draft-ietf-hip-dex-03.txt   draft-ietf-hip-dex-04.txt 
HIP WG R. Moskowitz, Ed. HIP WG R. Moskowitz, Ed.
Internet-Draft HTT Consulting Internet-Draft HTT Consulting
Intended status: Standards Track R. Hummen Intended status: Standards Track R. Hummen
Expires: December 6, 2016 Hirschmann Automation and Control Expires: April 25, 2017 Hirschmann Automation and Control
June 4, 2016 October 22, 2016
HIP Diet EXchange (DEX) HIP Diet EXchange (DEX)
draft-ietf-hip-dex-03 draft-ietf-hip-dex-04
Abstract Abstract
This document specifies the Host Identity Protocol Diet EXchange (HIP This document specifies the Host Identity Protocol Diet EXchange (HIP
DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The
HIP DEX protocol design aims at reducing the overhead of the employed HIP DEX protocol design aims at reducing the overhead of the employed
cryptographic primitives by omitting public-key signatures and hash cryptographic primitives by omitting public-key signatures and hash
functions. In doing so, the main goal is to still deliver similar functions. In doing so, the main goal is to still deliver similar
security properties to HIPv2. security properties to HIPv2.
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 6, 2016. This Internet-Draft will expire on April 25, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 31 skipping to change at page 2, line 31
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. The HIP Diet EXchange (DEX) . . . . . . . . . . . . . . . 4 1.1. The HIP Diet EXchange (DEX) . . . . . . . . . . . . . . . 4
1.2. Memo Structure . . . . . . . . . . . . . . . . . . . . . 5 1.2. Memo Structure . . . . . . . . . . . . . . . . . . . . . 5
2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 6 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 6
2.1. Requirements Terminology . . . . . . . . . . . . . . . . 6 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 6
2.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6
3. Host Identity (HI) and its Structure . . . . . . . . . . . . 7 3. Host Identity (HI) and its Structure . . . . . . . . . . . . 7
3.1. Host Identity Tag (HIT) . . . . . . . . . . . . . . . . . 8 3.1. Host Identity Tag (HIT) . . . . . . . . . . . . . . . . . 8
3.2. Generating a HIT from an HI . . . . . . . . . . . . . . . 8 3.2. Generating a HIT from an HI . . . . . . . . . . . . . . . 9
4. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 9 4. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 9
4.1. Creating a HIP Association . . . . . . . . . . . . . . . 9 4.1. Creating a HIP Association . . . . . . . . . . . . . . . 9
4.1.1. HIP Puzzle Mechanism . . . . . . . . . . . . . . . . 11 4.1.1. HIP Puzzle Mechanism . . . . . . . . . . . . . . . . 11
4.1.2. HIP State Machine . . . . . . . . . . . . . . . . . . 11 4.1.2. HIP State Machine . . . . . . . . . . . . . . . . . . 12
4.1.3. HIP DEX Security Associations . . . . . . . . . . . . 15 4.1.3. HIP DEX Security Associations . . . . . . . . . . . . 16
4.1.4. User Data Considerations . . . . . . . . . . . . . . 16 4.1.4. User Data Considerations . . . . . . . . . . . . . . 17
5. Packet Formats . . . . . . . . . . . . . . . . . . . . . . . 16 5. Packet Formats . . . . . . . . . . . . . . . . . . . . . . . 17
5.1. Payload Format . . . . . . . . . . . . . . . . . . . . . 16 5.1. Payload Format . . . . . . . . . . . . . . . . . . . . . 17
