draft-ietf-hip-dex-17.txt   draft-ietf-hip-dex-18.txt 
HIP WG R. Moskowitz, Ed. HIP WG R. Moskowitz, Ed.
Internet-Draft HTT Consulting Internet-Draft HTT Consulting
Intended status: Standards Track R. Hummen Intended status: Standards Track R. Hummen
Expires: September 19, 2020 Hirschmann Automation and Control Expires: September 21, 2020 Hirschmann Automation and Control
M. Komu M. Komu
Ericsson Ericsson
March 18, 2020 March 20, 2020
HIP Diet EXchange (DEX) HIP Diet EXchange (DEX)
draft-ietf-hip-dex-17 draft-ietf-hip-dex-18
Abstract Abstract
This document specifies the Host Identity Protocol Diet EXchange (HIP This document specifies the Host Identity Protocol Diet EXchange (HIP
DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The
HIP DEX protocol design aims at reducing the overhead of the employed HIP DEX protocol design aims at reducing the overhead of the employed
cryptographic primitives by omitting public-key signatures and hash cryptographic primitives by omitting public-key signatures and hash
functions. functions.
The HIP DEX protocol is primarily designed for computation or memory- The HIP DEX protocol is primarily designed for computation or memory-
constrained sensor/actuator devices. Like HIPv2, it is expected to constrained sensor/actuator devices. Like HIPv2, it is expected to
be used together with a suitable security protocol such as the be used together with a suitable security protocol such as the
Encapsulated Security Payload (ESP) for the protection of upper layer Encapsulated Security Payload (ESP) for the protection of upper layer
protocol data. Unlike HIPv2, HIP DEX does not support Perfect protocol data. Unlike HIPv2, HIP DEX does not support Forward
Forward Secrecy (PFS), and MUST only be used on devices where PFS is Secrecy (FS), and MUST only be used on devices where FS is
prohibitively expensive. In addition, HIP DEX can also be used as a prohibitively expensive. In addition, HIP DEX can also be used as a
keying mechanism for security primitives at the MAC layer, e.g., for keying mechanism for security primitives at the MAC layer, e.g., for
IEEE 802.15.4 networks. IEEE 802.15.4 networks.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 19, 2020. This Internet-Draft will expire on September 21, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 23 skipping to change at page 3, line 23
6.6. Processing Incoming R1 Packets . . . . . . . . . . . . . 36 6.6. Processing Incoming R1 Packets . . . . . . . . . . . . . 36
6.7. Processing Incoming I2 Packets . . . . . . . . . . . . . 39 6.7. Processing Incoming I2 Packets . . . . . . . . . . . . . 39
6.8. Processing Incoming R2 Packets . . . . . . . . . . . . . 42 6.8. Processing Incoming R2 Packets . . . . . . . . . . . . . 42
6.9. Processing Incoming NOTIFY Packets . . . . . . . . . . . 43 6.9. Processing Incoming NOTIFY Packets . . . . . . . . . . . 43
6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets . . . . . 44 6.10. Processing UPDATE, CLOSE, and CLOSE_ACK Packets . . . . . 44
6.11. Handling State Loss . . . . . . . . . . . . . . . . . . . 44 6.11. Handling State Loss . . . . . . . . . . . . . . . . . . . 44
7. HIP Policies . . . . . . . . . . . . . . . . . . . . . . . . 44 7. HIP Policies . . . . . . . . . . . . . . . . . . . . . . . . 44
7.1. HIT/HI ACL . . . . . . . . . . . . . . . . . . . . . . . 45 7.1. HIT/HI ACL . . . . . . . . . . . . . . . . . . . . . . . 45
8. Interoperability between HIP DEX and HIPv2 . . . . . . . . . 45 8. Interoperability between HIP DEX and HIPv2 . . . . . . . . . 45
9. Security Considerations . . . . . . . . . . . . . . . . . . . 46 9. Security Considerations . . . . . . . . . . . . . . . . . . . 46
9.1. Need to Validate Public Keys . . . . . . . . . . . . . . 47 9.1. Need to Validate Public Keys . . . . . . . . . . . . . . 48
9.2. NULL-ENCRYPT ONLY for Testing/Debugging . . . . . . . . . 48 9.2. NULL-ENCRYPT ONLY for Testing/Debugging . . . . . . . . . 48
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 49 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 49
12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 49 12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 49
12.1. Changes in draft-ietf-hip-dex-16 . . . . . . . . . . . . 49 12.1. Changes in draft-ietf-hip-dex-17 . . . . . . . . . . . . 49
