I agree. This is pretty much all we need to say about this.
On 06/27/2012 01:19 AM, Henderson, Thomas R wrote:
This was already proposed to the list a while back:
http://www.ietf.org/mail-archive/web/hipsec/current/msg03462.html
so I'd like to close this issue by adopting the proposed text;
On 06/27/2012 01:10 AM, Henderson, Thomas R wrote:
Regarding this open issue, which I posted about on June 18 [*], I propose the
following changes to the RFC 5201-bis text:
1) Section 3
OLD TEXT:
HIP implementations MUST support the Rivest Shamir Adelman (RSA)
[RFC3110] public key
in State Machine, EC - Exchange Compete
And of course this is also Elliptic Curve. Now in BEX we never
reference just EC, only ECDH and ECDSA. But I already have one
commenter on this one.
___
Hipsec mailing list
Hipsec@ietf.org
We have tried to limit the suites supported in 5202 and have our own
suite list, different from:
http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xml
In part this is good as many of those suites are old and should be just
lost. But some are marginially important and it is
I really should know this, and if I dig a bit, I will find it I suspect,
but are UDP apps (eg tftp) bound to IP addresses as TCP apps (via the
TCB). Is there a UCB? I can't find my intro to TCP/IP by Stevens book
Why I ask, you ask?
I am assuming the same address mapping is occuring in
Great review. Thank you. Just some quick notes (Hoiidays through Oct
11 and I only have a few work hours until then and I got kicked out of
my office as it is also a guest room; working in my NOC).
On 09/27/2012 12:27 AM, Henderson, Thomas R wrote:
I had another read through of
I will publish an ID today with all changes so far. Given my Holiday
schedule through the 10th, I want to keep things current.
Will take a bit to work through a couple of these recommendations, but
here is most:
On 09/27/2012 12:27 AM, Henderson, Thomas R wrote:
I had another read through
I need review of the HIP portion of the 802.15.9 document. Since this
is a 'private' p802 document I cannot make it publicly available. As
the 802.15.9 chair I can designate outside reviewers; like a couple, not
a couple hundred.
Plus the HIP content needs work.
Best helper is someone(s)
/wiki/Birthday_problem
On 5/4/14, 8:40 AM, Robert Moskowitz r...@htt-consult.com wrote:
What population of HIs is needed for a 1%, 10%, 50% probability of a HIT
collision?
I had the math once (like back in '99 or '00) and can't find it
(probably did not survive the Eudora to Thunderbird
On 05/04/2014 11:40 AM, Robert Moskowitz wrote:
What population of HIs is needed for a 1%, 10%, 50% probability of a
HIT collision?
I had the math once (like back in '99 or '00) and can't find it
(probably did not survive the Eudora to Thunderbird migration).
Thought I actually had
am doing something wrong in LibreCalc with the formula:
=EXP(-(B6^2)/(2*C6))
Where B6 is the cell with K (3.86e+12) and C6 is n (2^96). I am getting
an answer of 99%.
Rene
On 5/5/2014 2:50 PM, Robert Moskowitz wrote:
On 05/04/2014 11:40 AM, Robert Moskowitz wrote:
What population of HIs
.
On 05/05/2014 04:50 PM, Robert Moskowitz wrote:
On 05/05/2014 04:23 PM, Rene Struik wrote:
Hi Bob:
Let me clarify, the quantity p(k,n) below is the probability that k
randomly picked elements taken from an n-set are all different (i.e.,
no collision occurs). You may be looking
I have a real need to provide ESP tunnel mode from a HIP client to a
gateway. The world just won't go as nicely as I would have wanted it to.
In the HIPL manual, there is an example of running OpenVPN within the
BEET ESP connection, but I don't think that ends up with the same as ESP
tunnel
me how easy this is to handle.
On 05/19/2014 02:08 PM, Robert Moskowitz wrote:
I have a real need to provide ESP tunnel mode from a HIP client to a
gateway. The world just won't go as nicely as I would have wanted it to.
