draft-ietf-hip-dex-00.txt   draft-ietf-hip-dex-01.txt 
Network Working Group R. Moskowitz, Ed. HIP WG R. Moskowitz, Ed.
Internet-Draft HTT Consulting Internet-Draft HTT Consulting
Intended status: Standards Track R. Hummen Intended status: Standards Track R. Hummen
Expires: September 2, 2016 COMSYS, RWTH Aachen Expires: September 22, 2016 COMSYS, RWTH Aachen
March 1, 2016 March 21, 2016
HIP Diet EXchange (DEX) HIP Diet EXchange (DEX)
draft-ietf-hip-dex-00 draft-ietf-hip-dex-01
Abstract Abstract
This document specifies the Host Identity Protocol Diet EXchange (HIP This document specifies the Host Identity Protocol Diet EXchange (HIP
DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The
HIP DEX protocol design aims at reducing the overhead of the employed HIP DEX protocol design aims at reducing the overhead of the employed
cryptographic primitives by omitting public-key signatures and hash cryptographic primitives by omitting public-key signatures and hash
functions. In doing so, the main goal is to still deliver similar functions. In doing so, the main goal is to still deliver similar
security properties to HIPv2. security properties to HIPv2.
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 2, 2016. This Internet-Draft will expire on September 22, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 43 skipping to change at page 2, line 43
4.1. Creating a HIP Association . . . . . . . . . . . . . . . 9 4.1. Creating a HIP Association . . . . . . . . . . . . . . . 9
4.1.1. HIP Puzzle Mechanism . . . . . . . . . . . . . . . . 10 4.1.1. HIP Puzzle Mechanism . . . . . . . . . . . . . . . . 10
4.1.2. HIP State Machine . . . . . . . . . . . . . . . . . . 11 4.1.2. HIP State Machine . . . . . . . . . . . . . . . . . . 11
4.1.3. HIP DEX Security Associations . . . . . . . . . . . . 15 4.1.3. HIP DEX Security Associations . . . . . . . . . . . . 15
4.1.4. User Data Considerations . . . . . . . . . . . . . . 16 4.1.4. User Data Considerations . . . . . . . . . . . . . . 16
5. Packet Formats . . . . . . . . . . . . . . . . . . . . . . . 16 5. Packet Formats . . . . . . . . . . . . . . . . . . . . . . . 16
5.1. Payload Format . . . . . . . . . . . . . . . . . . . . . 16 5.1. Payload Format . . . . . . . . . . . . . . . . . . . . . 16
5.2. HIP Parameters . . . . . . . . . . . . . . . . . . . . . 16 5.2. HIP Parameters . . . . . . . . . . . . . . . . . . . . . 16
5.2.1. DH_GROUP_LIST . . . . . . . . . . . . . . . . . . . . 17 5.2.1. DH_GROUP_LIST . . . . . . . . . . . . . . . . . . . . 17
5.2.2. HIP_CIPHER . . . . . . . . . . . . . . . . . . . . . 17 5.2.2. HIP_CIPHER . . . . . . . . . . . . . . . . . . . . . 17
5.2.3. HOST_ID . . . . . . . . . . . . . . . . . . . . . . . 17 5.2.3. HOST_ID . . . . . . . . . . . . . . . . . . . . . . . 18
5.2.4. HIT_SUITE_LIST . . . . . . . . . . . . . . . . . . . 18 5.2.4. HIT_SUITE_LIST . . . . . . . . . . . . . . . . . . . 18
5.2.5. ENCRYPTED_KEY . . . . . . . . . . . . . . . . . . . . 18 5.2.5. ENCRYPTED_KEY . . . . . . . . . . . . . . . . . . . . 18
5.3. HIP Packets . . . . . . . . . . . . . . . . . . . . . . . 19 5.3. HIP Packets . . . . . . . . . . . . . . . . . . . . . . . 19
5.3.1. I1 - the HIP Initiator Packet . . . . . . . . . . . . 20 5.3.1. I1 - the HIP Initiator Packet . . . . . . . . . . . . 20
5.3.2. R1 - the HIP Responder Packet . . . . . . . . . . . . 21 5.3.2. R1 - the HIP Responder Packet . . . . . . . . . . . . 21
5.3.3. I2 - the Second HIP Initiator Packet . . . . . . . . 23 5.3.3. I2 - the Second HIP Initiator Packet . . . . . . . . 23
5.3.4. R2 - the Second HIP Responder Packet . . . . . . . . 24 5.3.4. R2 - the Second HIP Responder Packet . . . . . . . . 24
5.4. ICMP Messages . . . . . . . . . . . . . . . . . . . . . . 25 5.4. ICMP Messages . . . . . . . . . . . . . . . . . . . . . . 25