12.2. Changes in draft-ietf-hip-dex-15 . . . . . . . . . . . . 49 12.2. Changes in draft-ietf-hip-dex-16 . . . . . . . . . . . . 49
12.3. Changes in draft-ietf-hip-dex-14 . . . . . . . . . . . . 50 12.3. Changes in draft-ietf-hip-dex-15 . . . . . . . . . . . . 50
12.4. Changes in draft-ietf-hip-dex-12 and 13 . . . . . . . . 50 12.4. Changes in draft-ietf-hip-dex-14 . . . . . . . . . . . . 50
12.5. Changes in draft-ietf-hip-dex-11 and 12 . . . . . . . . 50 12.5. Changes in draft-ietf-hip-dex-12 and 13 . . . . . . . . 50
12.6. Changes in draft-ietf-hip-dex-11 . . . . . . . . . . . . 50 12.6. Changes in draft-ietf-hip-dex-11 and 12 . . . . . . . . 50
12.7. Changes in draft-ietf-hip-dex-10 . . . . . . . . . . . . 50 12.7. Changes in draft-ietf-hip-dex-11 . . . . . . . . . . . . 50
12.8. Changes in draft-ietf-hip-dex-09 . . . . . . . . . . . . 50 12.8. Changes in draft-ietf-hip-dex-10 . . . . . . . . . . . . 50
12.9. Changes in draft-ietf-hip-dex-05 . . . . . . . . . . . . 51 12.9. Changes in draft-ietf-hip-dex-09 . . . . . . . . . . . . 51
12.10. Changes in draft-ietf-hip-dex-04 . . . . . . . . . . . . 51 12.10. Changes in draft-ietf-hip-dex-05 . . . . . . . . . . . . 51
12.11. Changes in draft-ietf-hip-dex-03 . . . . . . . . . . . . 51 12.11. Changes in draft-ietf-hip-dex-04 . . . . . . . . . . . . 51
12.12. Changes in draft-ietf-hip-dex-02 . . . . . . . . . . . . 51 12.12. Changes in draft-ietf-hip-dex-03 . . . . . . . . . . . . 51
12.13. Changes in draft-ietf-hip-dex-01 . . . . . . . . . . . . 51 12.13. Changes in draft-ietf-hip-dex-02 . . . . . . . . . . . . 51
12.14. Changes in draft-ietf-hip-dex-00 . . . . . . . . . . . . 51 12.14. Changes in draft-ietf-hip-dex-01 . . . . . . . . . . . . 51
12.15. Changes in draft-moskowitz-hip-rg-dex-06 . . . . . . . . 51 12.15. Changes in draft-ietf-hip-dex-00 . . . . . . . . . . . . 52
12.16. Changes in draft-moskowitz-hip-dex-00 . . . . . . . . . 52 12.16. Changes in draft-moskowitz-hip-rg-dex-06 . . . . . . . . 52
12.17. Changes in draft-moskowitz-hip-dex-01 . . . . . . . . . 52 12.17. Changes in draft-moskowitz-hip-dex-00 . . . . . . . . . 52
12.18. Changes in draft-moskowitz-hip-dex-02 . . . . . . . . . 52 12.18. Changes in draft-moskowitz-hip-dex-01 . . . . . . . . . 52
12.19. Changes in draft-moskowitz-hip-dex-03 . . . . . . . . . 53 12.19. Changes in draft-moskowitz-hip-dex-02 . . . . . . . . . 53
12.20. Changes in draft-moskowitz-hip-dex-04 . . . . . . . . . 53 12.20. Changes in draft-moskowitz-hip-dex-03 . . . . . . . . . 53
12.21. Changes in draft-moskowitz-hip-dex-04 . . . . . . . . . 53
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 53 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 53
13.1. Normative References . . . . . . . . . . . . . . . . . . 53 13.1. Normative References . . . . . . . . . . . . . . . . . . 54
13.2. Informative References . . . . . . . . . . . . . . . . . 54 13.2. Informative References . . . . . . . . . . . . . . . . . 55
Appendix A. Password-based two-factor authentication during the Appendix A. Password-based two-factor authentication during the
HIP DEX handshake . . . . . . . . . . . . . . . . . 57 HIP DEX handshake . . . . . . . . . . . . . . . . . 57
Appendix B. IESG Considerations . . . . . . . . . . . . . . . . 57 Appendix B. IESG Considerations . . . . . . . . . . . . . . . . 57
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 59 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 59
1. Introduction 1. Introduction
This document specifies the Host Identity Protocol Diet EXchange (HIP This document specifies the Host Identity Protocol Diet EXchange (HIP
DEX). HIP DEX builds on the Base EXchange (BEX) of the Host Identity DEX). HIP DEX builds on the Base EXchange (BEX) of the Host Identity
Protocol Version 2 (HIPv2) [RFC7401]. HIP DEX preserves the protocol Protocol Version 2 (HIPv2) [RFC7401]. HIP DEX preserves the protocol
skipping to change at page 4, line 36 skipping to change at page 4, line 38
* HIP DEX uses AES-CTR for symmetric-key encryption and AES-CMAC * HIP DEX uses AES-CTR for symmetric-key encryption and AES-CMAC
as its MACing function. In contrast, HIPv2 currently supports as its MACing function. In contrast, HIPv2 currently supports
AES-CBC for encryption and HMAC-SHA-1, HMAC-SHA-256, or HMAC- AES-CBC for encryption and HMAC-SHA-1, HMAC-SHA-256, or HMAC-
SHA-384 for MACing. SHA-384 for MACing.
