IETF Logo Mail Archive

Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01

"Laganier, Julien" <julienl@qualcomm.com> Wed, 25 November 2009 21:41 UTC

Return-Path: <julienl@qualcomm.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 171B53A6B61 for <cga-ext@core3.amsl.com>; Wed, 25 Nov 2009 13:41:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.69
X-Spam-Level:
X-Spam-Status: No, score=-105.69 tagged_above=-999 required=5 tests=[AWL=0.909, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V51YHuGF3OhA for <cga-ext@core3.amsl.com>; Wed, 25 Nov 2009 13:41:56 -0800 (PST)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by core3.amsl.com (Postfix) with ESMTP id E7B633A6921 for <cga-ext@ietf.org>; Wed, 25 Nov 2009 13:41:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1259185311; x=1290721311; h=from:to:cc:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version:x-ironport-av; z=From:=20"Laganier,=20Julien"=20<julienl@qualcomm.com> |To:=20Tony=20Cheneau=20<tony.cheneau@it-sudparis.eu>|CC: =20"draft-ietf-csi-proxy-send@tools.ietf.org"=0D=0A=09<dr aft-ietf-csi-proxy-send@tools.ietf.org>,=0D=0A=20=20=20 =20=20=20=20=20"cga-ext@ietf.org"=0D=0A=09<cga-ext@ietf.o rg>|Date:=20Wed,=2025=20Nov=202009=2013:41:46=20-0800 |Subject:=20RE:=20[CGA-EXT]=20Comments=20on=20draft-ietf- csi-proxy-send-01|Thread-Topic:=20[CGA-EXT]=20Comments=20 on=20draft-ietf-csi-proxy-send-01|Thread-Index:=20AcptVyX dEIBwys4NSdGsAOBp8HslEwAwHZ7A|Message-ID:=20<BF345F63074F 8040B58C00A186FCA57F1C65FB2A51@NALASEXMB04.na.qualcomm.co m>|References:=20<alpine.LNX.2.00.0911191100150.7833@whit ebox>=0D=0A=09<BF345F63074F8040B58C00A186FCA57F1C66087842 @NALASEXMB04.na.qualcomm.com>=0D=0A=09<alpine.LNX.2.00.09 11201144010.7546@whitebox>=0D=0A=09<BF345F63074F8040B58C0 0A186FCA57F1C65FB277D@NALASEXMB04.na.qualcomm.com>=0D=0A =09<alpine.LNX.2.00.0911211025090.11248@localhost.localdo main>=0D=0A=09<BF345F63074F8040B58C00A186FCA57F1C65FB2942 @NALASEXMB04.na.qualcomm.com>=0D=0A=20<alpine.LNX.2.00.09 11242317130.11124@localhost.localdomain>|In-Reply-To:=20< alpine.LNX.2.00.0911242317130.11124@localhost.localdomain >|Accept-Language:=20en-US|Content-Language:=20en-US |X-MS-Has-Attach:|X-MS-TNEF-Correlator:|acceptlanguage: =20en-US|Content-Type:=20text/plain=3B=20charset=3D"us-as cii"|Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 400,1158,5813"=3B=20a=3D"28436775"; bh=rGscABQQ2r1Se925D3SXdc3R6ju+1JoNGZnXu/wdRzA=; b=fFsfDdZvcwGTP4D0A3dKYErAQ2J5gKwNJpnSa3vQk8UEEdKK7Cidq0mn hFEs4tAZKl96tAqsyHDPEjvzSi3BU1zmCcfW/9MgcVW7cLTP1EraPvZOl jL1teYtGj0D+oxkEKSdwAHW2PETasp41fKXrITfxtHFcvZtz2Wu5lGjvT 8=;
X-IronPort-AV: E=McAfee;i="5400,1158,5813"; a="28436775"
Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine01.qualcomm.com with ESMTP; 25 Nov 2009 13:41:51 -0800
Received: from msgtransport03.qualcomm.com (msgtransport03.qualcomm.com [129.46.61.154]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nAPLfoik032568 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 25 Nov 2009 13:41:51 -0800
Received: from nasanexhub03.na.qualcomm.com (nasanexhub03.na.qualcomm.com [10.46.93.98]) by msgtransport03.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nAPLfmVL029584 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 25 Nov 2009 13:41:48 -0800
Received: from nalasexhub03.na.qualcomm.com (10.47.130.45) by nasanexhub03.na.qualcomm.com (10.46.93.98) with Microsoft SMTP Server (TLS) id 8.2.176.0; Wed, 25 Nov 2009 13:41:48 -0800
Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.118]) by nalasexhub03.na.qualcomm.com ([10.47.130.45]) with mapi; Wed, 25 Nov 2009 13:41:47 -0800
From: "Laganier, Julien" <julienl@qualcomm.com>
To: Tony Cheneau <tony.cheneau@it-sudparis.eu>
Date: Wed, 25 Nov 2009 13:41:46 -0800
Thread-Topic: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01
Thread-Index: AcptVyXdEIBwys4NSdGsAOBp8HslEwAwHZ7A
Message-ID: <BF345F63074F8040B58C00A186FCA57F1C65FB2A51@NALASEXMB04.na.qualcomm.com>
References: <alpine.LNX.2.00.0911191100150.7833@whitebox> <BF345F63074F8040B58C00A186FCA57F1C66087842@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911201144010.7546@whitebox> <BF345F63074F8040B58C00A186FCA57F1C65FB277D@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911211025090.11248@localhost.localdomain> <BF345F63074F8040B58C00A186FCA57F1C65FB2942@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911242317130.11124@localhost.localdomain>
In-Reply-To: <alpine.LNX.2.00.0911242317130.11124@localhost.localdomain>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "draft-ietf-csi-proxy-send@tools.ietf.org" <draft-ietf-csi-proxy-send@tools.ietf.org>, "cga-ext@ietf.org" <cga-ext@ietf.org>
Subject: Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2009 21:41:57 -0000

