On 2/12/20 11:48 AM, Jeff Ahrenholz wrote:
I believe this version answers all the IESG issues.
Please review, there are some important additions.
EKR had a number of security concerns. Some I feel don't apply to HIP, like
use an AEAD for HIP packet security.
But there are a number of added sections, particularly in Security
Considerations that are worth the group's review that I have things stated
properly.
Also there is a new parameter, I_NONCE to add Initiator randomness into the
Master Key generation. There is some cleanup in the KEYMAT section to reflect
this.
So please take a read through.
I took a look at the new I_NONCE parameter...
Regarding this statement (Section 5.2.6):
"The I_NONCE parameter encapsulates a random value that is later used in the Master
key creation process (see Section 6.3)."
Looking at Section 6.3 HIP DEX KEYMAT Generation, it discusses using
Diffie-Hellman derived key Kij, but I don't see anything about using I_NONCE.
There is a random #I provided by the Responder from the PUZZLE parameter, but
nothing about a random I_NONCE supplied by the Initiator.
The problem is the loss of text in sec 6.3, not sec 5.2.6. We found the
problem is a bug in the submission tool. One way or another we will get
the complete text in sec 6.3 in the next draft.
minor nits:
s/when key is smaller or equal to 128 bits/when the key is smaller or equal to
128 bits/
Fixed, thanks.
In Section 4.1.1 HIP Puzzle Mechanism, the links (HTML version) to RFC 7401
sections 4.1.1 and 4.1.2 do not link to RFC 7401 but to the dex draft.
That is a submission tool bug. I will work with the developers on it.
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
