Although draft-moskowitz-hip-dex-04 expired yesterday, I have been
active with it as follows:
IEEE 802.15.9 references both HIP BEX and DEX. This Recommended
Standard will be starting IEEE Sponsor Ballot recirculation #2 Jan 21 on
a 10 day voting cycle. We anticipate our one NO voter to
-hip-dex-04.txt
Date: Sun, 19 Jul 2015 23:15:57 -0700
From: internet-dra...@ietf.org
To: Rene Hummen hum...@comsys.rwth-aachen.de, Rene Hummen
hum...@comsys.rwth-aachen.de, Robert Moskowitz r...@htt-consult.com,
Robert Moskowitz r...@htt-consult.com
A new version of I-D, draft-moskowitz
Miika and I are working to finish 4423-bis.
Outside of the WG, Rene and I are working to finish HIP-DEX. I can
submit this as an independent submission, or the workgroup can submit
it. I should note that it is now being referenced by Zigbee (and IEEE
802.15.9), so I really have to finish
Short time frame, as I really need to get this done before the end of
next week. Actually first draft this week would be good.
Any one interested I can provide the current 802.15.9 draft.
All the public 802.15.9 documents are at:
., (if memory
serves me well) with some copy protection schemes, such as DTCP.
I hope this helps.
Best regards,
Rene
On 08/08/2012 9:24 AM, Robert Moskowitz wrote:
For low security we have SECP160R1 from:
[SECG] SECG, Recommended Elliptic Curve Domain
I have been silent the past month for a sad, work, reason.
On Oct 24, Verizon did a major product realignment and the group I am in
was tagged for termination the end of the year. We were told that there
would be openings in other groups.
I have spent the past 6 weeks putting together
On 07/22/2014 04:04 PM, Julien Laganier wrote:
Pls. see:
http://www.iana.org/assignments/iana-ipv6-special-registry
I am assuming a different prefix will help interop between HIP and HIPv2.
___
Hipsec mailing list
Hipsec@ietf.org
On 07/21/2014 08:51 PM, Henry B Hotz wrote:
The basic issue, as always, is interoperability. NULL should not be an
interoperable *operational* capability.
In this regard, I have a hard time distinguishing between NULL with
HMAC-SHA256 and CMAC or GMAC.
With this (secure communications)
On 07/22/2014 11:26 AM, Michael Richardson wrote:
Ted Lemon ted.le...@nominum.com wrote:
It is a switch to request integrity only. Or to only allow integrity
only. Either party MUST be able to reject an integrity only
negotiation.
That's not good enough. It should be
Sent to the HIPSEC list from my HIPSEC user:
The downgrade attack in HIP (RFC 5201-bis) is hard. R1 is a signed
payload, and in many use cases, the Initiator has pre-deteremined the
Responder's HI and HIT so it can check the SIG before processing the ESP
TRANSFORM parameters. In sensornets
On 07/08/2014 06:33 AM, Stephen Farrell wrote:
Thanks Tom,
On 08/07/14 05:54, Tom Henderson wrote:
Hi all,
Apologies for cross-posting, but Stephen Farrell raised a DISCUSS
(seconded by Kathleen Moriarty) in the IESG evaluation of RFC 5202-bis:
Using the Encapsulating Security Payload
On 07/02/2014 11:32 AM, Miika Komu wrote:
Hi,
On 07/02/2014 05:26 PM, Miika Komu wrote:
Hi,
On 06/30/2014 08:46 PM, Tom Taylor wrote:
3) Section 5.2.18: given the strict ordering of HIP parameters, the
initial
plaintext for the Encrypted content (type and length of initial
parameter) may be
I have thought a lot about this and generally it works out bad no matter
how you slice it. Well, if I was writing the network kernel, I would
incorporate Teredo so that all interfaces presented an IPv6 address at
all times and if it had a 'native' IPv6 would not use Teredo. Basically
tying
At times I would like to strangle myself. WHY did I ever create private
addresses for IPv4 and thus create a market for NAT boxes? Well if
I have not been involved, it would have still happened. The use cases
were out there and ROAD was dead. Enough handwringing. We have Nasty
NATs
On 05/19/2014 02:53 PM, Miika Komu wrote:
Hi,
On 05/19/2014 09:08 PM, Robert Moskowitz wrote:
I have a real need to provide ESP tunnel mode from a HIP client to a
gateway. The world just won't go as nicely as I would have wanted it
to.
location-based security is old fashioned
I have a real need to provide ESP tunnel mode from a HIP client to a
gateway. The world just won't go as nicely as I would have wanted it to.