5.2. HIP Parameters . . . . . . . . . . . . . . . . . . . . . 16 5.2. HIP Parameters . . . . . . . . . . . . . . . . . . . . . 17
5.2.1. DH_GROUP_LIST . . . . . . . . . . . . . . . . . . . . 17 5.2.1. DH_GROUP_LIST . . . . . . . . . . . . . . . . . . . . 18
5.2.2. HIP_CIPHER . . . . . . . . . . . . . . . . . . . . . 17 5.2.2. HIP_CIPHER . . . . . . . . . . . . . . . . . . . . . 18
5.2.3. HOST_ID . . . . . . . . . . . . . . . . . . . . . . . 18 5.2.3. HOST_ID . . . . . . . . . . . . . . . . . . . . . . . 19
5.2.4. HIT_SUITE_LIST . . . . . . . . . . . . . . . . . . . 18 5.2.4. HIT_SUITE_LIST . . . . . . . . . . . . . . . . . . . 19
5.2.5. ENCRYPTED_KEY . . . . . . . . . . . . . . . . . . . . 18 5.2.5. ENCRYPTED_KEY . . . . . . . . . . . . . . . . . . . . 19
5.3. HIP Packets . . . . . . . . . . . . . . . . . . . . . . . 19 5.3. HIP Packets . . . . . . . . . . . . . . . . . . . . . . . 20
5.3.1. I1 - the HIP Initiator Packet . . . . . . . . . . . . 20 5.3.1. I1 - the HIP Initiator Packet . . . . . . . . . . . . 21
5.3.2. R1 - the HIP Responder Packet . . . . . . . . . . . . 21 5.3.2. R1 - the HIP Responder Packet . . . . . . . . . . . . 22
5.3.3. I2 - the Second HIP Initiator Packet . . . . . . . . 23 5.3.3. I2 - the Second HIP Initiator Packet . . . . . . . . 24
5.3.4. R2 - the Second HIP Responder Packet . . . . . . . . 24 5.3.4. R2 - the Second HIP Responder Packet . . . . . . . . 25
5.4. ICMP Messages . . . . . . . . . . . . . . . . . . . . . . 25 5.4. ICMP Messages . . . . . . . . . . . . . . . . . . . . . . 26
6. Packet Processing . . . . . . . . . . . . . . . . . . . . . . 25 6. Packet Processing . . . . . . . . . . . . . . . . . . . . . . 26
6.1. Solving the Puzzle . . . . . . . . . . . . . . . . . . . 25 6.1. Solving the Puzzle . . . . . . . . . . . . . . . . . . . 26
6.2. HIP_MAC Calculation and Verification . . . . . . . . . . 26 6.2. HIP_MAC Calculation and Verification . . . . . . . . . . 27
6.2.1. CMAC Calculation . . . . . . . . . . . . . . . . . . 26 6.2.1. CMAC Calculation . . . . . . . . . . . . . . . . . . 27
6.3. HIP DEX KEYMAT Generation . . . . . . . . . . . . . . . . 27 6.3. HIP DEX KEYMAT Generation . . . . . . . . . . . . . . . . 28
6.4. Initiation of a HIP Diet EXchange . . . . . . . . . . . . 30 6.4. Initiation of a HIP Diet EXchange . . . . . . . . . . . . 31
6.5. Processing Incoming I1 Packets . . . . . . . . . . . . . 30 6.5. Processing Incoming I1 Packets . . . . . . . . . . . . . 31
6.6. Processing Incoming R1 Packets . . . . . . . . . . . . . 31 6.6. Processing Incoming R1 Packets . . . . . . . . . . . . . 32
6.7. Processing Incoming I2 Packets . . . . . . . . . . . . . 34 6.7. Processing Incoming I2 Packets . . . . . . . . . . . . . 35
6.8. Processing Incoming R2 Packets . . . . . . . . . . . . . 37 6.8. Processing Incoming R2 Packets . . . . . . . . . . . . . 38
6.9. Processing Incoming NOTIFY Packets . . . . . . . . . . . 38 6.9. Processing Incoming NOTIFY Packets . . . . . . . . . . . 39
6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets . . . . . 39 6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets . . . . . 40
6.11. Handling State Loss . . . . . . . . . . . . . . . . . . . 39 6.11. Handling State Loss . . . . . . . . . . . . . . . . . . . 40
7. HIP Policies . . . . . . . . . . . . . . . . . . . . . . . . 39 7. HIP Policies . . . . . . . . . . . . . . . . . . . . . . . . 40
8. Interoperability between HIP DEX and HIPv2 . . . . . . . 39 8. Interoperability between HIP DEX and HIPv2 . . . . . . . . . 40