* HIP DEX defines a simple fold function to efficiently generate * HIP DEX defines a simple fold function to efficiently generate
HITs, whereas the HIT generation of HIPv2 is based on SHA-1, HITs, whereas the HIT generation of HIPv2 is based on SHA-1,
SHA-256, or SHA-384. SHA-256, or SHA-384.
2. HIP DEX forfeits the HIPv2 Perfect Forward Secrecy property of 2. HIP DEX forfeits the HIPv2 Forward Secrecy property of HIPv2 due
HIPv2 due to the removal of the ephemeral Diffie-Hellman key to the removal of the ephemeral Diffie-Hellman key agreement. As
agreement. As this weakens the security properties of HIP DEX, this weakens the security properties of HIP DEX, it MUST be used
it MUST be used only with constrained devices where this is only with constrained devices where this is prohibitively
prohibitively expensive as further explained in Section 1.2. expensive as further explained in Section 1.2.
3. HIP DEX forfeits the use of digital signatures with the removal 3. HIP DEX forfeits the use of digital signatures with the removal
of a hash function. Peer authentication with HIP DEX, therefore, of a hash function. Peer authentication with HIP DEX, therefore,
is based on the use of the ECDH derived key in the HIP_MAC is based on the use of the ECDH derived key in the HIP_MAC
parameter. parameter.
4. With HIP DEX, the ECDH derived key is only used to protect HIP 4. With HIP DEX, the ECDH derived key is only used to protect HIP
packets. Separate session key(s) are used to protect the packets. Separate session key(s) are used to protect the
transmission of upper layer protocol data. These session key(s) transmission of upper layer protocol data. These session key(s)
are established via a new secret exchange during the handshake. are established via a new secret exchange during the handshake.
skipping to change at page 33, line 19 skipping to change at page 33, line 19
parameter parameter
IKM Input keying material IKM Input keying material
the Diffie-Hellman derived key, concatenated with the the Diffie-Hellman derived key, concatenated with the
random I_NONCE value for the Master Key SA random I_NONCE value for the Master Key SA
the Diffie-Hellman derived key, concatenated with the the Diffie-Hellman derived key, concatenated with the
random values of the ENCRYPTED_KEY parameters in random values of the ENCRYPTED_KEY parameters in
the same order as the HITs with sort(HIT-I | HIT-R) the same order as the HITs with sort(HIT-I | HIT-R)
for the Pair-wise Key SA for the Pair-wise Key SA
info sort(HIT-I | HIT-R) | "CKDF-Extract" info sort(HIT-I | HIT-R) | "CKDF-Extract"
where "CKDF-Extract" is an octet string Where the input text: "CKDF-Extract"
Is the hex string: 0x434b44462d45787472616374
Output: Output:
PRK a pseudorandom key (of RHASH_len/8 octets) PRK a pseudorandom key (of RHASH_len/8 octets)
The pseudorandom key PRK is calculated as follows: The pseudorandom key PRK is calculated as follows:
PRK = CMAC(I, IKM | info) PRK = CMAC(I, IKM | info)
The CKDF-Expand function is the following operation: The CKDF-Expand function is the following operation:
CKDF-Expand(PRK, info, L) -> OKM CKDF-Expand(PRK, info, L) -> OKM
Inputs: Inputs:
PRK a pseudorandom key of at least RHASH_len/8 octets PRK a pseudorandom key of at least RHASH_len/8 octets
(either the output from the extract step or the (either the output from the extract step or the
concatenation of the random values of the concatenation of the random values of the
ENCRYPTED_KEY parameters in the same order as the ENCRYPTED_KEY parameters in the same order as the
HITs with sort(HIT-I | HIT-R) in case of no extract) HITs with sort(HIT-I | HIT-R) in case of no extract)
info sort(HIT-I | HIT-R) | "CKDF-Expand" info sort(HIT-I | HIT-R) | "CKDF-Expand"
where "CKDF-Expand" is an octet string Where the input text: "CKDF-Expand"
Is the hex string: 0x434b44462d457870616e64
L length of output keying material in octets L length of output keying material in octets
(<= 255*RHASH_len/8) (<= 255*RHASH_len/8)
Output: Output:
OKM output keying material (of L octets) OKM output keying material (of L octets)
The output keying material OKM is calculated as follows: The output keying material OKM is calculated as follows:
N = ceil(L/(RHASH_len/8)) N = ceil(L/(RHASH_len/8))
T = T(1) | T(2) | T(3) | ... | T(N) T = T(1) | T(2) | T(3) | ... | T(N)
skipping to change at page 46, line 37 skipping to change at page 46, line 39
As a result, the following additional security considerations apply As a result, the following additional security considerations apply
to HIP DEX: to HIP DEX:
o The strength of the keys for both the Master and Pair-wise Key SAs o The strength of the keys for both the Master and Pair-wise Key SAs
is based on the quality of the random keying material generated by is based on the quality of the random keying material generated by
the Initiator and the Responder. As either peer may be a sensor the Initiator and the Responder. As either peer may be a sensor
or an actuator device, there is a natural concern about the or an actuator device, there is a natural concern about the
quality of its random number generator. Thus at least a CSPRNG quality of its random number generator. Thus at least a CSPRNG
SHOULD be used. SHOULD be used.
o HIP DEX lacks the Perfect Forward Secrecy (PFS) property of HIPv2. o HIP DEX lacks the Forward Secrecy (FS) property of HIPv2.
Consequently, if an HI is compromised, all previous HIP Consequently, if an HI is compromised, all previous HIP
connections protected with that HI are compromised as explained in connections protected with that HI are compromised as explained in
Section 1. Section 1.
o The HIP DEX HIT generation may present new attack opportunities. o The HIP DEX HIT generation may present new attack opportunities.
Hence, HIP DEX HITs MUST NOT be used as the only means to identify Hence, HIP DEX HITs MUST NOT be used as the only means to identify
a peer in an ACL. Instead, the use of the peer's HI is a peer in an ACL. Instead, the use of the peer's HI is
recommended as explained in Section 3. recommended as explained in Section 3.
o The R1 packet is unauthenticated and offers an adversary a new o The R1 packet is unauthenticated and offers an adversary a new
skipping to change at page 49, line 34 skipping to change at page 49, line 42
12. Changelog 12. Changelog
This section summarizes the changes made from draft-moskowitz-hip-rg- This section summarizes the changes made from draft-moskowitz-hip-rg-
dex-05, which was the first stable version of the draft. Note that dex-05, which was the first stable version of the draft. Note that
the draft was renamed after draft-moskowitz-hip-rg-dex-06. the draft was renamed after draft-moskowitz-hip-rg-dex-06.
The draft was then renamed from draft-moskowitz-hip-dex to draft- The draft was then renamed from draft-moskowitz-hip-dex to draft-
ietf-hip-dex. ietf-hip-dex.
12.1. Changes in draft-ietf-hip-dex-16 12.1. Changes in draft-ietf-hip-dex-17
o Added hex values for strings CKDF-Extract and CKDF-Expand.
o Replace Perfect Forward Secrecy with Forward Secrecy.
12.2. Changes in draft-ietf-hip-dex-16
o Remove old placeholder text. o Remove old placeholder text.
o Remove SECP160R1. Experience has shown EC25519 performance equal o Remove SECP160R1. Experience has shown EC25519 performance equal
enough to not need it. enough to not need it.
12.2. Changes in draft-ietf-hip-dex-15 12.3. Changes in draft-ietf-hip-dex-15
o Added Public Key validation in I2 and R2 processing. o Added Public Key validation in I2 and R2 processing.
o Added ACL processing (Section 7.1). o Added ACL processing (Section 7.1).
o Added IANA instructions for DH_GROUP_LIST. o Added IANA instructions for DH_GROUP_LIST.