In the HIPL manual, there is an example of running OpenVPN within
On 05/19/2014 02:14 PM, Robert Moskowitz wrote:
More thoughts. 2 reserved bits can be used:
1 bit to indicate tunnel rather than transport
1 bit to indicate IPv4 or IPv6 tunnel addressing
Initially use the HIT/LSI to carry DHCP/RA packets through tunnel?
Though LSI is a bit messy. Though
On 05/19/2014 02:53 PM, Miika Komu wrote:
Hi,
On 05/19/2014 09:08 PM, Robert Moskowitz wrote:
I have a real need to provide ESP tunnel mode from a HIP client to a
gateway. The world just won't go as nicely as I would have wanted it
to.
location-based security is old fashioned
At times I would like to strangle myself. WHY did I ever create private
addresses for IPv4 and thus create a market for NAT boxes? Well if
I have not been involved, it would have still happened. The use cases
were out there and ROAD was dead. Enough handwringing. We have Nasty
NATs
I have thought a lot about this and generally it works out bad no matter
how you slice it. Well, if I was writing the network kernel, I would
incorporate Teredo so that all interfaces presented an IPv6 address at
all times and if it had a 'native' IPv6 would not use Teredo. Basically
tying
On 07/02/2014 11:32 AM, Miika Komu wrote:
Hi,
On 07/02/2014 05:26 PM, Miika Komu wrote:
Hi,
On 06/30/2014 08:46 PM, Tom Taylor wrote:
3) Section 5.2.18: given the strict ordering of HIP parameters, the
initial
plaintext for the Encrypted content (type and length of initial
parameter) may be
On 07/08/2014 06:33 AM, Stephen Farrell wrote:
Thanks Tom,
On 08/07/14 05:54, Tom Henderson wrote:
Hi all,
Apologies for cross-posting, but Stephen Farrell raised a DISCUSS
(seconded by Kathleen Moriarty) in the IESG evaluation of RFC 5202-bis:
Using the Encapsulating Security Payload
Sent to the HIPSEC list from my HIPSEC user:
The downgrade attack in HIP (RFC 5201-bis) is hard. R1 is a signed
payload, and in many use cases, the Initiator has pre-deteremined the
Responder's HI and HIT so it can check the SIG before processing the ESP
TRANSFORM parameters. In sensornets
On 07/21/2014 08:51 PM, Henry B Hotz wrote:
The basic issue, as always, is interoperability. NULL should not be an
interoperable *operational* capability.
In this regard, I have a hard time distinguishing between NULL with
HMAC-SHA256 and CMAC or GMAC.
With this (secure communications)
On 07/22/2014 11:26 AM, Michael Richardson wrote:
Ted Lemon ted.le...@nominum.com wrote:
It is a switch to request integrity only. Or to only allow integrity
only. Either party MUST be able to reject an integrity only
negotiation.
That's not good enough. It should be
On 07/22/2014 04:04 PM, Julien Laganier wrote:
Pls. see:
http://www.iana.org/assignments/iana-ipv6-special-registry
I am assuming a different prefix will help interop between HIP and HIPv2.
___
Hipsec mailing list
Hipsec@ietf.org
I have been silent the past month for a sad, work, reason.
On Oct 24, Verizon did a major product realignment and the group I am in
was tagged for termination the end of the year. We were told that there
would be openings in other groups.
I have spent the past 6 weeks putting together
., (if memory
serves me well) with some copy protection schemes, such as DTCP.
I hope this helps.
Best regards,
Rene
On 08/08/2012 9:24 AM, Robert Moskowitz wrote:
For low security we have SECP160R1 from:
[SECG] SECG, Recommended Elliptic Curve Domain
Short time frame, as I really need to get this done before the end of
next week. Actually first draft this week would be good.
Any one interested I can provide the current 802.15.9 draft.
All the public 802.15.9 documents are at:
Miika and I are working to finish 4423-bis.