9. Security Considerations . . . . . . . . . . . . . . . . . . . 40 9. Security Considerations . . . . . . . . . . . . . . . . . . . 41
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 41 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 42 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43
12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 42 12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 43
12.1. Changes in draft-ietf-hip-dex-03 . . . . . . . . . . . . 42 12.1. Changes in draft-ietf-hip-dex-04 . . . . . . . . . . . . 43
12.2. Changes in draft-ietf-hip-dex-02 . . . . . . . . . . . . 42 12.2. Changes in draft-ietf-hip-dex-03 . . . . . . . . . . . . 43
12.3. Changes in draft-ietf-hip-dex-01 . . . . . . . . . . . . 42 12.3. Changes in draft-ietf-hip-dex-02 . . . . . . . . . . . . 44
12.4. Changes in draft-ietf-hip-dex-00 . . . . . . . . . . . . 43 12.4. Changes in draft-ietf-hip-dex-01 . . . . . . . . . . . . 44
12.5. Changes in draft-moskowitz-hip-rg-dex-06 . . . . . . . . 43 12.5. Changes in draft-ietf-hip-dex-00 . . . . . . . . . . . . 44
12.6. Changes in draft-moskowitz-hip-dex-00 . . . . . . . . . 43 12.6. Changes in draft-moskowitz-hip-rg-dex-06 . . . . . . . . 44
12.7. Changes in draft-moskowitz-hip-dex-01 . . . . . . . . . 43 12.7. Changes in draft-moskowitz-hip-dex-00 . . . . . . . . . 44
12.8. Changes in draft-moskowitz-hip-dex-02 . . . . . . . . . 44 12.8. Changes in draft-moskowitz-hip-dex-01 . . . . . . . . . 44
12.9. Changes in draft-moskowitz-hip-dex-03 . . . . . . . . . 44 12.9. Changes in draft-moskowitz-hip-dex-02 . . . . . . . . . 45
12.10. Changes in draft-moskowitz-hip-dex-04 . . . . . . . . . 44 12.10. Changes in draft-moskowitz-hip-dex-03 . . . . . . . . . 45
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 44 12.11. Changes in draft-moskowitz-hip-dex-04 . . . . . . . . . 45
13.1. Normative References . . . . . . . . . . . . . . . . . . 45 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 46
13.2. Informative References . . . . . . . . . . . . . . . . . 45 13.1. Normative References . . . . . . . . . . . . . . . . . . 46
Appendix A. Password-based two-factor authentication during 13.2. Informative References . . . . . . . . . . . . . . . . . 47
the HIP DEX handshake . . . . . . . . . . . . . . . 48 Appendix A. Password-based two-factor authentication during the
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 48 HIP DEX handshake . . . . . . . . . . . . . . . . . 49
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 49
1. Introduction 1. Introduction
This document specifies the Host Identity Protocol Diet EXchange (HIP This document specifies the Host Identity Protocol Diet EXchange (HIP
DEX). HIP DEX builds on the Base EXchange (BEX) of the Host Identity DEX). HIP DEX builds on the Base EXchange (BEX) of the Host Identity
Protocol Version 2 (HIPv2) [RFC7401]. HIP DEX preserves the protocol Protocol Version 2 (HIPv2) [RFC7401]. HIP DEX preserves the protocol
semantics as well as the general packet structure of HIPv2. Hence, semantics as well as the general packet structure of HIPv2. Hence,
it is recommended that [RFC7401] is well-understood before reading it is recommended that [RFC7401] is well-understood before reading
this document. this document.
skipping to change at page 5, line 40 skipping to change at page 5, line 43
the original HIPv2 specification. the original HIPv2 specification.
