Re: [Hipsec] Fwd: New Version Notification for draft-ietf-hip-dex-12.txt
Hi, ke, 2020-02-12 kello 17:20 +, Jeff Ahrenholz kirjoitti: > > I believe this version answers all the IESG issues. > > > > Please review, there are some important additions. > > > > EKR had a number of security concerns. Some I feel don't apply to > > HIP, like use an AEAD for HIP packet security. > > > > But there are a number of added sections, particularly in Security > > Considerations that are worth the group's review that I have things > > stated properly. > > > > Also there is a new parameter, I_NONCE to add Initiator randomness > > into the Master Key generation. There is some cleanup in the > > KEYMAT section to reflect this. > > > > So please take a read through. > > I took a look at the new I_NONCE parameter... > > Regarding this statement (Section 5.2.6): > "The I_NONCE parameter encapsulates a random value that is later used > in the Master key creation process (see Section 6.3)." > > Looking at Section 6.3 HIP DEX KEYMAT Generation, it discusses using > Diffie-Hellman derived key Kij, but I don't see anything about using > I_NONCE. There is a random #I provided by the Responder from the > PUZZLE parameter, but nothing about a random I_NONCE supplied by the > Initiator. thanks for catching this! This occurred due to a html comment inside a figure (xml2rfc team is working on a fix). Here is the fixed document: https://tools.ietf.org/html/draft-ietf-hip-dex-13#section-6.3 > minor nits: > s/when key is smaller or equal to 128 bits/when the key is smaller or > equal to 128 bits/ > In Section 4.1.1 HIP Puzzle Mechanism, the links (HTML version) to > RFC 7401 sections 4.1.1 and 4.1.2 do not link to RFC 7401 but to the > dex draft. apparently this has to be fixed manually in collaboration with the RFC editor. ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
[Hipsec] I-D Action: draft-ietf-hip-dex-13.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol WG of the IETF. Title : HIP Diet EXchange (DEX) Authors : Robert Moskowitz Rene Hummen Miika Komu Filename: draft-ietf-hip-dex-13.txt Pages : 58 Date: 2020-02-14 Abstract: This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. The HIP DEX protocol is primarily designed for computation or memory- constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. Unlike HIPv2, HIP DEX does not support Perfect Forward Secrecy (PFS), and MUST only be used on devices where PFS is prohibitively expensive. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-dex/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-hip-dex-13 https://datatracker.ietf.org/doc/html/draft-ietf-hip-dex-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-dex-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec