Presentation is loading. Please wait.

Presentation is loading. Please wait.

Moving HIP to Standards Track Robert Moskowitz ICSAlabs an Independent Div of Verizon Business Systems July 30, 2009 Slides presented.

Published byNorah Mills Modified over 8 years ago

Similar presentations

Presentation on theme: "Moving HIP to Standards Track Robert Moskowitz ICSAlabs an Independent Div of Verizon Business Systems July 30, 2009 Slides presented."— Presentation transcript:

1 Moving HIP to Standards Track Robert Moskowitz ICSAlabs an Independent Div of Verizon Business Systems July 30, 2009 rgm@labs.htt-consult.com Slides presented (and slightly updated) by Petri Jokela Ericsson Research, Nomadiclab

2 Items to Discuss Crypto Agility HIT & LSI Derivation Multiple Identities per Host ESP mode HIP without IP Payload Compression Responder Description and DNS HITs as ACLs

3 Crypto Agility Originally HIP was envisioned as 'Simple' − Crypto events have outstripped that World View HI Algorithms − Add ECC HITs − More Hashing functions − Provided with HI, not negotiated ESP cipher suites − e.g. CCM (Counter with CBC-MAC), GCM (Galois/Counter Mode)

4 HIT & LSI Derivation Continue to use ORCHIDs? − Add Options? Can the HIT imply the PK/Hash algorithms? − Advance ID to RFC LSI space size − 2^24 or 2^16? − 127.n.x.x -> “more than enough” for one host − IANA allocation?

5 Multiple Identities per Host HIP 'forced' to be an Identity for an IP stack. No conceptual reason that any Object or process on a Host has a unique ID − And thus HI Need a consistent mechanism to associate a HI to one or more processes − Maybe it is already there. Relax the requirement of “one HI per host” on the Architecture RFC

6 ESP Mode Do we really need BEET? − Must clearly delineate why NOT Transport or Tunnel − Actual demonstration of what goes wrong without BEET? − Advance ID to RFC (Informational?)

7 HIP without IP Local net may be Layer 2 only HIP & ESP over Ethernet − IEEE 802.15.1 (Bluetooth)‏ − IEEE 802.15.4 (Sensor Nets)‏ Current datagram limited to 127 bytes − See 6LOWPAN 802.15.4g MAY increase this for Smart Utility Networks − IEEE 802.15.6 (Medical Body Nets)‏ Different proposed MACs with different max size

8 Payload Compression ESP Authentication is 'stronger' than TCP and UDP checksums Low Bandwidth Networks already 'suffering' from ESP Authentication overhead Prior to insertion in ESP, remove checksum While removing ESP wrapper, compute and add checksum Should be the default mode of operation

9 Responder Description HI, Hash used, HIT − Can there be multiple HITs? One per 'allowed' hash HIT hash algorithm information in DNS − Should HITs even be included? Expected to generate from HI and Hash − HI lifetime (in DNS) – Implicit Revocation HI Hashes accepted − No negotiation. Use or go away ESP cipher suites accepted − Same DNS RR needs an IANA permanent assignment

10 HITs as ACLs Is the HIT sufficient or is the Hash needed as well? What works for SSH?

11 11 Other Various implementation experience details, such as: − MTU and packet fragmentation issues − Middleboxes: Signaling proxies / Mobile router Overlay networking − Protocol and extensions: 8-way handshake for small MTUs 11

12 12 Schedule Current RFCs − Architecture RFC 4423 − Base HIP RFC 5201 − ESP Transport format RFC 5202 − HIP Registration ext RFC 5203 − HIP Rendezvous ext RFC 5204 − HIP DNS ext RFC 5205 − End-host mobility and multihoming RFC 5206 − HIP & legacy applications RFC 5338 Updated versions out before IETF 76 WG Last Call before IETF 77 12

13 Questions?

Download ppt "Moving HIP to Standards Track Robert Moskowitz ICSAlabs an Independent Div of Verizon Business Systems July 30, 2009 Slides presented."

Similar presentations

Doc.: IEEE 802.15-10-0412-06-wng0 Submission June 2010 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE wng0 Submission June 2010 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P Working Group for Wireless Personal.
1 IPv6 Advantages May 2001 May 2001

1 IPv6 Advantages May 2001 May 2001
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
IPv4 over IEEE 802.16 IP CS draft-ietf-16ng-ipv4-over-802-dot-16-ipcs-02 Syam Madanapalli Ordyn Technologies 71st IETF - Philadelphia, PA, USA (March 9-14,

IPv4 over IEEE IP CS draft-ietf-16ng-ipv4-over-802-dot-16-ipcs-02 Syam Madanapalli Ordyn Technologies 71st IETF - Philadelphia, PA, USA (March 9-14,
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Network Layer Packet Forwarding IS250 Spring 2010

Network Layer Packet Forwarding IS250 Spring 2010
11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.

11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.
Internet Networking Spring 2003

Internet Networking Spring 2003
1 Internet Networking Spring 2002 Tutorial 2 IP Checksum, Fragmentation.

1 Internet Networking Spring 2002 Tutorial 2 IP Checksum, Fragmentation.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker 2008-11-17.

IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
A question of protocol Geoff Huston APNIC 36. Originally there was RFC791: “All hosts must be prepared to accept datagrams of up to 576 octets (whether.

A question of protocol Geoff Huston APNIC 36. Originally there was RFC791: “All hosts must be prepared to accept datagrams of up to 576 octets (whether.
Host Identity Protocol

Host Identity Protocol
 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.

 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.
Advisor: Quincy Wu Speaker: Kuan-Ta Lu Date: Aug. 19, 2010

Advisor: Quincy Wu Speaker: Kuan-Ta Lu Date: Aug. 19, 2010
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Similar presentations

Ads by Google