draft-ietf-hip-dex-08.txt   draft-ietf-hip-dex-09.txt 
HIP WG R. Moskowitz, Ed. HIP WG R. Moskowitz, Ed.
Internet-Draft HTT Consulting Internet-Draft HTT Consulting
Intended status: Standards Track R. Hummen Intended status: Standards Track R. Hummen
Expires: December 26, 2019 Hirschmann Automation and Control Expires: March 28, 2020 Hirschmann Automation and Control
M. Komu M. Komu
Ericsson Ericsson
June 24, 2019 September 25, 2019
HIP Diet EXchange (DEX) HIP Diet EXchange (DEX)
draft-ietf-hip-dex-08 draft-ietf-hip-dex-09
Abstract Abstract
This document specifies the Host Identity Protocol Diet EXchange (HIP This document specifies the Host Identity Protocol Diet EXchange (HIP
DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The
HIP DEX protocol design aims at reducing the overhead of the employed HIP DEX protocol design aims at reducing the overhead of the employed
cryptographic primitives by omitting public-key signatures and hash cryptographic primitives by omitting public-key signatures and hash
functions. functions.
The HIP DEX protocol is primarily designed for computation or memory- The HIP DEX protocol is primarily designed for computation or memory-
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 26, 2019. This Internet-Draft will expire on March 28, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 22 skipping to change at page 3, line 22
6.8. Processing Incoming R2 Packets . . . . . . . . . . . . . 38 6.8. Processing Incoming R2 Packets . . . . . . . . . . . . . 38
6.9. Processing Incoming NOTIFY Packets . . . . . . . . . . . 39 6.9. Processing Incoming NOTIFY Packets . . . . . . . . . . . 39
6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets . . . . . 40 6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets . . . . . 40
6.11. Handling State Loss . . . . . . . . . . . . . . . . . . . 40 6.11. Handling State Loss . . . . . . . . . . . . . . . . . . . 40
7. HIP Policies . . . . . . . . . . . . . . . . . . . . . . . . 40 7. HIP Policies . . . . . . . . . . . . . . . . . . . . . . . . 40
8. Interoperability between HIP DEX and HIPv2 . . . . . . . . . 41 8. Interoperability between HIP DEX and HIPv2 . . . . . . . . . 41
9. Security Considerations . . . . . . . . . . . . . . . . . . . 41 9. Security Considerations . . . . . . . . . . . . . . . . . . . 41
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43
12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 44 12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 44
12.1. Changes in draft-ietf-hip-dex-05 . . . . . . . . . . . . 44 12.1. Changes in draft-ietf-hip-dex-09 . . . . . . . . . . . . 44
12.2. Changes in draft-ietf-hip-dex-04 . . . . . . . . . . . . 44 12.2. Changes in draft-ietf-hip-dex-05 . . . . . . . . . . . . 44
12.3. Changes in draft-ietf-hip-dex-03 . . . . . . . . . . . . 44 12.3. Changes in draft-ietf-hip-dex-04 . . . . . . . . . . . . 44
12.4. Changes in draft-ietf-hip-dex-02 . . . . . . . . . . . . 44 12.4. Changes in draft-ietf-hip-dex-03 . . . . . . . . . . . . 44
12.5. Changes in draft-ietf-hip-dex-01 . . . . . . . . . . . . 44 12.5. Changes in draft-ietf-hip-dex-02 . . . . . . . . . . . . 45
12.6. Changes in draft-ietf-hip-dex-00 . . . . . . . . . . . . 45 12.6. Changes in draft-ietf-hip-dex-01 . . . . . . . . . . . . 45