Finally, HIP DEX is designed as an end-to-end authentication and key Finally, HIP DEX is designed as an end-to-end authentication and key
establishment protocol. As such, it can be used in combination with establishment protocol. As such, it can be used in combination with
Encapsulated Security Payload (ESP) [RFC7402] as well as with other Encapsulated Security Payload (ESP) [RFC7402] as well as with other
end-to-end security protocols. In addition, HIP DEX can also be used end-to-end security protocols. In addition, HIP DEX can also be used
as a keying mechanism for security primitives at the MAC layer, e.g., as a keying mechanism for security primitives at the MAC layer, e.g.,
for IEEE 802.15.4 networks [IEEE.802-15-4.2011]. It is worth for IEEE 802.15.4 networks [IEEE.802-15-4.2011]. It is worth
mentioning that the HIP DEX base protocol does not cover all the mentioning that the HIP DEX base protocol does not cover all the
fine-grained policy control found in Internet Key Exchange Version 2 fine-grained policy control found in Internet Key Exchange Version 2
(IKEv2) [RFC5996] that allows IKEv2 to support complex gateway (IKEv2) [RFC7296] that allows IKEv2 to support complex gateway
policies. Thus, HIP DEX is not a replacement for IKEv2. policies. Thus, HIP DEX is not a replacement for IKEv2.
1.2. Memo Structure 1.2. Memo Structure
The rest of this memo is structured as follows. Section 2 defines The rest of this memo is structured as follows. Section 2 defines
the central keywords, notation, and terms used throughout this the central keywords, notation, and terms used throughout this
document. Section 3 defines the structure of the Host Identity and document. Section 3 defines the structure of the Host Identity and
its various representations. Section 4 gives an overview of the HIP its various representations. Section 4 gives an overview of the HIP
Diet EXchange protocol. Sections 5 and 6 define the detailed packet Diet EXchange protocol. Sections 5 and 6 define the detailed packet
formats and rules for packet processing. Finally, Sections 7, 9, and formats and rules for packet processing. Finally, Sections 7, 9, and
skipping to change at page 34, line 28 skipping to change at page 35, line 28
retransmit the I2 packet upon a timeout and restart the timer, retransmit the I2 packet upon a timeout and restart the timer,
up to a maximum of I2_RETRIES_MAX tries. up to a maximum of I2_RETRIES_MAX tries.
18. If the system is in state I1-SENT, it SHALL transition to state 18. If the system is in state I1-SENT, it SHALL transition to state
I2-SENT. If the system is in any other state, it remains in the I2-SENT. If the system is in any other state, it remains in the
current state. current state.
Note that step 4 from the original processing rules of HIPv2 Note that step 4 from the original processing rules of HIPv2
(signature verification) has been removed in the above processing (signature verification) has been removed in the above processing
rules for HIP DEX. Moreover, step 7 of the original processing rules rules for HIP DEX. Moreover, step 7 of the original processing rules
has been adapted in step 6 avove to account for the fact that HIP DEX has been adapted in step 6 above to account for the fact that HIP DEX
uses ECDH public keys as HIs. The considerations about malformed R1 uses ECDH public keys as HIs. The considerations about malformed R1
packets in Sections 6.8.1 of [RFC7401] also apply to HIP DEX. packets in Sections 6.8.1 of [RFC7401] also apply to HIP DEX.
6.7. Processing Incoming I2 Packets 6.7. Processing Incoming I2 Packets
The processing of I2 packets follows similar rules as HIPv2 (see The processing of I2 packets follows similar rules as HIPv2 (see
Section 6.9 of [RFC7401]). The main differences to HIPv2 are that Section 6.9 of [RFC7401]). The main differences to HIPv2 are that
HIP DEX introduces a new session key exchange via the ENCRYPTED_KEY HIP DEX introduces a new session key exchange via the ENCRYPTED_KEY
parameter as well as an I2 reception acknowledgement for parameter as well as an I2 reception acknowledgement for
retransmission purposes. Moreover, with HIP DEX the Initiator is retransmission purposes. Moreover, with HIP DEX the Initiator is
skipping to change at page 39, line 13 skipping to change at page 40, line 13
value after the next I2 retransmission. value after the next I2 retransmission.
6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets 6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets
UPDATE, CLOSE, and CLOSE_ACK packets are handled similarly in HIP DEX UPDATE, CLOSE, and CLOSE_ACK packets are handled similarly in HIP DEX
as in HIPv2 (see Sections 6.11, 6.12, 6.14, and 6.15 of [RFC7401]). as in HIPv2 (see Sections 6.11, 6.12, 6.14, and 6.15 of [RFC7401]).
The only difference is the that the HIP_SIGNATURE is never present The only difference is the that the HIP_SIGNATURE is never present
and, therefore, is not required to be processed by the receiving and, therefore, is not required to be processed by the receiving
party. party.
[RFC7402] specifies the rekeying of an existing HIP SA using the
UPDATE message. This rekeying procedure can also be used with HIP
DEX. However, where rekeying involves a new Diffie-Hellman key
exchange, HIP DEX peers MUST establish a new HIP association in order
to create a new Pair-wise Key SA due to the use of static ECDH key-
pairs with HIP DEX.
6.11. Handling State Loss 6.11. Handling State Loss
Implementors MAY choose to use non-volatile, secure storage for HIP Implementors MAY choose to use non-volatile, secure storage for HIP
states in order for them to survive a system reboot. If no secure states in order for them to survive a system reboot. If no secure
storage capabilities are available, the system SHOULD delete the storage capabilities are available, the system SHOULD delete the
corresponding HIP state, including the keying material. If the corresponding HIP state, including the keying material. If the
implementation does drop the state (as RECOMMENDED), it MUST also implementation does drop the state (as RECOMMENDED), it MUST also
drop the peer's R1 generation counter value, unless a local policy drop the peer's R1 generation counter value, unless a local policy
explicitly defines that the value of that particular host is stored. explicitly defines that the value of that particular host is stored.
Such storing of the R1 generation counter values MUST be configured Such storing of the R1 generation counter values MUST be configured
skipping to change at page 42, line 29 skipping to change at page 43, line 35
12. Changelog 12. Changelog
This section summarizes the changes made from draft-moskowitz-hip-rg- This section summarizes the changes made from draft-moskowitz-hip-rg-
dex-05, which was the first stable version of the draft. Note that dex-05, which was the first stable version of the draft. Note that
the draft was renamed after draft-moskowitz-hip-rg-dex-06. the draft was renamed after draft-moskowitz-hip-rg-dex-06.
The draft was then renamed from draft-moskowitz-hip-dex to draft- The draft was then renamed from draft-moskowitz-hip-dex to draft-
ietf-hip-dex. ietf-hip-dex.
12.1. Changes in draft-ietf-hip-dex-03 12.1. Changes in draft-ietf-hip-dex-04
o Added new paragraph on rekeying procedure with HIP DEX.
o Updated references.
o Editorial changes.
12.2. Changes in draft-ietf-hip-dex-03
o Added new section on HIP DEX/HIPv2 interoperability o Added new section on HIP DEX/HIPv2 interoperability
o Added reference to RFC4493 for CMAC. o Added reference to RFC4493 for CMAC.
o Added reference to RFC5869 for CKDF. o Added reference to RFC5869 for CKDF.
o Added processing of NOTIFY message in I2-SENT of state diagram. o Added processing of NOTIFY message in I2-SENT of state diagram.
o Editorial changes. o Editorial changes.
12.2. Changes in draft-ietf-hip-dex-02 12.3. Changes in draft-ietf-hip-dex-02
o Author address change. o Author address change.
12.3. Changes in draft-ietf-hip-dex-01 12.4. Changes in draft-ietf-hip-dex-01
o Added the new ECDH groups of Curve25519 and Curve448 from RFC o Added the new ECDH groups of Curve25519 and Curve448 from RFC
7748. 7748.
12.4. Changes in draft-ietf-hip-dex-00 12.5. Changes in draft-ietf-hip-dex-00
o The Internet Draft was adopted by the HIP WG. o The Internet Draft was adopted by the HIP WG.
12.5. Changes in draft-moskowitz-hip-rg-dex-06 12.6. Changes in draft-moskowitz-hip-rg-dex-06
o A major change in the ENCRYPT parameter to use AES-CTR rather than o A major change in the ENCRYPT parameter to use AES-CTR rather than
AES-CBC. AES-CBC.
12.6. Changes in draft-moskowitz-hip-dex-00 12.7. Changes in draft-moskowitz-hip-dex-00
o Draft name change. HIPRG ended in IRTF, HIP DEX is now individual o Draft name change. HIPRG ended in IRTF, HIP DEX is now individual
submission. submission.
o Added the change section. o Added the change section.
o Added a Definitions section. o Added a Definitions section.
o Changed I2 and R2 packets to reflect use of AES-CTR for o Changed I2 and R2 packets to reflect use of AES-CTR for
ENCRYPTED_KEY parameter. ENCRYPTED_KEY parameter.
o Cleaned up KEYMAT Generation text. o Cleaned up KEYMAT Generation text.
o Added Appendix with C code for the ECDH shared secret generation o Added Appendix with C code for the ECDH shared secret generation
on an 8 bit processor. on an 8 bit processor.
12.7. Changes in draft-moskowitz-hip-dex-01 12.8. Changes in draft-moskowitz-hip-dex-01
o Numerous editorial changes. o Numerous editorial changes.
o New retransmission strategy. o New retransmission strategy.
o New HIT generation mechanism. o New HIT generation mechanism.
o Modified layout of ENCRYPTED_KEY parameter. o Modified layout of ENCRYPTED_KEY parameter.
o Clarify to use puzzle difficulty of zero under normal network o Clarify to use puzzle difficulty of zero under normal network
skipping to change at page 44, line 7 skipping to change at page 45, line 19
MUST). MUST).
o Align inclusion of TRANSPORT_FORMAT_LIST with HIPv2 (added to R1 o Align inclusion of TRANSPORT_FORMAT_LIST with HIPv2 (added to R1
and I2). and I2).
o HIP_CIPHER, HIT_SUITE_LIST, and TRANSPORT_FORMAT_LIST must now be o HIP_CIPHER, HIT_SUITE_LIST, and TRANSPORT_FORMAT_LIST must now be
echoed in R2 packet. echoed in R2 packet.
o Added new author. o Added new author.
12.8. Changes in draft-moskowitz-hip-dex-02 12.9. Changes in draft-moskowitz-hip-dex-02
o Introduced formal definition of FOLD function. o Introduced formal definition of FOLD function.
o Clarified use of CMAC for puzzle computation in section "Solving o Clarified use of CMAC for puzzle computation in section "Solving
the Puzzle". the Puzzle".
o Several editorial changes. o Several editorial changes.
12.9. Changes in draft-moskowitz-hip-dex-03 12.10. Changes in draft-moskowitz-hip-dex-03
o Addressed HI crypto agility. o Addressed HI crypto agility.
o Clarified purpose of secret exchanged via ENCRYPTED_KEY parameter. o Clarified purpose of secret exchanged via ENCRYPTED_KEY parameter.
o Extended the IV in the ENCRYPTED_KEY parameter. o Extended the IV in the ENCRYPTED_KEY parameter.
o Introduced forward-references to HIP DEX KEYMAT process and o Introduced forward-references to HIP DEX KEYMAT process and
improved KEYMAT section. improved KEYMAT section.
o Replaced Appendix A on "C code for ECC point multiplication" with o Replaced Appendix A on "C code for ECC point multiplication" with
short discussion in introduction. short discussion in introduction.
o Updated references. o Updated references.
o Further editorial changes. o Further editorial changes.
12.10. Changes in draft-moskowitz-hip-dex-04 12.11. Changes in draft-moskowitz-hip-dex-04
o Improved retransmission extension. o Improved retransmission extension.
o Updated and strongly revised packet processing rules. o Updated and strongly revised packet processing rules.
o Updated security considerations. o Updated security considerations.
o Updated IANA considerations. o Updated IANA considerations.
o Move the HI Algorithm for ECDH to a value of 11. o Move the HI Algorithm for ECDH to a value of 11.
skipping to change at page 45, line 26 skipping to change at page 46, line 35
Counter Mode With IPsec Encapsulating Security Payload Counter Mode With IPsec Encapsulating Security Payload
(ESP)", RFC 3686, DOI 10.17487/RFC3686, January 2004, (ESP)", RFC 3686, DOI 10.17487/RFC3686, January 2004,
<http://www.rfc-editor.org/info/rfc3686>. <http://www.rfc-editor.org/info/rfc3686>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", RFC 4443, Protocol Version 6 (IPv6) Specification", RFC 4443,
DOI 10.17487/RFC4443, March 2006, DOI 10.17487/RFC4443, March 2006,
<http://www.rfc-editor.org/info/rfc4443>. <http://www.rfc-editor.org/info/rfc4443>.
[RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The
AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June
2006, <http://www.rfc-editor.org/info/rfc4493>.
[RFC7343] Laganier, J. and F. Dupont, "An IPv6 Prefix for Overlay [RFC7343] Laganier, J. and F. Dupont, "An IPv6 Prefix for Overlay
Routable Cryptographic Hash Identifiers Version 2 Routable Cryptographic Hash Identifiers Version 2
(ORCHIDv2)", RFC 7343, DOI 10.17487/RFC7343, September (ORCHIDv2)", RFC 7343, DOI 10.17487/RFC7343, September
2014, <http://www.rfc-editor.org/info/rfc7343>. 2014, <http://www.rfc-editor.org/info/rfc7343>.
[RFC7401] Moskowitz, R., Ed., Heer, T., Jokela, P., and T. [RFC7401] Moskowitz, R., Ed., Heer, T., Jokela, P., and T.
Henderson, "Host Identity Protocol Version 2 (HIPv2)", Henderson, "Host Identity Protocol Version 2 (HIPv2)",
RFC 7401, DOI 10.17487/RFC7401, April 2015, RFC 7401, DOI 10.17487/RFC7401, April 2015,
<http://www.rfc-editor.org/info/rfc7401>. <http://www.rfc-editor.org/info/rfc7401>.
skipping to change at page 46, line 12 skipping to change at page 47, line 18
Cryptography", IEEE Transactions on Information Cryptography", IEEE Transactions on Information
Theory vol. IT-22, number 6, pages 644-654, Nov 1976. Theory vol. IT-22, number 6, pages 644-654, Nov 1976.
[HWZ13] Hummen, R., Wirtz, H., Ziegeldorf, J., Hiller, J., and K. [HWZ13] Hummen, R., Wirtz, H., Ziegeldorf, J., Hiller, J., and K.
Wehrle, "Tailoring End-to-End IP Security Protocols to the Wehrle, "Tailoring End-to-End IP Security Protocols to the
Internet of Things", in Proceedings of IEEE International Internet of Things", in Proceedings of IEEE International
Conference on Network Protocols (ICNP 2013), October 2013. Conference on Network Protocols (ICNP 2013), October 2013.
[I-D.ietf-hip-rfc4423-bis] [I-D.ietf-hip-rfc4423-bis]
Moskowitz, R. and M. Komu, "Host Identity Protocol Moskowitz, R. and M. Komu, "Host Identity Protocol
Architecture", draft-ietf-hip-rfc4423-bis-13 (work in Architecture", draft-ietf-hip-rfc4423-bis-14 (work in
progress), December 2015. progress), June 2016.
