[CGA-EXT] Call for comments on draft-rafiee-6man-ssas-00.txt
"Hosnieh Rafiee" <ietf@rozanak.com> Fri, 04 January 2013 20:13 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: cga-ext@ietfa.amsl.com
Delivered-To: cga-ext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E08B021F8A42 for <cga-ext@ietfa.amsl.com>; Fri, 4 Jan 2013 12:13:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BpVODarVUlOx for <cga-ext@ietfa.amsl.com>; Fri, 4 Jan 2013 12:13:36 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id C665421F8A45 for <cga-ext@ietf.org>; Fri, 4 Jan 2013 12:13:36 -0800 (PST)
Received: from kopoli (g225038076.adsl.alicedsl.de [92.225.38.76]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0LcjIF-1T7OMZ32e7-00jzq0; Fri, 04 Jan 2013 15:13:30 -0500
From: Hosnieh Rafiee <ietf@rozanak.com>
To: cga-ext@ietf.org
References: <000001cdea08$1a37e0c0$4ea7a240$@rozanak.com>
In-Reply-To: <000001cdea08$1a37e0c0$4ea7a240$@rozanak.com>
Date: Fri, 04 Jan 2013 21:13:25 +0100
Message-ID: <000d01cdeab7$f627a340$e276e9c0$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI7ECCw5lZJtuTcH4KW/U5riPTnyZdfT5EQ
Content-Language: en-us
X-Provags-ID: V02:K0:MEOYiS58rx1TT+LyZPgMreAkMX0bhFmAlrug8Gyc3Hu v6vjIasO6jpQpbS5c2xML6ENg0Xv5TBkNWVZQEn7LEp6AvQj59 jWkr5X2mM+pAP1tWCgjQsU4za6AFB+06hobeg5Bxpwvpn1j+G4 xmrTqGnP/Z6YlXHoMBtrARAaXTkAUP5dLMs8TjSGLPoBExQowd XIkixsy9oKGMDDNMhHKtkM3uzM97FT72nxDt3Z8crOQ7XsMNNE 0JYtihqB2sFQX3KpQrHeEizuxi9t8fIQhpcn/k0kY9PaxFPSnr sFy4NzGQi9Pobl0smeGVeR+AuEKXyWQma595Nsuypgv0k3d1h9 L1qkQirLKcaySi+Psbqo=
Subject: [CGA-EXT] Call for comments on draft-rafiee-6man-ssas-00.txt
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2013 20:13:41 -0000
Dear All, This draft addresses the following problem: Unfortunately the existing drafts do not consider the integration of security and privacy for the generation of the Interface ID (IID). This draft tries to offer a solution to this problem while at the same time considering the generation and verification times and complexity of the existing algorithms. Please take a look. Comments are greatly appreciated. Thank you, Hosnieh Filename: draft-rafiee-6man-ssas Revision: 00 Title: A Simple Secure Addressing Generation Scheme for IPv6 AutoConfiguration (SSAS) Creation date: 2013-01-02 WG ID: Individual Submission Number of pages: 13 URL: http://www.ietf.org/internet-drafts/draft-rafiee-6man-ssas-00.txt Status: http://datatracker.ietf.org/doc/draft-rafiee-6man-ssas Htmlized: http://tools.ietf.org/html/draft-rafiee-6man-ssas-00 Abstract: The default method for IPv6 address generation uses two unique manufacturer IDs that are assigned by the IEEE Standards Association [1] (section 2.5.1 RFC-4291) [RFC4291]. This means that a node will always have the same Interface ID (IID) whenever it connects to a new network. Because the node's IP address does not change, the node is vulnerable to privacy related attacks. To address this issue, there are currently two mechanisms in use to randomize the IID, Cryptographically Generated Addresses (CGA) [RFC3972] and Privacy Extension [RFC4941]. The problem with the former approach is the computational cost involved for the IID generation. The problem with the latter approach is that it lacks security. This document offers a new algorithm for use in the generation of the IID while, at the same time, securing the node against some types of attack, such as IP spoofing. These attacks are prevented with the addition of a signature to the Neighbor Discovery messages (NDP). -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- [CGA-EXT] Call for comments on draft-rafiee-6man-… Hosnieh Rafiee
- Re: [CGA-EXT] Call for comments on draft-rafiee-6… Al-Sadeh, Ahmad