12.7. Changes in draft-moskowitz-hip-rg-dex-06 . . . . . . . . 45 12.7. Changes in draft-ietf-hip-dex-00 . . . . . . . . . . . . 45
12.8. Changes in draft-moskowitz-hip-dex-00 . . . . . . . . . 45 12.8. Changes in draft-moskowitz-hip-rg-dex-06 . . . . . . . . 45
12.9. Changes in draft-moskowitz-hip-dex-01 . . . . . . . . . 45 12.9. Changes in draft-moskowitz-hip-dex-00 . . . . . . . . . 45
12.10. Changes in draft-moskowitz-hip-dex-02 . . . . . . . . . 46 12.10. Changes in draft-moskowitz-hip-dex-01 . . . . . . . . . 45
12.11. Changes in draft-moskowitz-hip-dex-03 . . . . . . . . . 46 12.11. Changes in draft-moskowitz-hip-dex-02 . . . . . . . . . 46
12.12. Changes in draft-moskowitz-hip-dex-04 . . . . . . . . . 46 12.12. Changes in draft-moskowitz-hip-dex-03 . . . . . . . . . 46
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 46 12.13. Changes in draft-moskowitz-hip-dex-04 . . . . . . . . . 46
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 47
13.1. Normative References . . . . . . . . . . . . . . . . . . 47 13.1. Normative References . . . . . . . . . . . . . . . . . . 47
13.2. Informative References . . . . . . . . . . . . . . . . . 48 13.2. Informative References . . . . . . . . . . . . . . . . . 48
Appendix A. Password-based two-factor authentication during the Appendix A. Password-based two-factor authentication during the
HIP DEX handshake . . . . . . . . . . . . . . . . . 50 HIP DEX handshake . . . . . . . . . . . . . . . . . 50
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 50 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 50
1. Introduction 1. Introduction
This document specifies the Host Identity Protocol Diet EXchange (HIP This document specifies the Host Identity Protocol Diet EXchange (HIP
DEX). HIP DEX builds on the Base EXchange (BEX) of the Host Identity DEX). HIP DEX builds on the Base EXchange (BEX) of the Host Identity
skipping to change at page 18, line 26 skipping to change at page 18, line 26
The DH_GROUP_LIST parameter contains the list of supported DH Group The DH_GROUP_LIST parameter contains the list of supported DH Group
IDs of a host. It is defined in Section 5.2.6 of [RFC7401]. With IDs of a host. It is defined in Section 5.2.6 of [RFC7401]. With
HIP DEX, the DH Group IDs are restricted to: HIP DEX, the DH Group IDs are restricted to:
Group KDF Value Group KDF Value
NIST P-256 [RFC5903] CKDF 7 NIST P-256 [RFC5903] CKDF 7
NIST P-384 [RFC5903] CKDF 8 NIST P-384 [RFC5903] CKDF 8
NIST P-521 [RFC5903] CKDF 9 NIST P-521 [RFC5903] CKDF 9
SECP160R1 [SECG] CKDF 10 SECP160R1 [SECG] CKDF 10
Curve25519 [RFC7748] CKDF 11 Curve25519 [RFC7748] CKDF 12
Curve448 [RFC7748] CKDF 12 Curve448 [RFC7748] CKDF 13
The ECDH groups with values 7 - 9 are defined in [RFC5903] and The ECDH groups with values 7 - 9 are defined in [RFC5903] and
[RFC6090]. ECDH group 10 is covered in [SECG] and Appendix D of [RFC6090]. ECDH group 10 is covered in [SECG] and Appendix D of
[RFC7401]. These curves, when used with HIP MUST have a co-factor of [RFC7401]. These curves, when used with HIP MUST have a co-factor of
1. 1.
The ECDH groups with values 11 and 12 are defined in [RFC7748]. The ECDH groups with values 12 and 13 are defined in [RFC7748].
These curves have cofactors of 8 and 4 (respectively). These curves have cofactors of 8 and 4 (respectively).