12.3. Changes in draft-ietf-hip-dex-14 12.4. Changes in draft-ietf-hip-dex-14
o Changes to (Section 5.4) per Jeff Ahrenholz for Suresh Krishnan o Changes to (Section 5.4) per Jeff Ahrenholz for Suresh Krishnan
comment comment
12.4. Changes in draft-ietf-hip-dex-12 and 13 12.5. Changes in draft-ietf-hip-dex-12 and 13
o Nits from Jeff Ahrenholz (including some formatting issues) o Nits from Jeff Ahrenholz (including some formatting issues)
12.5. Changes in draft-ietf-hip-dex-11 and 12 12.6. Changes in draft-ietf-hip-dex-11 and 12
o Included more precise references to the IANA subregistries o Included more precise references to the IANA subregistries
o Addressed GEN-ART feedback from Francis Dupont o Addressed GEN-ART feedback from Francis Dupont
o Added reasoning for PFS in a separate section, and it is mentioned o Added reasoning for FS in a separate section, and it is mentioned
also in the abstract and intro. also in the abstract and intro.
o Donald Eastlake's (secdir) nits addressed o Donald Eastlake's (secdir) nits addressed
o Resolved IANA nits from Amanda Baber. o Resolved IANA nits from Amanda Baber.
o New sections: "Why introduce folding" (Section 3.2.1), "SECP160R1 o New sections: "Why introduce folding" (Section 3.2.1), "SECP160R1
Considered Unsafe" (removed in ver 16), "Need to Validate Public Considered Unsafe" (removed in ver 16), "Need to Validate Public
Keys" (Section 9.1), and "I_NONCE" (Section 5.2.6) to address Eric Keys" (Section 9.1), and "I_NONCE" (Section 5.2.6) to address Eric
Rescorla's concerns. Rescorla's concerns.
12.6. Changes in draft-ietf-hip-dex-11 12.7. Changes in draft-ietf-hip-dex-11
o Update IANA considerations as requested by Eric Envyncke o Update IANA considerations as requested by Eric Envyncke
12.7. Changes in draft-ietf-hip-dex-10 12.8. Changes in draft-ietf-hip-dex-10
o Explanations on why the document includes so many SHOULDs o Explanations on why the document includes so many SHOULDs
12.8. Changes in draft-ietf-hip-dex-09 12.9. Changes in draft-ietf-hip-dex-09
o Fixed values for o Fixed values for
* DH_GROUP_LIST * DH_GROUP_LIST
* HIT_SUITE_LIST * HIT_SUITE_LIST
to match [RFC7401]. to match [RFC7401].
12.9. Changes in draft-ietf-hip-dex-05 12.10. Changes in draft-ietf-hip-dex-05
o Clarified main differences between HIP BEX and HIP DEX in o Clarified main differences between HIP BEX and HIP DEX in
Section 1. Section 1.
o Addressed MitM attack in Section 8. o Addressed MitM attack in Section 8.
o Minor editorial changes. o Minor editorial changes.
12.10. Changes in draft-ietf-hip-dex-04 12.11. Changes in draft-ietf-hip-dex-04
o Added new paragraph on rekeying procedure with HIP DEX. o Added new paragraph on rekeying procedure with HIP DEX.
o Updated references. o Updated references.
o Editorial changes. o Editorial changes.
12.11. Changes in draft-ietf-hip-dex-03 12.12. Changes in draft-ietf-hip-dex-03
o Added new section on HIP DEX/HIPv2 interoperability o Added new section on HIP DEX/HIPv2 interoperability
o Added reference to RFC4493 for CMAC. o Added reference to RFC4493 for CMAC.
o Added reference to RFC5869 for CKDF. o Added reference to RFC5869 for CKDF.
o Added processing of NOTIFY message in I2-SENT of state diagram. o Added processing of NOTIFY message in I2-SENT of state diagram.
o Editorial changes. o Editorial changes.
12.12. Changes in draft-ietf-hip-dex-02 12.13. Changes in draft-ietf-hip-dex-02
o Author address change. o Author address change.
12.13. Changes in draft-ietf-hip-dex-01 12.14. Changes in draft-ietf-hip-dex-01
o Added the new ECDH groups of Curve25519 and Curve448 from RFC o Added the new ECDH groups of Curve25519 and Curve448 from RFC
7748. 7748.
