Am 08.01.2009 um 11:48 schrieb Pekka Nikander:
With respect to security in LHIP by using hash-chains, we consider
them for LISP, but requires 3 to 4 packet exchanges, so a non-
starter.
I don't think so, but I'm no longer an expert there. (I used to
know crypto protocols around 1998-2002, but I no longer can claim
so.) For unprotected opportunistic case, I think you can simply
send your hash anchors in the opening packet.
Regarding LHIP and authentication delay: The question is if this is
about the payload channel (1), the signaling (2), or the initial
handshake (as done by HIP) (3).
1. LHIP does not protect payload. Hence, there is no added security as
well as no penalty in terms of additional packets and delay (in
comparison to plain IP).
2. For signaling messages, LHIP uses delayed secret disclosure and
requires three packets to be sent. Signaling events are quite rare for
HIP.
3. Regarding the initial handshake: If one doesn't care about
compatibility/interoperability between LHIP and HIP hosts, one could
probably reduce the number of required handshake packets. LHIP uses
the 4-way handshake for being as close to HIP as possible. When moving
away from HIP one could indeed just send the anchors in the first data
packet and still have hash-chain-signature protected signaling later
but that is not what LHIP does right now.
Tobias
_______________________________________________
rrg mailing list
[email protected]
https://www.irtf.org/mailman/listinfo/rrg
--
Dipl.-Inform. Tobias Heer, Ph.D. Student
Distributed Systems Group
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer
_______________________________________________
rrg mailing list
[email protected]
https://www.irtf.org/mailman/listinfo/rrg