Outside of the WG, Rene and I are working to finish HIP-DEX. I can
submit this as an independent submission, or the workgroup can submit
it. I should note that it is now being referenced by Zigbee (and IEEE
802.15.9), so I really have to finish
-hip-dex-04.txt
Date: Sun, 19 Jul 2015 23:15:57 -0700
From: internet-dra...@ietf.org
To: Rene Hummen hum...@comsys.rwth-aachen.de, Rene Hummen
hum...@comsys.rwth-aachen.de, Robert Moskowitz r...@htt-consult.com,
Robert Moskowitz r...@htt-consult.com
A new version of I-D, draft-moskowitz
Although draft-moskowitz-hip-dex-04 expired yesterday, I have been
active with it as follows:
IEEE 802.15.9 references both HIP BEX and DEX. This Recommended
Standard will be starting IEEE Sponsor Ballot recirculation #2 Jan 21 on
a 10 day voting cycle. We anticipate our one NO voter to
I have uploaded the current draft with the name change.
I will look at what it will take to add Curve25519 (RFC 7748).
On 03/01/2016 02:58 AM, Gonzalo Camarillo wrote:
Authors of draft-moskowitz-hip-rg-dex,
could you please revise the draft as a WG item? Please, use the
following file name in
algorithm, or a value of ZERO if none.
R2 would have the confirmed value.
NOTIFY could be used to set up IPCOMP (or change it) at a later time.
Comments?
On 03/09/2016 10:20 AM, Robert Moskowitz wrote:
Why did we not create a parameter to negotiate IPCOMP (currently RFC
3173)?
In IKEv2
. Plus with DEX on constrained networks, compression is
even more valuable.
But can you point me to a paper on the TLS compression attack?
On 03/10/2016 02:10 PM, Derek Fawcus wrote:
On Thu, Mar 10, 2016 at 08:29:15AM -0500, Robert Moskowitz wrote:
I have found comp in TLS, RFC 3749, so HIP's ESP
to take your outer envelope that contains your XML and compress the
whole thing.
On 03/10/2016 02:10 PM, Derek Fawcus wrote:
On Thu, Mar 10, 2016 at 08:29:15AM -0500, Robert Moskowitz wrote:
I have found comp in TLS, RFC 3749, so HIP's ESP is the only one missing
compression. How did I miss
Why did we not create a parameter to negotiate IPCOMP (currently RFC 3173)?
In IKEv2 it is negotiated in NOTIFY messages, not the basic exchange and
becomes part of the daughter SA(s).
On contrained networks, IPCOMP could well be of value. Also if HIP is
used to establish the SAs for SSE
Identity Protocol of the IETF.
Title : HIP Diet EXchange (DEX)
Authors : Robert Moskowitz
Rene Hummen
Filename: draft-ietf-hip-dex-02.txt
Pages : 47
Date: 2016-03-21
Abstract
iEEE 802.15.9 is Key Management Transport for 802.15.4. It calls out
support for a number of KMPs defined here in the IETF, including both
HIP BEX and DEX. This is one of the many reasons why I want to get HIP
DEX published as an RFC, as only RFCs can be referenced in a published
IEEE
-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Host Identity Protocol of the IETF.
Title : HIP Diet EXchange (DEX)
Authors : Robert Moskowitz
Rene Hummen
Filename: draft
I invite you all to look at work Sue Hares, I, and a few others have
been doing in developing a Session Layer Service that includes security
at the session layer. FOr IETF reasons, Sue did the top-level draft
within I2NSF:
https://www.ietf.org/internet-drafts/draft-hares-i2nsf-ssls-00.txt
at?
On 07/27/2016 06:19 AM, Robert Moskowitz wrote:
I am looking at a HIT enrollment function using 5403-bis. But why
should the Registrar accept the Register. This is our basic need of
an Out-off-Band process to trust an enrollment.
So assume that some process establishes a PSK between
-hierarchical-hip-00.txt
Date: Wed, 03 Aug 2016 20:37:24 -0700
From: internet-dra...@ietf.org
To: Xiaohu Xu <xuxia...@huawei.com>, Robert Moskowitz
<r...@htt-consult.com>
A new version of I-D, draft-moskowitz-hierarchical-hip-00.txt
has been successfully submitted by Robe
On 09/11/2016 04:06 PM, René Hummen wrote:
Hello Miika,
going through your email again, I saw a total of four suggestions.
