk, H.; SIGMA: The ‘SIGn-and-MAc’ Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols, ADVANCES IN CRYPTOLOGY - CRYPTO 2003 > Lecture Notes in Computer Science, 2003 > [2] Nikander, P.; Gurtov, A.; Henderson, T.R.; Host Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6 Networks, Communications Surveys& Tutorials, IEEE, 2010 > [3] Varjonen, S.; Heer, T.; Rimey, K.; and Gurtov, A.; Secure Resolution of End-Host Identifiers for Mobile Clients, IEEE GLOBECOM, 2011 > On 19.12.2011, at 16:51, Rene Struik wrote: > > >> Perhaps, worth some thoughts under the Christmas tree and then getting back on this one after New Year. >> >> On 17/11/2011 8:33 PM, Rene Struik wrote: >>> Hi fellow-Rene: >>> >>> If you have some papers, I would appreciate. Distributing those would also help removing hurdles to more wide-scale use of HIP (I saw the slides on lack of adoption of HIP). >>> >>> Best regards, Rene >>> >>> >>> On 14/11/2011 12:49 PM, Rene Struik wrote: >>>> Hi fellow-Rene: >>>> >>>> Just curious: is there any research paper outside IETF/IRTF realm that delves into HIP-related matter? On a tangent: same question, but now re cryptographically generated addresses? This may help people to appreciate this effort better, without having to delve into hundreds of pages of specification text that sometimes seems to obscure seeing the forest for the trees (if I translate this properly). I, for one, would love to see 2-3 academic papers that make this subject matter clearer, including security properties, ease-of-use considerations. >>>> >>>> Best regards, Rene >>>> >>>> On 14/11/2011 12:38 PM, René Hummen wrote: >>>>> Hello everyone, >>>>> >>>>> we already had a few discussions on this list about new topics and research directions that would foster collaboration within the context of the hiprg. Hierarchical HITs, IoT-related protocol variants, and middlebox awareness have been mentioned there among others. In my opinion, an informal meeting before the hiprg meeting on Thursdays would be a great opportunity to further discuss about these topics. Furthermore, such a meeting would enable us see who is interested in which field and which are the pros and cons of the different topics as perceived by people in a more comfortable and less hurried way than in an RG meeting. >>>>> >>>>> As most of us will probably be at the social event tomorrow evening, I suggest to meet for dinner/a drink on Wednesday evening at 7:30pm in order to get some discussion going. Due to the lack of knowledge about a better place, let's meet up at the entrance of the convention center (TICC). Please email me if you are interested. >>>>> >>>>> BR >>>>> René >>>>> >>>>> >>>>> >>>>> -- >>>>> Dipl.-Inform. Rene Hummen, Ph.D. Student >>>>> Chair of Communication and Distributed Systems >>>>> RWTH Aachen University, Germany >>>>> tel: +49 241 80 20772 >>>>> web: >>>>> http://www.comsys.rwth-aachen.de/team/rene-hummen/ >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> hiprg mailing list >>>>> >>>>> hiprg@irtf.org >>>>> https://www.irtf.org/mailman/listinfo/hiprg >>>> >>>> >>>> -- >>>> email: >>>> rstruik.ext@gmail.com >>>> >>>> Skype: rstruik >>>> cell: +1 (647) 867-5658 >>>> USA Google voice: +1 (415) 690-7363 >>>> >>> >>> >>> -- >>> email: >>> rstruik.ext@gmail.com >>> >>> Skype: rstruik >>> cell: +1 (647) 867-5658 >>> USA Google voice: +1 (415) 690-7363 >>> >> >> >> -- >> email: >> rstruik.ext@gmail.com >> >> Skype: rstruik >> cell: +1 (647) 867-5658 >> USA Google voice: +1 (415) 690-7363 >> > > > > > -- > Dipl.-Inform. Rene Hummen, Ph.D. Student > Chair of Communication and Distributed Systems > RWTH Aachen University, Germany > tel: +49 241 80 20772 > web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ > > > > > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core From petri.jokela@nomadiclab.com Fri Jan 27 22:54:51 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80A9F21F85AF for ; Fri, 27 Jan 2012 22:54:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPHykNfl2dOu for ; Fri, 27 Jan 2012 22:54:50 -0800 (PST) Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by ietfa.amsl.com (Postfix) with ESMTP id 7045421F85A5 for ; Fri, 27 Jan 2012 22:54:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 11AC44E6E4 for ; Sat, 28 Jan 2012 08:54:44 +0200 (EET) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WTBX8nN2W6Zv for ; Sat, 28 Jan 2012 