Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 HIP 5201-bis Update Robert Moskowitz Verizon Telcom and Business Tobias Heer RWTH Aachen University March 31, 2011

Published byErik Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "1 HIP 5201-bis Update Robert Moskowitz Verizon Telcom and Business Tobias Heer RWTH Aachen University March 31, 2011"— Presentation transcript:

1 1 HIP 5201-bis Update Robert Moskowitz Verizon Telcom and Business Tobias Heer RWTH Aachen University March 31, 2011 rgm@labs.htt-consult.com heer@cs.rwth-aachen.de

2 2 Purpose of this presentation An update on HIP BEX, rfc5201-bis progress – Crypto Agility – General Changes – Editorial Changes – What's Left

3 3 Crypto Agility Crypto Agility for signature algorithms Crypto Agility for hash functions Real Crypto Agility for DH (not just “pick one from two”) This also includes: – HIT, RHASH, HMAC ECC and SHA-X for HIP

4 4 General Changes Rename some Parameters (e.g. HIP_MAC) to make them more general Better Security Considerations Section (it seems rather outdated) Introduced lists for negotiation – DH List, HIT Suite List Increase Version Number and change title of document

5 5 Editorial Changes Many clarifications Better Terminology section Clearer Parameter descriptions Fixed some remaining bugs and inconsistencies from 5201

6 6 What's Left Use List-based negotiation for transport formats (ESP) – Requires changes to the ESP document RFC5202-bis OGA in ORCHID document – Note prefix NOT listed by IANA If so, BackToMyMAC MAY have used HIP instead of reinventing pieces of HIP IESG comments on 5201 datatracker.ietf.org/doc/draft-ietf-hip-base/writeup/ – Randomize hashing in signatures (should be quick) – Negotiation of KDF – Combine encryption modes

7 7 What's Left More IESG comments on 5201 – Different RSA mode OAEP/PSS – Crypto Agility for HMAC – SHA-1 is outdated (we covered that) – Use of incoming IP addresses Might affect MM draft, too – Interactions with complex SPDs may result in weird effects

8 8 Questions?

Download ppt "1 HIP 5201-bis Update Robert Moskowitz Verizon Telcom and Business Tobias Heer RWTH Aachen University March 31, 2011"

Similar presentations

Doc.: IEEE 802.11-01/147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503) 712-1849.

Doc.: IEEE /147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503)
IETF 71: NETLMM Working Group – Proxy Mobile IPv6 1 Proxy Mobile IPv6 111 draft-ietf-netlmm-proxymip6-11.txt IETF 71: NETLMM Working Group – Proxy Mobile.

IETF 71: NETLMM Working Group – Proxy Mobile IPv6 1 Proxy Mobile IPv6 111 draft-ietf-netlmm-proxymip6-11.txt IETF 71: NETLMM Working Group – Proxy Mobile.
Doc.: IEEE 802.15-10-0412-06-wng0 Submission June 2010 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE wng0 Submission June 2010 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P Working Group for Wireless Personal.
Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins.

Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IPsec – IKE CS 470 Introduction to Applied Cryptography

IPsec – IKE CS 470 Introduction to Applied Cryptography
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
1 Workshop on algorithms and parameters for Electronic Signatures November 25, 2004. Brussels.

1 Workshop on algorithms and parameters for Electronic Signatures November 25, Brussels.
CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.

CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.
IETF 77 1 HIP mobility (RFC 5206bis) issue review March 31, 2011 Tom Henderson (editor)

IETF 77 1 HIP mobility (RFC 5206bis) issue review March 31, 2011 Tom Henderson (editor)
WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.

WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.
1 Notification Rate Control draft-ietf-sipcore-event-rate-control-04 78th IETF,

1 Notification Rate Control draft-ietf-sipcore-event-rate-control th IETF,
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Simple Authentication schemes for ALC and NORM draft-ietf-rmt-simple-auth-for-alc-norm-00 IETF 73 – Minneapolis, November 2008 Vincent Roca (INRIA)

Simple Authentication schemes for ALC and NORM draft-ietf-rmt-simple-auth-for-alc-norm-00 IETF 73 – Minneapolis, November 2008 Vincent Roca (INRIA)
2003-2004 - Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
1 Authentication Algorithm Document Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee,

1 Authentication Algorithm Document Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee,

Similar presentations

Ads by Google