12.14. Changes in draft-ietf-hip-dex-00 12.15. Changes in draft-ietf-hip-dex-00
o The Internet Draft was adopted by the HIP WG. o The Internet Draft was adopted by the HIP WG.
12.15. Changes in draft-moskowitz-hip-rg-dex-06 12.16. Changes in draft-moskowitz-hip-rg-dex-06
o A major change in the ENCRYPT parameter to use AES-CTR rather than o A major change in the ENCRYPT parameter to use AES-CTR rather than
AES-CBC. AES-CBC.
12.16. Changes in draft-moskowitz-hip-dex-00 12.17. Changes in draft-moskowitz-hip-dex-00
o Draft name change. HIPRG ended in IRTF, HIP DEX is now individual o Draft name change. HIPRG ended in IRTF, HIP DEX is now individual
submission. submission.
o Added the change section. o Added the change section.
o Added a Definitions section. o Added a Definitions section.
o Changed I2 and R2 packets to reflect use of AES-CTR for o Changed I2 and R2 packets to reflect use of AES-CTR for
ENCRYPTED_KEY parameter. ENCRYPTED_KEY parameter.
o Cleaned up KEYMAT Generation text. o Cleaned up KEYMAT Generation text.
o Added Appendix with C code for the ECDH shared secret generation o Added Appendix with C code for the ECDH shared secret generation
on an 8 bit processor. on an 8 bit processor.
12.17. Changes in draft-moskowitz-hip-dex-01 12.18. Changes in draft-moskowitz-hip-dex-01
o Numerous editorial changes. o Numerous editorial changes.
o New retransmission strategy. o New retransmission strategy.
o New HIT generation mechanism. o New HIT generation mechanism.
o Modified layout of ENCRYPTED_KEY parameter. o Modified layout of ENCRYPTED_KEY parameter.
o Clarify use puzzle difficulty of zero under normal network o Clarify use puzzle difficulty of zero under normal network
skipping to change at page 52, line 46 skipping to change at page 53, line 7
MUST). MUST).
o Align inclusion of TRANSPORT_FORMAT_LIST with HIPv2 (added to R1 o Align inclusion of TRANSPORT_FORMAT_LIST with HIPv2 (added to R1
and I2). and I2).
o HIP_CIPHER, HIT_SUITE_LIST, and TRANSPORT_FORMAT_LIST must now be o HIP_CIPHER, HIT_SUITE_LIST, and TRANSPORT_FORMAT_LIST must now be
echoed in R2 packet. echoed in R2 packet.
o Added new author. o Added new author.
12.18. Changes in draft-moskowitz-hip-dex-02 12.19. Changes in draft-moskowitz-hip-dex-02
o Introduced formal definition of FOLD function. o Introduced formal definition of FOLD function.
o Clarified use of CMAC for puzzle computation in section "Solving o Clarified use of CMAC for puzzle computation in section "Solving
the Puzzle". the Puzzle".
o Several editorial changes. o Several editorial changes.
12.19. Changes in draft-moskowitz-hip-dex-03 12.20. Changes in draft-moskowitz-hip-dex-03
o Addressed HI crypto agility. o Addressed HI crypto agility.
o Clarified purpose of secret exchanged via ENCRYPTED_KEY parameter. o Clarified purpose of secret exchanged via ENCRYPTED_KEY parameter.
o Extended the IV in the ENCRYPTED_KEY parameter. o Extended the IV in the ENCRYPTED_KEY parameter.
o Introduced forward-references to HIP DEX KEYMAT process and o Introduced forward-references to HIP DEX KEYMAT process and
improved KEYMAT section. improved KEYMAT section.
o Replaced Appendix A on "C code for ECC point multiplication" with o Replaced Appendix A on "C code for ECC point multiplication" with
short discussion in introduction. short discussion in introduction.
o Updated references. o Updated references.
o Further editorial changes. o Further editorial changes.
12.20. Changes in draft-moskowitz-hip-dex-04 12.21. Changes in draft-moskowitz-hip-dex-04
o Improved retransmission extension. o Improved retransmission extension.
o Updated and strongly revised packet processing rules. o Updated and strongly revised packet processing rules.
o Updated security considerations. o Updated security considerations.
o Updated IANA considerations. o Updated IANA considerations.
o Move the HI Algorithm for ECDH to a value of 11. o Move the HI Algorithm for ECDH to a value of 11.
 End of changes. 33 change blocks. 
58 lines changed or deleted 68 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/