08:54:42 +0200 (EET) Received: from [IPv6:::1] (inside.nomadiclab.com [10.0.0.2]) by gw.nomadiclab.com (Postfix) with ESMTP id D3B554E67A for ; Sat, 28 Jan 2012 08:54:42 +0200 (EET) From: Petri Jokela Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sat, 28 Jan 2012 08:54:43 +0200 Message-Id: <2DE34438-7FBE-4E90-B429-87A17632A1AE@nomadiclab.com> To: hipsec@ietf.org Mime-Version: 1.0 (Apple Message framework v1251.1) X-Mailer: Apple Mail (2.1251.1) Subject: [Hipsec] HIP ESP, RFC5202-bis, version 02 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jan 2012 06:54:51 -0000 Hi,=20 I updated the RFC5202-bis to -02 and the current pre-version can be = found from:=20 http://jokela.org/ietf/draft-jokela-rfc5202-bis-02-pre1.txt The IESG note is not visible in that. The note said:=20 In case of complex Security Policy Databases (SPDs) and the co-existence of HIP and security-related protocols such as IKE, implementors may encounter conditions that are unspecified in these documents. For example, when the SPD defines an IP address subnet to be protected and a HIP host is residing in that IP address area, there is a possibility that the communication is encrypted multiple times. Readers are advised to pay special attention when running HIP with complex SPD settings. Future specifications should clearly define when multiple encryption is intended, and when it should be avoided. The issue was fixed in the already expired draft version -01 (see = section 3.4). The BEET mode was also added as an appendix (B) in the = earlier version. I made some small modifications to the author list in = this new -02 (Pekka wanted to be delisted) and acknowledgements (Pekka's = contribution added).=20 Any comments? Petri --=20 Petri Jokela Research scientist NomadicLab, Ericsson Research Oy L M Ericsson Ab =20 E-mail: petri.jokela@ericsson.com Mobile: +358 44 299 2413 From mkomu@cs.hut.fi Sat Jan 28 00:47:12 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C7A321F8486 for ; Sat, 28 Jan 2012 00:47:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.449 X-Spam-Level: X-Spam-Status: No, score=-6.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MZOXzFOnkfXE for ; Sat, 28 Jan 2012 00:47:11 -0800 (PST) Received: from mail.cs.hut.fi (mail.cs.hut.fi [130.233.192.7]) by ietfa.amsl.com (Postfix) with ESMTP id D9B3121F84FD for ; Sat, 28 Jan 2012 00:47:10 -0800 (PST) Received: from hutcs.cs.hut.fi ([130.233.192.10] helo=[127.0.0.1]) by mail.cs.hut.fi with esmtp (Exim 4.54) id 1Rr3wD-0002TN-7Y for hipsec@ietf.org; Sat, 28 Jan 2012 10:47:09 +0200 Message-ID: <4F23B5F5.7030504@cs.hut.fi> Date: Sat, 28 Jan 2012 10:46:45 +0200 From: Miika Komu User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111108 Thunderbird/3.1.16 MIME-Version: 1.0 To: hipsec@ietf.org References: <2DE34438-7FBE-4E90-B429-87A17632A1AE@nomadiclab.com> In-Reply-To: <2DE34438-7FBE-4E90-B429-87A17632A1AE@nomadiclab.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Hipsec] HIP ESP, RFC5202-bis, version 02 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jan 2012 08:47:12 -0000 Hi, On 28/01/12 08:54, Petri Jokela wrote: > Hi, > > I updated the RFC5202-bis to -02 and the current pre-version can be > found from: > > http://jokela.org/ietf/draft-jokela-rfc5202-bis-02-pre1.txt > > The IESG note is not visible in that. The note said: > > In case of complex Security Policy Databases (SPDs) and the > co-existence of HIP and security-related protocols such as IKE, > implementors may encounter conditions that are unspecified in these > documents. For example, when the SPD defines an IP address subnet to > be protected and a HIP host is residing in that IP address area, > there is a possibility that the communication is encrypted multiple > times. Readers are advised to pay special attention when running HIP > with complex SPD settings. Future specifications should clearly > define when multiple encryption is intended, and when it should be > avoided. > > The issue was fixed in the already expired draft version -01 (see > section 3.4). The BEET mode was also added as an appendix (B) in the > earlier version. I made some small modifications to the author list > in this new -02 (Pekka wanted to be delisted) and acknowledgements > (Pekka's contribution added). > > Any comments? seems ok to me. From petri.jokela@nomadiclab.com Sat Jan 28 13:30:15 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB18F21F8547 