All right Tony, then I assume we want to have the fe80::/64 prefix present in the certificate when proxying of link local addresses is required (e.g., RFC 4389, RFC 5213.) Do you think we have to include additional text in the draft to reflect that? If yes, any suggestion?

--julien

Tony Cheneau wrote:
> 
> Laganier, Julien wrote:
> > As to specifying that the proxy ND is always authorized to proxy for
> > addresses in the fe80::/64 prefix vs. inclusion in the certificate of
> > either a list of node's link local addresses that the proxy ND is
> > authorized to proxy, or of the whole fe80::/64 prefix, I have no strong
> > opinion and would like to ask the WG participant what is their
> > preference there?
>
> I would prefer a "prefix or inclusion in the certificate" based
> solution, as
> I think there is some scenario where you may want to proxy global
> addresses and not the Link-Local ones at all.
> 
> I haven't read RFC 3775 recently. Please correct me if I'm wrong, but,
> I think, RFC3775 (section 10.4.1) allows this kind of behavior:
> "  In order to do this, when a node begins serving as the home agent it
>     MUST multicast onto the home link a Neighbor Advertisement message
>     [12] on behalf of the mobile node.  For the home address specified
> in
>     the Binding Update, the home agent sends a Neighbor Advertisement
>     message [12] to the all-nodes multicast address on the home link to
>     advertise the home agent's own link-layer address for this IP
> address
>     on behalf of the mobile node.  If the Link-Layer Address
>     Compatibility (L) flag has been specified in the Binding Update,
> the
>     home agent MUST do the same for the link-local address of the
> mobile
>     node."
> I assume that if the flag is turned off, you do not defend the
> Link-Local addresses. The Home Agent does not need to act as a secure
> proxy ND for this address either. Meaning you can disallow the secure
> proxy ND on the fe80::/64 prefix/address and lessen the effect of a
> compromised secure proxy ND.
> 
> 
> Regards,
>  	Tony
> _______________________________________________
> CGA-EXT mailing list
> CGA-EXT@ietf.org
> https://www.ietf.org/mailman/listinfo/cga-ext

v2.23.0 | Report a Bug | By Email