5.2.2. HIP_CIPHER 5.2.2. HIP_CIPHER
The HIP_CIPHER parameter contains the list of supported cipher The HIP_CIPHER parameter contains the list of supported cipher
algorithms to be used for encrypting the contents of the ENCRYPTED algorithms to be used for encrypting the contents of the ENCRYPTED
and ENCRYPTED_KEY parameters. The HIP_CIPHER parameter is defined in and ENCRYPTED_KEY parameters. The HIP_CIPHER parameter is defined in
Section 5.2.8 of [RFC7401]. With HIP DEX, the Suite IDs are limited Section 5.2.8 of [RFC7401]. With HIP DEX, the Suite IDs are limited
to: to:
skipping to change at page 19, line 41 skipping to change at page 19, line 41
the Responder. The HIT_SUITE_LIST parameter is defined in the Responder. The HIT_SUITE_LIST parameter is defined in
Section 5.2.10 of [RFC7401]. Section 5.2.10 of [RFC7401].
The following new HIT Suite ID is defined for HIP DEX, and the The following new HIT Suite ID is defined for HIP DEX, and the
relationship between the four-bit ID value used in the OGA ID field relationship between the four-bit ID value used in the OGA ID field
and the eight-bit encoding within the HIT_SUITE_LIST ID field is and the eight-bit encoding within the HIT_SUITE_LIST ID field is
clarified: clarified:
HIT Suite Four-bit ID Eight-bit encoding HIT Suite Four-bit ID Eight-bit encoding
ECDH/FOLD 8 0x80 ECDH/FOLD 4 0x40
Note that the dedicated HIP DEX HIT Suite ID in the OGA ID field Note that the dedicated HIP DEX HIT Suite ID in the OGA ID field
allows the peers to distinguish a HIP DEX handshake from a HIPv2 allows the peers to distinguish a HIP DEX handshake from a HIPv2
handshake. The Responder MUST respond with a HIP DEX HIT suite ID handshake. The Responder MUST respond with a HIP DEX HIT suite ID
when the HIT of the Initiator is a HIP DEX HIT. when the HIT of the Initiator is a HIP DEX HIT.
5.2.5. ENCRYPTED_KEY 5.2.5. ENCRYPTED_KEY
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 44, line 14 skipping to change at page 44, line 14
12. Changelog 12. Changelog
This section summarizes the changes made from draft-moskowitz-hip-rg- This section summarizes the changes made from draft-moskowitz-hip-rg-
dex-05, which was the first stable version of the draft. Note that dex-05, which was the first stable version of the draft. Note that
the draft was renamed after draft-moskowitz-hip-rg-dex-06. the draft was renamed after draft-moskowitz-hip-rg-dex-06.
The draft was then renamed from draft-moskowitz-hip-dex to draft- The draft was then renamed from draft-moskowitz-hip-dex to draft-
ietf-hip-dex. ietf-hip-dex.
12.1. Changes in draft-ietf-hip-dex-05 12.1. Changes in draft-ietf-hip-dex-09
o Fixed values for
* DH_GROUP_LIST
* HIT_SUITE_LIST
to match [RFC7401].
12.2. Changes in draft-ietf-hip-dex-05
o Clarified main differences between HIP BEX and HIP DEX in o Clarified main differences between HIP BEX and HIP DEX in
Section 1. Section 1.
o Addressed MitM attack in Section 8. o Addressed MitM attack in Section 8.
o Minor editorial changes. o Minor editorial changes.
12.2. Changes in draft-ietf-hip-dex-04 12.3. Changes in draft-ietf-hip-dex-04
o Added new paragraph on rekeying procedure with HIP DEX. o Added new paragraph on rekeying procedure with HIP DEX.
o Updated references. o Updated references.
o Editorial changes. o Editorial changes.
12.3. Changes in draft-ietf-hip-dex-03 12.4. Changes in draft-ietf-hip-dex-03
o Added new section on HIP DEX/HIPv2 interoperability o Added new section on HIP DEX/HIPv2 interoperability
o Added reference to RFC4493 for CMAC. o Added reference to RFC4493 for CMAC.
o Added reference to RFC5869 for CKDF. o Added reference to RFC5869 for CKDF.
o Added processing of NOTIFY message in I2-SENT of state diagram. o Added processing of NOTIFY message in I2-SENT of state diagram.
o Editorial changes. o Editorial changes.
12.4. Changes in draft-ietf-hip-dex-02 12.5. Changes in draft-ietf-hip-dex-02
o Author address change. o Author address change.