6. Packet Processing . . . . . . . . . . . . . . . . . . . . . . 25 6. Packet Processing . . . . . . . . . . . . . . . . . . . . . . 25
6.1. Solving the Puzzle . . . . . . . . . . . . . . . . . . . 25 6.1. Solving the Puzzle . . . . . . . . . . . . . . . . . . . 25
skipping to change at page 3, line 21 skipping to change at page 3, line 21
6.7. Processing Incoming I2 Packets . . . . . . . . . . . . . 34 6.7. Processing Incoming I2 Packets . . . . . . . . . . . . . 34
6.8. Processing Incoming R2 Packets . . . . . . . . . . . . . 37 6.8. Processing Incoming R2 Packets . . . . . . . . . . . . . 37
6.9. Processing Incoming NOTIFY Packets . . . . . . . . . . . 38 6.9. Processing Incoming NOTIFY Packets . . . . . . . . . . . 38
6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets . . . . . 39 6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets . . . . . 39
6.11. Handling State Loss . . . . . . . . . . . . . . . . . . . 39 6.11. Handling State Loss . . . . . . . . . . . . . . . . . . . 39
7. HIP Policies . . . . . . . . . . . . . . . . . . . . . . . . 39 7. HIP Policies . . . . . . . . . . . . . . . . . . . . . . . . 39
8. Security Considerations . . . . . . . . . . . . . . . . . . . 39 8. Security Considerations . . . . . . . . . . . . . . . . . . . 39
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 41 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 41
11. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 41 11. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 41
11.1. Changes in draft-moskowitz-hip-rg-dex-06 . . . . . . . . 41 11.1. Changes in draft-ietf-hip-dex-01 . . . . . . . . . . . . 41
11.2. Changes in draft-moskowitz-hip-dex-00 . . . . . . . . . 41 11.2. Changes in draft-ietf-hip-dex-00 . . . . . . . . . . . . 41
11.3. Changes in draft-moskowitz-hip-dex-01 . . . . . . . . . 42 11.3. Changes in draft-moskowitz-hip-rg-dex-06 . . . . . . . . 41
11.4. Changes in draft-moskowitz-hip-dex-02 . . . . . . . . . 42 11.4. Changes in draft-moskowitz-hip-dex-00 . . . . . . . . . 42
11.5. Changes in draft-moskowitz-hip-dex-03 . . . . . . . . . 42 11.5. Changes in draft-moskowitz-hip-dex-01 . . . . . . . . . 42
11.6. Changes in draft-moskowitz-hip-dex-04 . . . . . . . . . 43 11.6. Changes in draft-moskowitz-hip-dex-02 . . . . . . . . . 42
11.7. Changes in draft-moskowitz-hip-dex-03 . . . . . . . . . 43
11.8. Changes in draft-moskowitz-hip-dex-04 . . . . . . . . . 43
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 43 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 43
12.1. Normative References . . . . . . . . . . . . . . . . . . 43 12.1. Normative References . . . . . . . . . . . . . . . . . . 43
12.2. Informative References . . . . . . . . . . . . . . . . . 44 12.2. Informative References . . . . . . . . . . . . . . . . . 44
Appendix A. Password-based two-factor authentication during Appendix A. Password-based two-factor authentication during
the HIP DEX handshake . . . . . . . . . . . . . . . 46 the HIP DEX handshake . . . . . . . . . . . . . . . 47
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 47
1. Introduction 1. Introduction
This document specifies the Host Identity Protocol Diet EXchange (HIP This document specifies the Host Identity Protocol Diet EXchange (HIP
DEX). HIP DEX builds on the Base EXchange (BEX) of the Host Identity DEX). HIP DEX builds on the Base EXchange (BEX) of the Host Identity
Protocol Version 2 (HIPv2) [RFC7401]. HIP DEX preserves the protocol Protocol Version 2 (HIPv2) [RFC7401]. HIP DEX preserves the protocol
semantics as well as the general packet structure of HIPv2. Hence, semantics as well as the general packet structure of HIPv2. Hence,
it is recommended that [RFC7401] is well-understood before reading it is recommended that [RFC7401] is well-understood before reading
this document. this document.
