On 2/12/20 12:20 PM, Jeff Ahrenholz wrote:
I believe this version answers all the IESG issues.
Please review, there are some important additions.
EKR had a number of security concerns. Some I feel don't apply to HIP, like
use an AEAD for HIP packet security.
But there are a number of added sections, particularly in Security
Considerations that are worth the group's review that I have things stated
properly.
Also there is a new parameter, I_NONCE to add Initiator randomness into the
Master Key generation. There is some cleanup in the KEYMAT section to reflect
this.
So please take a read through.
I took a look at the new I_NONCE parameter...
Regarding this statement (Section 5.2.6):
"The I_NONCE parameter encapsulates a random value that is later used in the Master
key creation process (see Section 6.3)."
Looking at Section 6.3 HIP DEX KEYMAT Generation, it discusses using
Diffie-Hellman derived key Kij, but I don't see anything about using I_NONCE.
There is a random #I provided by the Responder from the PUZZLE parameter, but
nothing about a random I_NONCE supplied by the Initiator.
In 6.3:
IKM Input keying material
the Diffie-Hellman derived key, concatenated with the
random I_NONCE value for the Master Key SA
the Diffie-Hellman derived key, concatenated with the
random values of the ENCRYPTED_KEY parameters in
the same order as the HITs with sort(HIT-I | HIT-R)
for the Pair-wise Key SA
minor nits:
s/when key is smaller or equal to 128 bits/when the key is smaller or equal to
128 bits/
In Section 4.1.1 HIP Puzzle Mechanism, the links (HTML version) to RFC 7401
sections 4.1.1 and 4.1.2 do not link to RFC 7401 but to the dex draft.
I will look at this one again.
Back later on it.
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