Three of them refer to imprecisions in the text of RFC 7401 (which I
copy/pasted for HIP DEX). There, I understood that consistency with
RFC 7401 has a higher priority
I have one question on sec 5.4 before I enter a comment...
On 09/12/2016 03:28 PM, Mirja Kuehlewind wrote:
5) section 5.4: How long will an address be in UNVERIFIED state in case
the verification is not successful (no reply). Is there a timer? How
often will the peer retry the verification
5206-bis specifies how to user RVS for the 'double-jump' mobility problem.
3.2.3 1) says:
1. The mobile host sending an UPDATE to the peer, and not receiving an
ACK, MAY resend the UPDATE to a rendezvous server (RVS) of the peer, if
such a server is known.
But it DOES know there is an RVS
On 09/26/2016 09:08 AM, Miika Komu wrote:
Hi,
On 09/16/2016 02:45 PM, Robert Moskowitz wrote:
On 09/16/2016 06:57 AM, Tom Henderson wrote:
On Thu, 15 Sep 2016, Robert Moskowitz wrote:
5206-bis specifies how to user RVS for the 'double-jump' mobility
problem.
3.2.3 1) says:
1
I cannot remember why we mandated HIP_SIGNATURE in UPDATE packet,
particularly when we have the HIP_MAC. Sec 5.3.5 in 7401.
I am sure we had a good reason, but I am not finding it
thanks
Bob
___
Hipsec mailing list
Hipsec@ietf.org
On 09/19/2016 06:19 AM, Tom Henderson wrote:
Bob, sorry for the delay in replying (inline below)
On 09/13/2016 02:14 AM, Robert Moskowitz wrote:
I have one question on sec 5.4 before I enter a comment...
On 09/12/2016 03:28 PM, Mirja Kuehlewind wrote:
5) section 5.4: How long
drafts minimal to put the proposal together.
Bob
A new version of I-D, draft-moskowitz-hip-based-5gpp-ip-mobility-00.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF repository.
Name:draft-moskowitz-hip-based-5gpp-ip-mobility
Revision:00
Title:HIP
On 09/27/2016 04:58 AM, Miika Komu wrote:
Hi,
On 09/27/2016 03:56 AM, Robert Moskowitz wrote:
On 09/26/2016 09:08 AM, Miika Komu wrote:
Hi,
On 09/16/2016 02:45 PM, Robert Moskowitz wrote:
On 09/16/2016 06:57 AM, Tom Henderson wrote:
On Thu, 15 Sep 2016, Robert Moskowitz wrote
Miika,
Does this draft cover the use case where the mobile HIP device moves
from one NATed network to another. Consider you are in Starbucks and
move next door to Dunkin Donuts.
Your device did this augmented BEX exchange in Starbucks. You walk into
DD and your interface decides the
What is 'co called' in this text:
o In ICE, the conflict when two communicating end-points take the
same controlling role is solved using random values (co called
tie-breaker value). In this protocol, the conflict is solved by
the standard HIP base exchange procedure, where
:59 AM, Miika Komu wrote:
Hi Robert,
yes, mobility support is specified in the draft.
*From:*Robert Moskowitz [mailto:r...@htt-consult.com]
*Sent:* Friday, November 25, 2016 6:33 AM
*To:* Miika Komu <miika.k...@ericsson.com>; hipsec@ietf.org
*Subject:* Re: [Hipsec] I-D Action:
draft-ie
I will start on it Tuesday.
Bob
On 11/20/2016 03:26 AM, Gonzalo Camarillo wrote:
Hi Tom,
thanks. Your comments seem to be the only one we got on this draft
during the WGLC. Authors, could you please revise the draft in order to
address these comments?
Thanks,
Gonzalo
On 20/11/2016 4:32 AM,
... well...