for ; Sat, 28 Jan 2012 13:30:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6zdONUcvutJW for ; Sat, 28 Jan 2012 13:30:14 -0800 (PST) Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by ietfa.amsl.com (Postfix) with ESMTP id AF3FD21F84F2 for ; Sat, 28 Jan 2012 13:30:13 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 68A474E6E6; Sat, 28 Jan 2012 23:30:09 +0200 (EET) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wMHC7-y1W0QN; Sat, 28 Jan 2012 23:30:08 +0200 (EET) Received: from [IPv6:::1] (inside.nomadiclab.com [10.0.0.2]) by gw.nomadiclab.com (Postfix) with ESMTP id 1B0B64E67A; Sat, 28 Jan 2012 23:30:08 +0200 (EET) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=us-ascii From: Petri Jokela In-Reply-To: <4F23B5F5.7030504@cs.hut.fi> Date: Sat, 28 Jan 2012 23:30:07 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <259A3101-FA95-4422-B191-B1047DBD8A6B@nomadiclab.com> References: <2DE34438-7FBE-4E90-B429-87A17632A1AE@nomadiclab.com> <4F23B5F5.7030504@cs.hut.fi> To: Miika Komu X-Mailer: Apple Mail (2.1251.1) Cc: hipsec@ietf.org Subject: Re: [Hipsec] HIP ESP, RFC5202-bis, version 02 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jan 2012 21:30:15 -0000 It seems that there I had a wrong xml-version and Jan had edited few = lines for the official -01 version. This should now be the correct = version, containing all the modifications: http://jokela.org/ietf/draft-jokela-hip-rfc5202-bis-02-pre2.txt Petri On 28.1.2012, at 10.46, Miika Komu wrote: > Hi, >=20 > On 28/01/12 08:54, Petri Jokela wrote: >> Hi, >>=20 >> I updated the RFC5202-bis to -02 and the current pre-version can be >> found from: >>=20 >> http://jokela.org/ietf/draft-jokela-rfc5202-bis-02-pre1.txt >>=20 >> The IESG note is not visible in that. The note said: >>=20 >> In case of complex Security Policy Databases (SPDs) and the >> co-existence of HIP and security-related protocols such as IKE, >> implementors may encounter conditions that are unspecified in these >> documents. For example, when the SPD defines an IP address subnet to >> be protected and a HIP host is residing in that IP address area, >> there is a possibility that the communication is encrypted multiple >> times. Readers are advised to pay special attention when running HIP >> with complex SPD settings. Future specifications should clearly >> define when multiple encryption is intended, and when it should be >> avoided. >>=20 >> The issue was fixed in the already expired draft version -01 (see >> section 3.4). The BEET mode was also added as an appendix (B) in the >> earlier version. I made some small modifications to the author list >> in this new -02 (Pekka wanted to be delisted) and acknowledgements >> (Pekka's contribution added). >>=20 >> Any comments? >=20 > seems ok to me. > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From thomas.r.henderson@boeing.com Sun Jan 29 21:15:20 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7734321F855E for ; Sun, 29 Jan 2012 21:15:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.599 X-Spam-Level: X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3BkEiBOMt4Mf for ; Sun, 29 Jan 2012 21:15:19 -0800 (PST) Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by ietfa.amsl.com (Postfix) with ESMTP id ECB0D21F84F2 for ; Sun, 29 Jan 2012 21:15:17 -0800 (PST) Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id q0U5G3SG025919 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sun, 29 Jan 2012 23:16:04 -0600 (CST) Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q0U5FDHt017293; Sun, 29 Jan 2012 21:15:13 -0800 (PST) Received: from XCH-NWHT-03.nw.nos.boeing.com (xch-nwht-03.nw.nos.boeing.com [130.247.71.23]) by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q0U5FCsc017280 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Sun, 29 Jan 2012 21:15:12 -0800 (PST) Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-03.nw.nos.boeing.com ([130.247.71.23]) with mapi; Sun, 29 Jan 2012 21:15:12 -0800 From: "Henderson, Thomas R" To: "'Petri Jokela'" Date: Sun, 29 Jan 2012 21:15:11 -0800 Thread-Topic: [Hipsec] HIP ESP, RFC5202-bis, version 02 Thread-Index: AczeBArPS9geik3lTtq/71SZKUa7EwBCWUHw Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CF2319E04@XCH-NW-10V.nw.nos.boeing.com> References: <2DE34438-7FBE-4E90-B429-87A17632A1AE@nomadiclab.com> <4F23B5F5.7030504@cs.hut.fi> <259A3101-FA95-4422-B191-B1047DBD8A6B@nomadiclab.com> In-Reply-To: <259A3101-FA95-4422-B191-B1047DBD8A6B@nomadiclab.