In the HIPL manual, there is an example of running OpenVPN within the
BEET ESP connection, but I don't think that ends up with the same as ESP
tunnel
me how easy this is to handle.
On 05/19/2014 02:08 PM, Robert Moskowitz wrote:
I have a real need to provide ESP tunnel mode from a HIP client to a
gateway. The world just won't go as nicely as I would have wanted it to.
In the HIPL manual, there is an example of running OpenVPN within
On 05/19/2014 02:14 PM, Robert Moskowitz wrote:
More thoughts. 2 reserved bits can be used:
1 bit to indicate tunnel rather than transport
1 bit to indicate IPv4 or IPv6 tunnel addressing
Initially use the HIT/LSI to carry DHCP/RA packets through tunnel?
Though LSI is a bit messy. Though
.
On 05/05/2014 04:50 PM, Robert Moskowitz wrote:
On 05/05/2014 04:23 PM, Rene Struik wrote:
Hi Bob:
Let me clarify, the quantity p(k,n) below is the probability that k
randomly picked elements taken from an n-set are all different (i.e.,
no collision occurs). You may be looking
/wiki/Birthday_problem
On 5/4/14, 8:40 AM, Robert Moskowitz r...@htt-consult.com wrote:
What population of HIs is needed for a 1%, 10%, 50% probability of a HIT
collision?
I had the math once (like back in '99 or '00) and can't find it
(probably did not survive the Eudora to Thunderbird
On 05/04/2014 11:40 AM, Robert Moskowitz wrote:
What population of HIs is needed for a 1%, 10%, 50% probability of a
HIT collision?
I had the math once (like back in '99 or '00) and can't find it
(probably did not survive the Eudora to Thunderbird migration).
Thought I actually had
am doing something wrong in LibreCalc with the formula:
=EXP(-(B6^2)/(2*C6))
Where B6 is the cell with K (3.86e+12) and C6 is n (2^96). I am getting
an answer of 99%.
Rene
On 5/5/2014 2:50 PM, Robert Moskowitz wrote:
On 05/04/2014 11:40 AM, Robert Moskowitz wrote:
What population of HIs
I need review of the HIP portion of the 802.15.9 document. Since this
is a 'private' p802 document I cannot make it publicly available. As
the 802.15.9 chair I can designate outside reviewers; like a couple, not
a couple hundred.
Plus the HIP content needs work.
Best helper is someone(s)
I will publish an ID today with all changes so far. Given my Holiday
schedule through the 10th, I want to keep things current.
Will take a bit to work through a couple of these recommendations, but
here is most:
On 09/27/2012 12:27 AM, Henderson, Thomas R wrote:
I had another read through
Great review. Thank you. Just some quick notes (Hoiidays through Oct
11 and I only have a few work hours until then and I got kicked out of
my office as it is also a guest room; working in my NOC).
On 09/27/2012 12:27 AM, Henderson, Thomas R wrote:
I had another read through of
We have tried to limit the suites supported in 5202 and have our own
suite list, different from:
http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xml
In part this is good as many of those suites are old and should be just
lost. But some are marginially important and it is
I really should know this, and if I dig a bit, I will find it I suspect,
but are UDP apps (eg tftp) bound to IP addresses as TCP apps (via the
TCB). Is there a UCB? I can't find my intro to TCP/IP by Stevens book
Why I ask, you ask?
I am assuming the same address mapping is occuring in
in State Machine, EC - Exchange Compete
And of course this is also Elliptic Curve. Now in BEX we never
reference just EC, only ECDH and ECDSA. But I already have one
commenter on this one.
___
Hipsec mailing list
Hipsec@ietf.org
On 06/27/2012 01:10 AM, Henderson, Thomas R wrote:
Regarding this open issue, which I posted about on June 18 [*], I propose the
following changes to the RFC 5201-bis text:
1) Section 3
OLD TEXT:
HIP implementations MUST support the Rivest Shamir Adelman (RSA)
[RFC3110] public key
I agree. This is pretty much all we need to say about this.
On 06/27/2012 01:19 AM, Henderson, Thomas R wrote:
This was already proposed to the list a while back:
http://www.ietf.org/mail-archive/web/hipsec/current/msg03462.html
so I'd like to close this issue by adopting the proposed text;
101 - 130 of 130 matches
Mail list logo