Cheers,
Gonzalo
On 28/10/2016 3:31 AM, Robert Moskowitz wrote:
I just updated a a set of drafts:
These define a Secure Session Layer Service. The last has how to manage
it with HIP and defines some new HIP parameters to negotiate sse and
gpcomp:
https://www.ietf.org/internet-drafts
First, it seems I had problems with my HIP list folder and have not seen
any messages since around May. There here, and I will read them...
Now. Please read:
https://mailarchive.ietf.org/arch/msg/ideas/GbyBs812xGVAN9LFRbpAp3lUuys
And some follow up discussions. Basically IDEAS is targeting
ues: N/A
Nits/editorial comments: N/A
--
Standard Robert Moskowitz
Owner
HTT Consulting
C:248-219-2059
F:248-968-2824
E:r...@labs.htt-consult.com
There's no limit to what can be accomplished if it doesn't matter who
gets the credit
___
Hipsec mailin
On 02/23/2018 03:23 AM, Qin Wu wrote:
Reviewer: Qin Wu
Review result: Ready
Summary:
This document defines the Host Identity Protocol Diet EXchange (HIP
DEX) protocol for constrained devices. The draft is well written. I believe
it is ready for publication.
Major issue: None
Minor
Hello all,
I thank all that have been working away on the last few items while I
have been struggling along.
Recently, I met Stuart Card and Adam Wiethuechter of Axenterprize. They
have in a number of gov projects where they have deployed HIP based
solutions. All quietly on their own.
This is connected to the Trustworthy Multipurpose Remote IDs
(tm-...@ietf.org)
Right now I am working on what a eddsa pki would be that would back up
the proposed HHITs and various repositories. For this I want to
generate some testing HHITs.
These HHITs will be used in x.509 certs as in
I have been working on my Hierarchical HIT drafts. I have been testing
building x.509 certs with them as the SAN. Thing is were do these certs
come from?
So I moved on to when the device uses HIP Registration to register the
HHIT to its Registry, it could present a CSR in the payload and if
I am a bit frustrated here on delays on a number of fronts.
I have been working silently to put some final touches on DEX and
discussions on Native NAT.
But more time on Hierarchical HITs, along with advancements in cryptography.
I am looking for a co-author that is familiar with HIP's
I am working on a new set of crypto for HIP. This is to take advantage
of advancements and hopefully make things better in small things.
I have been looking at FIPS 202 and NIST 800-185 for the new hash and
MACing. In particular SHAKE and KMAC.
Right now, NIST only specifies b=1600 for the
-dra...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz-hip-hierarchical-hit-00.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF repository.
Name: draft-moskowitz-hip-hierarchical-hit
From: internet-dra...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz-hip-hierarchical-hit-00.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF repository.
Name: draft-moskowitz-hip
Forwarded Message
Subject: New Version Notification for
draft-moskowitz-hip-hhit-registries-00.txt
Date: Fri, 13 Sep 2019 07:13:14 -0700
From: internet-dra...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz
On 9/13/19 11:48 AM, Jeff Ahrenholz wrote:
And the new cipher choice is Keyak. For now. How do we get the ESP transform
number assigned? What docs do we need for that?
Probably needs a short RFC, similar to this one?
https://tools.ietf.org/html/rfc4543
Yes, but no AH. Perhaps. I have
I don't have the KEYMAT construction right. I am talking to NIST about
what is needed. Stay tuned.
Close but not quite there.
On 9/15/19 7:30 PM, Robert Moskowitz wrote:
This completes the first set of drafts for tm-rid.
This draft has a couple drafty areas. Particularly in the cipher, I
Message
Subject: New Version Notification for
draft-moskowitz-hip-new-crypto-00.txt
Date: Sun, 15 Sep 2019 16:12:21 -0700
From: internet-dra...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz-hip-new-crypto-00
As part of developing the "Trustworthy Multipurpose Remote ID", I am
going to add new crypto algorithms along the lines that I have in
draft-moskowitz-small-crypto.
The "open' question is that of a PAKE. Would HIP benefit with a PAKE.
I really don't see it, but since I am opening up the
to get enough
information before the parties (FAA and ATSM) like real soon. But there
will be time after that if TM-RID is accepted to finish the work properly.
