Hello, I am sorry for the late response...
>> >>> (3) Continuing to support the 1536 MODP DHE group but not >>> supporting the 2048 equivalent seems a bit odd, as does not having >>> a code point for the 4096 but group. Similarly, making the 1536 bit >>> group the MTI (in 5.2.7) is odd as is the assertion that "web >>> surfing" can use a lower security level. >> >> I am not aware of the criteria that were used for choosing the DHE >> groups. Can someone else comment on this? > > I don't recall offhand, other than that we went through a round of > review with CFRG back in 2012 and we ended up modifying our crypto > selections based on the feedback received. Bob and Tobias have been the > caretakers of the crypto selections in HIPv2 in general, so I defer to > them. Ok, so let's wait to hear from Bob/Tobias on this one. I tried to reconstruct the approach that we took from the mailing list archives. This dates back to 2010 so I don't remember every detail. We use established algorithms that similar protocols used and discussed the choices here on the list. Here is the discussion thread: http://www.ietf.org/mail-archive/web/hipsec/current/msg03327.html There was some counseling from CFRG as well if I am not mistaken. However, if there is the need for a different set of algorithms or if there is consensus that more algorithms are required, there is no reason not to add another one. The sentence with the web-surfing is a carry over from RFC5201. I think we should change it to a more generic statement along the lines of the mailing list post from 2010: Group 10 is meant for devices with low computation capabilities and should be used only if long-term confidentiality is not required. BR, Tobias -- Dr. Tobias Heer | Head of Embedded Software Development - Functions | Hirschmann Automation and Control GmbH Stuttgarter Str. 45-51 | 72654 Neckartenzlingen | Germany Phone: +49 7127 14 - 1280 | Mobile: +49 171 441 49 22 | Fax: +49 7127 14 - 1600 [email protected] | www.beldensolutions.com | www.blog.beldensolutions.com Hirschmann Automation and Control GmbH, Neckartenzlingen Register Court: Stuttgart, Trade Register No.: HRB 225927 VAT No.: DE 814 212 604 Managing Director: Christoph Gusenleitner, Henk Derksen, Wolfgang Schenk, Johannes Pfeffer DISCLAIMER: Privileged and/or Confidential information may be contained in this message. If you are not the addressee of this message, you may not copy, use or deliver this message to anyone. In such event, you should destroy the message and kindly notify the sender by reply e-mail. It is understood that opinions or conclusions that do not relate to the official business of the company are neither given nor endorsed by the company. Thank You.
_______________________________________________ Hipsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/hipsec