12.5. Changes in draft-ietf-hip-dex-01 12.6. Changes in draft-ietf-hip-dex-01
o Added the new ECDH groups of Curve25519 and Curve448 from RFC o Added the new ECDH groups of Curve25519 and Curve448 from RFC
7748. 7748.
12.6. Changes in draft-ietf-hip-dex-00 12.7. Changes in draft-ietf-hip-dex-00
o The Internet Draft was adopted by the HIP WG. o The Internet Draft was adopted by the HIP WG.
12.7. Changes in draft-moskowitz-hip-rg-dex-06 12.8. Changes in draft-moskowitz-hip-rg-dex-06
o A major change in the ENCRYPT parameter to use AES-CTR rather than o A major change in the ENCRYPT parameter to use AES-CTR rather than
AES-CBC. AES-CBC.
12.8. Changes in draft-moskowitz-hip-dex-00 12.9. Changes in draft-moskowitz-hip-dex-00
o Draft name change. HIPRG ended in IRTF, HIP DEX is now individual o Draft name change. HIPRG ended in IRTF, HIP DEX is now individual
submission. submission.
o Added the change section. o Added the change section.
o Added a Definitions section. o Added a Definitions section.
o Changed I2 and R2 packets to reflect use of AES-CTR for o Changed I2 and R2 packets to reflect use of AES-CTR for
ENCRYPTED_KEY parameter. ENCRYPTED_KEY parameter.
o Cleaned up KEYMAT Generation text. o Cleaned up KEYMAT Generation text.
o Added Appendix with C code for the ECDH shared secret generation o Added Appendix with C code for the ECDH shared secret generation
on an 8 bit processor. on an 8 bit processor.
12.9. Changes in draft-moskowitz-hip-dex-01 12.10. Changes in draft-moskowitz-hip-dex-01
o Numerous editorial changes. o Numerous editorial changes.
o New retransmission strategy. o New retransmission strategy.
o New HIT generation mechanism. o New HIT generation mechanism.
o Modified layout of ENCRYPTED_KEY parameter. o Modified layout of ENCRYPTED_KEY parameter.
o Clarify to use puzzle difficulty of zero under normal network o Clarify to use puzzle difficulty of zero under normal network
skipping to change at page 46, line 7 skipping to change at page 46, line 16
MUST). MUST).
o Align inclusion of TRANSPORT_FORMAT_LIST with HIPv2 (added to R1 o Align inclusion of TRANSPORT_FORMAT_LIST with HIPv2 (added to R1
and I2). and I2).
o HIP_CIPHER, HIT_SUITE_LIST, and TRANSPORT_FORMAT_LIST must now be o HIP_CIPHER, HIT_SUITE_LIST, and TRANSPORT_FORMAT_LIST must now be
echoed in R2 packet. echoed in R2 packet.
o Added new author. o Added new author.
12.10. Changes in draft-moskowitz-hip-dex-02 12.11. Changes in draft-moskowitz-hip-dex-02
o Introduced formal definition of FOLD function. o Introduced formal definition of FOLD function.
o Clarified use of CMAC for puzzle computation in section "Solving o Clarified use of CMAC for puzzle computation in section "Solving
the Puzzle". the Puzzle".
o Several editorial changes. o Several editorial changes.
12.11. Changes in draft-moskowitz-hip-dex-03 12.12. Changes in draft-moskowitz-hip-dex-03
o Addressed HI crypto agility. o Addressed HI crypto agility.
o Clarified purpose of secret exchanged via ENCRYPTED_KEY parameter. o Clarified purpose of secret exchanged via ENCRYPTED_KEY parameter.
o Extended the IV in the ENCRYPTED_KEY parameter. o Extended the IV in the ENCRYPTED_KEY parameter.
o Introduced forward-references to HIP DEX KEYMAT process and o Introduced forward-references to HIP DEX KEYMAT process and
improved KEYMAT section. improved KEYMAT section.
o Replaced Appendix A on "C code for ECC point multiplication" with o Replaced Appendix A on "C code for ECC point multiplication" with
short discussion in introduction. short discussion in introduction.
o Updated references. o Updated references.
o Further editorial changes. o Further editorial changes.
12.12. Changes in draft-moskowitz-hip-dex-04 12.13. Changes in draft-moskowitz-hip-dex-04
o Improved retransmission extension. o Improved retransmission extension.
o Updated and strongly revised packet processing rules. o Updated and strongly revised packet processing rules.
o Updated security considerations. o Updated security considerations.
o Updated IANA considerations. o Updated IANA considerations.
o Move the HI Algorithm for ECDH to a value of 11. o Move the HI Algorithm for ECDH to a value of 11.
skipping to change at page 48, line 22 skipping to change at page 48, line 26
Wehrle, "Tailoring End-to-End IP Security Protocols to the Wehrle, "Tailoring End-to-End IP Security Protocols to the
Internet of Things", in Proceedings of IEEE International Internet of Things", in Proceedings of IEEE International
Conference on Network Protocols (ICNP 2013), October 2013. Conference on Network Protocols (ICNP 2013), October 2013.
[I-D.ietf-hip-rfc4423-bis] [I-D.ietf-hip-rfc4423-bis]
Moskowitz, R. and M. Komu, "Host Identity Protocol Moskowitz, R. and M. Komu, "Host Identity Protocol
Architecture", draft-ietf-hip-rfc4423-bis-20 (work in Architecture", draft-ietf-hip-rfc4423-bis-20 (work in
progress), February 2019. progress), February 2019.
[IEEE.802-11.2007] [IEEE.802-11.2007]
"Information technology - Telecommunications and Engineers, I. O. E. A. E., "Information technology -
information exchange between systems - Local and Telecommunications and information exchange between
metropolitan area networks - Specific requirements - Part systems - Local and metropolitan area networks - Specific
11: Wireless LAN Medium Access Control (MAC) and Physical requirements - Part 11: Wireless LAN Medium Access Control
Layer (PHY) Specifications", IEEE Standard 802.11, June (MAC) and Physical Layer (PHY) Specifications",
2007, <http://standards.ieee.org/getieee802/ IEEE Standard 802.11, June 2007,
<http://standards.ieee.org/getieee802/
download/802.11-2007.pdf>. download/802.11-2007.pdf>.
[IEEE.802-15-4.2011] [IEEE.802-15-4.2011]
"Information technology - Telecommunications and Engineers, I. O. E. A. E., "Information technology -
information exchange between systems - Local and Telecommunications and information exchange between
metropolitan area networks - Specific requirements - Part systems - Local and metropolitan area networks - Specific
15.4: Wireless Medium Access Control (MAC) and Physical requirements - Part 15.4: Wireless Medium Access Control
Layer (PHY) Specifications for Low-Rate Wireless Personal (MAC) and Physical Layer (PHY) Specifications for Low-Rate
Area Networks (WPANs)", IEEE Standard 802.15.4, September Wireless Personal Area Networks (WPANs)", IEEE Standard
2011, <http://standards.ieee.org/getieee802/ 802.15.4, September 2011,
<http://standards.ieee.org/getieee802/
download/802.15.4-2011.pdf>. download/802.15.4-2011.pdf>.
[LN08] Liu, A. and H. Ning, "TinyECC: A Configurable Library for [LN08] Liu, A. and H. Ning, "TinyECC: A Configurable Library for
Elliptic Curve Cryptography in Wireless Sensor Networks", Elliptic Curve Cryptography in Wireless Sensor Networks",
in Proceedings of International Conference on Information in Proceedings of International Conference on Information
Processing in Sensor Networks (IPSN 2008), April 2008. Processing in Sensor Networks (IPSN 2008), April 2008.
[RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The [RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The
AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June
2006, <https://www.rfc-editor.org/info/rfc4493>. 2006, <https://www.rfc-editor.org/info/rfc4493>.
 End of changes. 22 change blocks. 
46 lines changed or deleted 59 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/