[CGA-EXT] Call for comments on draft-rafiee-6man-ssas-00.txt

"Hosnieh Rafiee" <ietf@rozanak.com> Fri, 04 January 2013 20:13 UTC

Return-Path: <ietf@rozanak.com>
X-Original-To: cga-ext@ietfa.amsl.com
Delivered-To: cga-ext@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E08B021F8A42 for <cga-ext@ietfa.amsl.com>; Fri, 4 Jan 2013 12:13:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id BpVODarVUlOx for <cga-ext@ietfa.amsl.com>; Fri, 4 Jan 2013 12:13:36 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net []) by ietfa.amsl.com (Postfix) with ESMTP id C665421F8A45 for <cga-ext@ietf.org>; Fri, 4 Jan 2013 12:13:36 -0800 (PST)
Received: from kopoli (g225038076.adsl.alicedsl.de []) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0LcjIF-1T7OMZ32e7-00jzq0; Fri, 04 Jan 2013 15:13:30 -0500
From: "Hosnieh Rafiee" <ietf@rozanak.com>
To: <cga-ext@ietf.org>
References: <000001cdea08$1a37e0c0$4ea7a240$@rozanak.com>
In-Reply-To: <000001cdea08$1a37e0c0$4ea7a240$@rozanak.com>
Date: Fri, 4 Jan 2013 21:13:25 +0100
Message-ID: <000d01cdeab7$f627a340$e276e9c0$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI7ECCw5lZJtuTcH4KW/U5riPTnyZdfT5EQ
Content-Language: en-us
X-Provags-ID: V02:K0:MEOYiS58rx1TT+LyZPgMreAkMX0bhFmAlrug8Gyc3Hu v6vjIasO6jpQpbS5c2xML6ENg0Xv5TBkNWVZQEn7LEp6AvQj59 jWkr5X2mM+pAP1tWCgjQsU4za6AFB+06hobeg5Bxpwvpn1j+G4 xmrTqGnP/Z6YlXHoMBtrARAaXTkAUP5dLMs8TjSGLPoBExQowd XIkixsy9oKGMDDNMhHKtkM3uzM97FT72nxDt3Z8crOQ7XsMNNE 0JYtihqB2sFQX3KpQrHeEizuxi9t8fIQhpcn/k0kY9PaxFPSnr sFy4NzGQi9Pobl0smeGVeR+AuEKXyWQma595Nsuypgv0k3d1h9 L1qkQirLKcaySi+Psbqo=
Subject: [CGA-EXT] Call for comments on draft-rafiee-6man-ssas-00.txt
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2013 20:13:41 -0000

Dear All,

This draft addresses the following problem:
Unfortunately the existing drafts do not consider the integration of
security and privacy  for the generation of the Interface ID (IID). This
draft tries to offer a solution to this problem while at the same time
considering the generation and verification times and complexity of the
existing algorithms. Please take a look. Comments are greatly appreciated.
Thank you,

Filename:	 draft-rafiee-6man-ssas
Revision:	 00
Title:		 A Simple Secure Addressing Generation Scheme for IPv6
AutoConfiguration (SSAS)
Creation date:	 2013-01-02
WG ID:		 Individual Submission
Number of pages: 13
Status:          http://datatracker.ietf.org/doc/draft-rafiee-6man-ssas
Htmlized:        http://tools.ietf.org/html/draft-rafiee-6man-ssas-00

   The default method for IPv6 address generation uses two unique
   manufacturer IDs that are assigned by the IEEE Standards Association
   [1] (section 2.5.1 RFC-4291) [RFC4291]. This means that a node will
   always have the same Interface ID (IID) whenever it connects to a new
   network. Because the node's IP address does not change, the node is
   vulnerable to privacy related attacks. To address this issue, there
   are currently two mechanisms in use to randomize the IID,
   Cryptographically Generated Addresses (CGA) [RFC3972] and Privacy
   Extension [RFC4941]. The problem with the former approach is the
   computational cost involved for the IID generation. The problem with
   the latter approach is that it lacks security. This document offers a
   new algorithm for use in the generation of the IID while, at the same
   time, securing the node against some types of attack, such as IP
   spoofing. These attacks are prevented with the addition of a
   signature to the Neighbor Discovery messages (NDP).

IETF IPv6 working group mailing list
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6