On 7/3/19 5:35 PM, Robert Moskowitz wrote:
Hello all,
I thank all that have been working away on the last few items while I
have been
Dear HIPsters,
I am in discussion with Ganzalo and Eric about a HIP session in Singapore.
The focus is the new work to support "Trustworthy Multipurpose RemoteID"
with the target user of UAS.
This week I attended the nuair.org UAS Symposium outside of Syracuse NY
and received considerable
Right now I will only reply to the AEAD comment.
I believe this is directed to the HIP_CIPHER parameter and its use in a
number of HIP parameter objects. The ECHO may be encrypted with it and
in DEX we add the PSK.
Since all HIP packets that contain these fields are MACed with HIP_MAC,
it
-0800
From: internet-dra...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz-hip-new-crypto-03.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF repository.
Name: draft-moskowitz-hip-new
Dec 2019 14:07:16 -0800
From: internet-dra...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz-orchid-cshake-00.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF repository.
Name: draft
-moskowitz-hip-hierarchical-hit-03.txt
Date: Mon, 16 Dec 2019 11:22:00 -0800
From: internet-dra...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz-hip-hierarchical-hit-03.txt
has been successfully submitted by Robert
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz-hip-hierarchical-hit-02.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF repository.
Name: draft-moskowitz-hip-hierarchical-hit
Revision: 02
Title: Hierarchical HITs for HIPv2
Document date
Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz-hip-hhit-registries-01.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF repository.
Name: draft-moskowitz-hip-hhit-registries
Revision: 01
Title: Hierarchical HIT Registries
Document date: 2019-10-17
Eric,
I will update the agenda. Work in Progress with also reving Dex draft.
Michael Richardson is triple booked on this time slot, so maybe Carsten
or Henk. Or Daniel Migault.
I will ask around.
I posted a message here on the basics of why HIP (it starts with the
HIT). Stu is working
...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-wiethuechter-tmrid-auth-00.txt
has been successfully submitted by Adam Wiethuechter and posted to the
IETF repository.
Name: draft-wiethuechter-tmrid-auth
Revision: 00
Title: TM-RID
I have updated the TMRID BOF Charter at:
https://trac.tools.ietf.org/bof/trac/wiki/WikiStart
Here it is. Comments/corrections/additions welcomed:
Governmental agencies worldwide, including the United States Federal
Aviation Administration (FAA), are embarking on rule making processes to
The BOF is Tuesday:
1330-1500 Afternoon Session I
VIP A INT tmrid Trustworthy Multipurpose
Remote ID BOF
Hullet IRTF gaia Global Access to the
Internet for All
Padang IRTF maprg Measurement and Analysis for
Fellow HIPsters:
The TM-RID BOF went well. The opinion is to charter TM-RID as a new
workgroup. It will be doing a number of addendum to HIP.
Please join the tm-...@ietf.org list to participate.
Bob
___
Hipsec mailing list
Hipsec@ietf.org
Keyak.
Forwarded Message
Subject: New Version Notification for
draft-moskowitz-hip-new-crypto-01.txt
Date: Wed, 25 Sep 2019 14:35:36 -0700
From: internet-dra...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D
.txt
Date: Thu, 03 Oct 2019 08:23:18 -0700
From: internet-dra...@ietf.org
To: Stuart Card , Adam Wiethuechter
, Robert Moskowitz
, Stuart W. Card
A new version of I-D, draft-moskowitz-hip-new-crypto-02.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF
IESG will be looking for activity here to gauge the interest/activity.
Bob
On 9/20/19 4:45 PM, Robert Moskowitz wrote:
Dear HIPsters,
I am in discussion with Ganzalo and Eric about a HIP session in
Singapore.
The focus is the new work to support "Trustworthy Multipurpose
RemoteID" with t
On 2/12/20 11:48 AM, Jeff Ahrenholz wrote:
I believe this version answers all the IESG issues.
Please review, there are some important additions.
