Re: [Hipsec] RFC5201-bis: Stephen Farrell's DISCUSS questions

Wed, 30 Jul 2014 03:00:07 -0700 

Hi,

On 07/22/2014 01:50 AM, Tom Henderson wrote:



Also - there are no counter modes, is that wise?


HIP DEX defines AES-128-CTR for HIP_CIPHER [3]. However, I just
realized that it does not specify its use for the ENCRYPTED
parameter. Instead, the specification focuses on the special-purpose
ENCRYPTED_KEY parameter. So, some work would be needed to carry this
over to HIPv2.


Finally, HIPv1's encryption codepoint 1 was for a 3DES option, but
here you have 1 == NULL, yet you deprecate codepoint 3, which is
confusing. Why is that?


Is this maybe a specification hiccup?


I introduced this "DEPRECATED" as part of comment resolutions back in
2012 (someone in CFRG suggested to drop it), in this post:

http://www.ietf.org/mail-archive/web/hipsec/current/msg03557.html

However, HIP_CIPHER is a new parameter, so nothing really needs to be
deprecated.  Perhaps "RESERVED" would have been better (or remap
AES-256-CBC to value 3).

Any concern if I change DEPRECTED to RESERVED and add the comment that
it is unused, such as:?

   Reserved     3    (unused value)

Or would it be better to just omit the line and skip from 2 to 4?


I think either way works.


- section 3: 3110 doesn't seem like a great reference for RSA.
Isn't there better?


I am not sure what this is referring to.


I think this refers to the first reference to RSA as an algorithm in
general (in Section 3).  Later references use RFC3110 to refer to the
specific encoding defined there, and I think that we need to preserve
those references.  So I think Stephen's comment is to replace this
reference in Section 3:

  HIP implementations MUST support the Rivest Shamir Adelman (RSA)
    [RFC3110] public key algorithm

with something else.  Any ideas of what to put there?  RFC3110 itself
cites Schneier's Applied Cryptography book when referring to RSA.


IKEv2 refers to:

   [RSA]      Rivest, R., Shamir, A., and Adleman, L., "A Method for
              Obtaining Digital Signatures and Public-Key
              Cryptosystems", Communications of the ACM, v. 21, n. 2,
              February 1978.

   [PKCS1]    Jonsson, J. and B. Kaliski, "Public-Key Cryptography
              Standards (PKCS) #1: RSA Cryptography Specifications
              Version 2.1", RFC 3447, February 2003.

_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec






















					Reply via email to