[IEEE.802-11.2007] [IEEE.802-11.2007]
"Information technology - Telecommunications and "Information technology - Telecommunications and
information exchange between systems - Local and information exchange between systems - Local and
metropolitan area networks - Specific requirements - Part metropolitan area networks - Specific requirements - Part
11: Wireless LAN Medium Access Control (MAC) and Physical 11: Wireless LAN Medium Access Control (MAC) and Physical
Layer (PHY) Specifications", IEEE Standard 802.11, June Layer (PHY) Specifications", IEEE Standard 802.11, June
2007, <http://standards.ieee.org/getieee802/ 2007, <http://standards.ieee.org/getieee802/
download/802.11-2007.pdf>. download/802.11-2007.pdf>.
skipping to change at page 46, line 39 skipping to change at page 47, line 45
Layer (PHY) Specifications for Low-Rate Wireless Personal Layer (PHY) Specifications for Low-Rate Wireless Personal
Area Networks (WPANs)", IEEE Standard 802.15.4, September Area Networks (WPANs)", IEEE Standard 802.15.4, September
2011, <http://standards.ieee.org/getieee802/ 2011, <http://standards.ieee.org/getieee802/
download/802.15.4-2011.pdf>. download/802.15.4-2011.pdf>.
[LN08] Liu, A. and H. Ning, "TinyECC: A Configurable Library for [LN08] Liu, A. and H. Ning, "TinyECC: A Configurable Library for
Elliptic Curve Cryptography in Wireless Sensor Networks", Elliptic Curve Cryptography in Wireless Sensor Networks",
in Proceedings of International Conference on Information in Proceedings of International Conference on Information
Processing in Sensor Networks (IPSN 2008), April 2008. Processing in Sensor Networks (IPSN 2008), April 2008.
[RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The
AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June
2006, <http://www.rfc-editor.org/info/rfc4493>.
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869, Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010, DOI 10.17487/RFC5869, May 2010,
<http://www.rfc-editor.org/info/rfc5869>. <http://www.rfc-editor.org/info/rfc5869>.
[RFC5903] Fu, D. and J. Solinas, "Elliptic Curve Groups modulo a [RFC5903] Fu, D. and J. Solinas, "Elliptic Curve Groups modulo a
Prime (ECP Groups) for IKE and IKEv2", RFC 5903, Prime (ECP Groups) for IKE and IKEv2", RFC 5903,
DOI 10.17487/RFC5903, June 2010, DOI 10.17487/RFC5903, June 2010,
<http://www.rfc-editor.org/info/rfc5903>. <http://www.rfc-editor.org/info/rfc5903>.
[RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen,
"Internet Key Exchange Protocol Version 2 (IKEv2)",
RFC 5996, DOI 10.17487/RFC5996, September 2010,
<http://www.rfc-editor.org/info/rfc5996>.
[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic
Curve Cryptography Algorithms", RFC 6090, Curve Cryptography Algorithms", RFC 6090,
DOI 10.17487/RFC6090, February 2011, DOI 10.17487/RFC6090, February 2011,
<http://www.rfc-editor.org/info/rfc6090>. <http://www.rfc-editor.org/info/rfc6090>.
[RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for
Constrained-Node Networks", RFC 7228, Constrained-Node Networks", RFC 7228,
DOI 10.17487/RFC7228, May 2014, DOI 10.17487/RFC7228, May 2014,
<http://www.rfc-editor.org/info/rfc7228>. <http://www.rfc-editor.org/info/rfc7228>.
[RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
Kivinen, "Internet Key Exchange Protocol Version 2
(IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October
2014, <http://www.rfc-editor.org/info/rfc7296>.
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <http://www.rfc-editor.org/info/rfc7748>. 2016, <http://www.rfc-editor.org/info/rfc7748>.
[SECG] SECG, "Recommended Elliptic Curve Domain Parameters", SEC [SECG] SECG, "Recommended Elliptic Curve Domain Parameters", SEC
2 , 2000, <http://www.secg.org/>. 2 , 2000, <http://www.secg.org/>.
Appendix A. Password-based two-factor authentication during the HIP DEX Appendix A. Password-based two-factor authentication during the HIP DEX
handshake handshake
 End of changes. 23 change blocks. 
80 lines changed or deleted 96 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/