EKR had a number of security concerns. Some I feel don't apply to HIP, like
use an AEAD for HIP packet security.
But there are a number of
On 2/12/20 12:20 PM, Jeff Ahrenholz wrote:
I believe this version answers all the IESG issues.
Please review, there are some important additions.
EKR had a number of security concerns. Some I feel don't apply to HIP, like
use an AEAD for HIP packet security.
But there are a number of
On 2/12/20 12:20 PM, Jeff Ahrenholz wrote:
I believe this version answers all the IESG issues.
Please review, there are some important additions.
EKR had a number of security concerns. Some I feel don't apply to HIP, like
use an AEAD for HIP packet security.
But there are a number of
On 2/12/20 12:50 PM, Jeff Ahrenholz wrote:
Looking at Section 6.3 HIP DEX KEYMAT Generation, it discusses
using Diffie-Hellman derived key Kij, but I don't see anything
about using I_NONCE. There is a random #I provided by the
Responder from the PUZZLE parameter, but nothing about a
random
On 3/4/20 10:53 AM, Jeff Ahrenholz wrote:
https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-codes-5
And nothing there that looks right.
So what is done in HIP BEX implementations? Both v1 and v2?
For our HIPv1 implementation:
IPv4 packets - we
to be sent need a Code field to be set in
addition to the Pointer. What Code should be used in this message? Please
specify this.
--
Standard Robert Moskowitz
Owner
HTT Consulting
C:248-219-2059
F:248-968-2824
E:r...@labs.htt-consult.com
There's no limit to what can be accomplished if it does
strained (DoSing) attacker is competing with a constrained
honest initiator to solve puzzles during an attack, it seems like the
honest initiator is going to lose out pretty badly.
Section 4.1.4
There are security considerations for serializing the HIP state to
nonvolatile storage!
--
Standard Robert M
Here is the text I put together for revising sec 5.4 (see below).
On 3/3/20 11:47 PM, Suresh Krishnan via Datatracker wrote:
Suresh Krishnan has entered the following ballot position for
draft-ietf-hip-dex-13: Discuss
When responding, please keep the subject line intact and reply to all
email
On 3/4/20 1:28 PM, Roman Danyliw via Datatracker wrote:
Roman Danyliw has entered the following ballot position for
draft-ietf-hip-dex-13: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
l) steps to complete that work.
Yours,
Daniel
On Thu, Jan 23, 2020 at 10:47 AM Robert Moskowitz
mailto:r...@labs.htt-consult.com>> wrote:
I have added sec 8.2, discussing the security of using KMAC as a
KDF. This is based on a conversation I had with the Keccak team
at the IAC
to
implement it. I do expect to have something done for a dex-13.txt draft.
-Ekr
Robert Moskowitz
___
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec
I do not see anything in this comment that is directly actionable, but
will provide some comments here.
On 11/25/19 1:38 AM, Michael Richardson via Datatracker wrote:
Reviewer: Michael Richardson
Review result: Ready
I am the assigned IoT-Directorate reviewer for 1draft-ietf-hip-dex
I
On 1/24/20 1:41 PM, Michael Richardson wrote:
Robert Moskowitz wrote:
> I would actually like to make a presentation at SAAG about KMAC as a KDF
and
> why the IETF should incorporate it.
> SP 800-185 was published back in Dec 2016. This clearly shows how to use
Forwarded Message
Subject:New Version Notification for draft-ietf-hip-dex-12.txt
Date: Sun, 09 Feb 2020 23:11:55 -0800
From: internet-dra...@ietf.org
To: Robert Moskowitz , Rene Hummen
, Miika Komu
A new version of I-D, draft-ietf-hip-dex-12.txt
has been successfully
Jeff,
Thanks for the feedback. After Passover, I will incorporate what I pull
out of this.
Bob
On 4/6/20 1:51 PM, Jeff Ahrenholz wrote:
Bob,
Brief review below...
I have updated the hip-fast-mobility draft.
I welcome review.
It will be used in an upcoming DRIP N-RID secure transport
1 - 100 of 130 matches
Mail list logo