skipping to change at page 17, line 24 skipping to change at page 17, line 24
The DH_GROUP_LIST parameter contains the list of supported DH Group The DH_GROUP_LIST parameter contains the list of supported DH Group
IDs of a host. It is defined in Section 5.2.6 of [RFC7401]. With IDs of a host. It is defined in Section 5.2.6 of [RFC7401]. With
HIP DEX, the DH Group IDs are restricted to: HIP DEX, the DH Group IDs are restricted to:
Group KDF Value Group KDF Value
NIST P-256 [RFC5903] CKDF 7 NIST P-256 [RFC5903] CKDF 7
NIST P-384 [RFC5903] CKDF 8 NIST P-384 [RFC5903] CKDF 8
NIST P-521 [RFC5903] CKDF 9 NIST P-521 [RFC5903] CKDF 9
SECP160R1 [SECG] CKDF 10 SECP160R1 [SECG] CKDF 10
Curve25519 [RFC7748] CKDF 11
Curve448 [RFC7748] CKDF 12
The ECDH groups 7 - 9 are defined in [RFC5903] and [RFC6090]. ECDH The ECDH groups 7 - 9 are defined in [RFC5903] and [RFC6090]. ECDH
group 10 is covered in [SECG] and Appendix D of [RFC7401]. Any ECDH group 10 is covered in [SECG] and Appendix D of [RFC7401]. These
used with HIP MUST have a co-factor of 1. curves, when used with HIP MUST have a co-factor of 1.
The ECDH groups 11 and 12 are defined in [RFC7748]. These curves
have cofactors of 8 and 4 (respectively).
5.2.2. HIP_CIPHER 5.2.2. HIP_CIPHER
The HIP_CIPHER parameter contains the list of supported cipher The HIP_CIPHER parameter contains the list of supported cipher
algorithms to be used for encrypting the contents of the ENCRYPTED algorithms to be used for encrypting the contents of the ENCRYPTED
and ENCRYPTED_KEY parameters. The HIP_CIPHER parameter is defined in and ENCRYPTED_KEY parameters. The HIP_CIPHER parameter is defined in
Section 5.2.8 of [RFC7401]. With HIP DEX, the Suite IDs are limited Section 5.2.8 of [RFC7401]. With HIP DEX, the Suite IDs are limited
to: to:
Suite ID Value Suite ID Value
skipping to change at page 41, line 33 skipping to change at page 41, line 33
The drive to put HIP on a cryptographic 'Diet' came out of a number The drive to put HIP on a cryptographic 'Diet' came out of a number
of discussions with sensor vendors at IEEE 802.15 meetings. David of discussions with sensor vendors at IEEE 802.15 meetings. David
McGrew was very helpful in crafting this document. McGrew was very helpful in crafting this document.
11. Changelog 11. Changelog
This section summarizes the changes made from draft-moskowitz-hip-rg- This section summarizes the changes made from draft-moskowitz-hip-rg-
dex-05, which was the first stable version of the draft. Note that dex-05, which was the first stable version of the draft. Note that
the draft was renamed after draft-moskowitz-hip-rg-dex-06. the draft was renamed after draft-moskowitz-hip-rg-dex-06.
11.1. Changes in draft-moskowitz-hip-rg-dex-06 The draft was then renamed from draft-moskowitz-hip-dex to draft-
ietf-hip-dex.
11.1. Changes in draft-ietf-hip-dex-01
o Added the new ECDH groups of Curve2519 and Curve448 from RFC 7748.
11.2. Changes in draft-ietf-hip-dex-00
o The Internet Draft was adopted by the HIP WG.
11.3. Changes in draft-moskowitz-hip-rg-dex-06
o A major change in the ENCRYPT parameter to use AES-CTR rather than o A major change in the ENCRYPT parameter to use AES-CTR rather than
AES-CBC. AES-CBC.
11.2. Changes in draft-moskowitz-hip-dex-00 11.4. Changes in draft-moskowitz-hip-dex-00
o Draft name change. HIPRG ended in IRTF, HIP DEX is now individual o Draft name change. HIPRG ended in IRTF, HIP DEX is now individual
submission. submission.
o Added the change section. o Added the change section.
o Added a Definitions section. o Added a Definitions section.
o Changed I2 and R2 packets to reflect use of AES-CTR for o Changed I2 and R2 packets to reflect use of AES-CTR for
ENCRYPTED_KEY parameter. ENCRYPTED_KEY parameter.
o Cleaned up KEYMAT Generation text. o Cleaned up KEYMAT Generation text.
o Added Appendix with C code for the ECDH shared secret generation o Added Appendix with C code for the ECDH shared secret generation
on an 8 bit processor. on an 8 bit processor.