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "hipsec@ietf.org" Subject: Re: [Hipsec] HIP ESP, RFC5202-bis, version 02 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2012 05:15:20 -0000 > -----Original Message----- > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On > Behalf Of Petri Jokela > Sent: Saturday, January 28, 2012 1:30 PM > To: Miika Komu > Cc: hipsec@ietf.org > Subject: Re: [Hipsec] HIP ESP, RFC5202-bis, version 02 >=20 > It seems that there I had a wrong xml-version and Jan had edited few > lines for the official -01 version. This should now be the correct > version, containing all the modifications: >=20 > http://jokela.org/ietf/draft-jokela-hip-rfc5202-bis-02-pre2.txt >=20 Petri, one small change: the list of mandatory keying algorithms at the en= d of Section 7 hasn't been updated for the new mandatory algorithms (draft-= ietf-hip-rfc5201-bis-07, Section 6.5). However, I would recommend to inste= ad reference Section 6.5 of RFC5201-bis rather than duplicate the text here= (such as by saying "The number of bits drawn for a given algorithm is the = "natural" size of the keys, as specified in Section 6.5 of [RFC5201-bis].") Speaking of which, shouldn't RFC5201 be a normative reference? I am not aware of any major open issues with this draft. - Tom From petri.jokela@nomadiclab.com Mon Jan 30 00:22:37 2012 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B420E21F84FF for ; Mon, 30 Jan 2012 00:22:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xndUkw0WTTW for ; Mon, 30 Jan 2012 00:22:36 -0800 (PST) Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by ietfa.amsl.com (Postfix) with ESMTP id 6507A21F84EB for ; Mon, 30 Jan 2012 00:22:36 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id BEFA24E6BD; Mon, 30 Jan 2012 10:22:34 +0200 (EET) X-Virus-Scanned: amavisd-new at nomadiclab.com Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GkdZS8gQQYiA; Mon, 30 Jan 2012 10:22:33 +0200 (EET) Received: from [IPv6:::1] (inside.nomadiclab.com [10.0.0.2]) by gw.nomadiclab.com (Postfix) with ESMTP id AD3AF4E67A; Mon, 30 Jan 2012 10:22:33 +0200 (EET) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=us-ascii From: Petri Jokela In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4CF2319E04@XCH-NW-10V.nw.nos.boeing.com> Date: Mon, 30 Jan 2012 10:22:33 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <734F46B1-DB55-4D99-BB70-FA530A2898BA@nomadiclab.com> References: <2DE34438-7FBE-4E90-B429-87A17632A1AE@nomadiclab.com> <4F23B5F5.7030504@cs.hut.fi> <259A3101-FA95-4422-B191-B1047DBD8A6B@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4CF2319E04@XCH-NW-10V.nw.nos.boeing.com> To: "Henderson, Thomas R" X-Mailer: Apple Mail (2.1251.1) Cc: "hipsec@ietf.org" Subject: Re: [Hipsec] HIP ESP, RFC5202-bis, version 02 X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2012 08:22:37 -0000 Hi,=20 I updated the text in section 7. I also moved the 5201 reference to = Normative. I think I have put it to the wrong place when I changed it = from 5201 to 5201-bis. Current version: http://jokela.org/ietf/draft-jokela-hip-rfc5202-bis-02-pre3.txt Petri >=20 >=20 >> -----Original Message----- >> From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On >> Behalf Of Petri Jokela >> Sent: Saturday, January 28, 2012 1:30 PM >> To: Miika Komu >> Cc: hipsec@ietf.org >> Subject: Re: [Hipsec] HIP ESP, RFC5202-bis, version 02 >>=20 >> It seems that there I had a wrong xml-version and Jan had edited few >> lines for the official -01 version. This should now be the correct >> version, containing all the modifications: >>=20 >> http://jokela.org/ietf/draft-jokela-hip-rfc5202-bis-02-pre2.txt >>=20 >=20 > Petri, one small change: the list of mandatory keying algorithms at = the end of Section 7 hasn't been updated for the new mandatory = algorithms (draft-ietf-hip-rfc5201-bis-07, Section 6.5). However, I = would recommend to instead reference Section 6.5 of RFC5201-bis rather = than duplicate the text here (such as by saying "The number of bits = drawn for a given algorithm is the "natural" size of the keys, as = specified in Section 6.5 of [RFC5201-bis].") >=20 > Speaking of which, shouldn't RFC5201 be a normative reference? >=20 > I am not aware of any major open issues with this draft. >=20 > - Tom >=20