Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01

Roque Gagliano <> Thu, 10 December 2009 00:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 075D33A684C for <>; Wed, 9 Dec 2009 16:10:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.047
X-Spam-Status: No, score=-1.047 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oKI+eN8jblZr for <>; Wed, 9 Dec 2009 16:09:59 -0800 (PST)
Received: from ( [IPv6:2001:13c7:7001:4000::3]) by (Postfix) with ESMTP id 0446E3A6968 for <>; Wed, 9 Dec 2009 16:09:58 -0800 (PST)
Received: from (unknown []) by (Postfix) with ESMTP id 58001308475; Wed, 9 Dec 2009 22:09:33 -0200 (UYST)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: multipart/alternative; boundary=Apple-Mail-10-776210640
From: Roque Gagliano <>
In-Reply-To: <>
Date: Thu, 10 Dec 2009 01:09:28 +0100
Message-Id: <>
References: <alpine.LNX.2.00.0911191100150.7833@whitebox> <> <alpine.LNX.2.00.0911201144010.7546@whitebox> <> <alpine.LNX.2.00.0911211025090.11248@localhost.localdomain> <> <alpine.LNX.2.00.0911242317130.11124@localhost.localdomain> <> <alpine.LNX.2.00.0911260951580.7596@whitebox> <> <> <> <>
To: "Laganier, Julien" <>
X-Mailer: Apple Mail (2.1077) Please contact the ISP for more information Found to be clean
Cc: "" <>, "" <>
Subject: Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 10 Dec 2009 00:10:00 -0000

Hi Julian,

> So in terms of prefix I agree that you want to use right of use rather than ownership, but in terms of CG-addresses, IMHO we do want to say ownership.

The distinction is not so clear for me but I am fine with "no innovating". 

>> That is something I made clear in the CERT draft.
> But the focus of the CERT draft is on delegating authorization to advertize/use prefixes or addresses that are NOT cryptographically generated, thus there's no ownership involved.
>>> The lack of algorithm agility is generic to SEND and not specific to the Secure Proxy ND mechanism. When the WG concludes on how to move forward with algorithm agility, we can publish an RFC updating both RFC3971 and this to be RFC to add algorithm agility. 
>> So, we know there is a problem and probably know that SEC ADs are looking at these particular issues, however we would to advance this draft to the IESG hopping that it passes their LC with the promise to solve the issue later on? I only have been in CSI for a couple of months but does not sound proper IETF process to me.
>> The agility discussion also included a signaling between the parties in order to select which algorithm to use. What we can do while that discussion is not over in the WG is to make sure that new SEND options have the possibility of identifying which algorithms each party are using, leaving the signaling part for later. This is similar to DNSSEC where in order to change from SHA-1 to SHA-256 probably all signatures will be for a while duplicated in the zone files.
> Would inclusion of an algorithm field in the PSO solve your concern?

IMHO, it will help to move the document through the next step.


> --julien

Roque Gagliano
GPG Fingerprint: E929 06F4 D8CD 2AD8 9365  DB72 9E4F 964A 01E9 6CEE