11.3. Changes in draft-moskowitz-hip-dex-01 11.5. Changes in draft-moskowitz-hip-dex-01
o Numerous editorial changes. o Numerous editorial changes.
o New retransmission strategy. o New retransmission strategy.
o New HIT generation mechanism. o New HIT generation mechanism.
o Modified layout of ENCRYPTED_KEY parameter. o Modified layout of ENCRYPTED_KEY parameter.
o Clarify to use puzzle difficulty of zero under normal network o Clarify to use puzzle difficulty of zero under normal network
skipping to change at page 42, line 32 skipping to change at page 42, line 46
MUST). MUST).
o Align inclusion of TRANSPORT_FORMAT_LIST with HIPv2 (added to R1 o Align inclusion of TRANSPORT_FORMAT_LIST with HIPv2 (added to R1
and I2). and I2).
o HIP_CIPHER, HIT_SUITE_LIST, and TRANSPORT_FORMAT_LIST must now be o HIP_CIPHER, HIT_SUITE_LIST, and TRANSPORT_FORMAT_LIST must now be
echoed in R2 packet. echoed in R2 packet.
o Added new author. o Added new author.
11.4. Changes in draft-moskowitz-hip-dex-02 11.6. Changes in draft-moskowitz-hip-dex-02
o Introduced formal definition of FOLD function. o Introduced formal definition of FOLD function.
o Clarified use of CMAC for puzzle computation in section "Solving o Clarified use of CMAC for puzzle computation in section "Solving
the Puzzle". the Puzzle".
o Several editorial changes. o Several editorial changes.
11.5. Changes in draft-moskowitz-hip-dex-03 11.7. Changes in draft-moskowitz-hip-dex-03
o Addressed HI crypto agility. o Addressed HI crypto agility.
o Clarified purpose of secret exchanged via ENCRYPTED_KEY parameter. o Clarified purpose of secret exchanged via ENCRYPTED_KEY parameter.
o Extended the IV in the ENCRYPTED_KEY parameter. o Extended the IV in the ENCRYPTED_KEY parameter.
o Introduced forward-references to HIP DEX KEYMAT process and o Introduced forward-references to HIP DEX KEYMAT process and
improved KEYMAT section. improved KEYMAT section.
o Replaced Appendix A on "C code for ECC point multiplication" with o Replaced Appendix A on "C code for ECC point multiplication" with
short discussion in introduction. short discussion in introduction.
o Updated references. o Updated references.
o Further editorial changes. o Further editorial changes.
11.6. Changes in draft-moskowitz-hip-dex-04 11.8. Changes in draft-moskowitz-hip-dex-04
o Improved retransmission extension. o Improved retransmission extension.
o Updated and strongly revised packet processing rules. o Updated and strongly revised packet processing rules.
o Updated security considerations. o Updated security considerations.
o Updated IANA considerations. o Updated IANA considerations.
o Move the HI Algorithm for ECDH to a value of 11. o Move the HI Algorithm for ECDH to a value of 11.
skipping to change at page 45, line 40 skipping to change at page 45, line 49
[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic
Curve Cryptography Algorithms", RFC 6090, Curve Cryptography Algorithms", RFC 6090,
DOI 10.17487/RFC6090, February 2011, DOI 10.17487/RFC6090, February 2011,
<http://www.rfc-editor.org/info/rfc6090>. <http://www.rfc-editor.org/info/rfc6090>.
[RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for
Constrained-Node Networks", RFC 7228, Constrained-Node Networks", RFC 7228,
DOI 10.17487/RFC7228, May 2014, DOI 10.17487/RFC7228, May 2014,
<http://www.rfc-editor.org/info/rfc7228>. <http://www.rfc-editor.org/info/rfc7228>.
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <http://www.rfc-editor.org/info/rfc7748>.
[SECG] SECG, "Recommended Elliptic Curve Domain Parameters", SEC [SECG] SECG, "Recommended Elliptic Curve Domain Parameters", SEC
2 , 2000, <http://www.secg.org/>. 2 , 2000, <http://www.secg.org/>.
Appendix A. Password-based two-factor authentication during the HIP DEX Appendix A. Password-based two-factor authentication during the HIP DEX
handshake handshake
HIP DEX allows to identify authorized connections based on a two- HIP DEX allows to identify authorized connections based on a two-
factor authentication mechanism. With two-factor authentication, factor authentication mechanism. With two-factor authentication,
devices that are authorized to communicate with each other are devices that are authorized to communicate with each other are
required to be pre-provisioned with a shared (group) key. The required to be pre-provisioned with a shared (group) key. The
 End of changes. 16 change blocks. 
22 lines changed or deleted 44 lines changed or added

This html diff was produced by rfcdiff 1.44. The latest version is available from http://tools.ietf.org/tools/rfcdiff/