Hi, ke, 2020-02-12 kello 17:20 +0000, Jeff Ahrenholz kirjoitti: > > I believe this version answers all the IESG issues. > > > > Please review, there are some important additions. > > > > EKR had a number of security concerns. Some I feel don't apply to > > HIP, like use an AEAD for HIP packet security. > > > > But there are a number of added sections, particularly in Security > > Considerations that are worth the group's review that I have things > > stated properly. > > > > Also there is a new parameter, I_NONCE to add Initiator randomness > > into the Master Key generation. There is some cleanup in the > > KEYMAT section to reflect this. > > > > So please take a read through. > > I took a look at the new I_NONCE parameter... > > Regarding this statement (Section 5.2.6): > "The I_NONCE parameter encapsulates a random value that is later used > in the Master key creation process (see Section 6.3)." > > Looking at Section 6.3 HIP DEX KEYMAT Generation, it discusses using > Diffie-Hellman derived key Kij, but I don't see anything about using > I_NONCE. There is a random #I provided by the Responder from the > PUZZLE parameter, but nothing about a random I_NONCE supplied by the > Initiator.
thanks for catching this! This occurred due to a html comment inside a figure (xml2rfc team is working on a fix). Here is the fixed document: https://tools.ietf.org/html/draft-ietf-hip-dex-13#section-6.3 > minor nits: > s/when key is smaller or equal to 128 bits/when the key is smaller or > equal to 128 bits/ > In Section 4.1.1 HIP Puzzle Mechanism, the links (HTML version) to > RFC 7401 sections 4.1.1 and 4.1.2 do not link to RFC 7401 but to the > dex draft. apparently this has to be fixed manually in collaboration with the RFC editor. _______________________________________________ Hipsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/hipsec
