[CGA-EXT] Fwd: WG Action: Cga & Send maIntenance (csi)
marcelo bagnulo braun <marcelo@it.uc3m.es> Thu, 14 February 2008 08:29 UTC
Return-Path: <cga-ext-bounces@ietf.org>
X-Original-To: ietfarch-cga-ext-archive@core3.amsl.com
Delivered-To: ietfarch-cga-ext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BEEE628CC80; Thu, 14 Feb 2008 00:29:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.322
X-Spam-Level:
X-Spam-Status: No, score=-2.322 tagged_above=-999 required=5 tests=[AWL=-1.885, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YfGMuEBVcsH3; Thu, 14 Feb 2008 00:29:43 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 97C553A7048; Thu, 14 Feb 2008 00:29:43 -0800 (PST)
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0895528C43B for <cga-ext@core3.amsl.com>; Thu, 14 Feb 2008 00:29:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wclmIgl44JED for <cga-ext@core3.amsl.com>; Thu, 14 Feb 2008 00:29:41 -0800 (PST)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by core3.amsl.com (Postfix) with ESMTP id 4819B28C433 for <cga-ext@ietf.org>; Thu, 14 Feb 2008 00:29:41 -0800 (PST)
Received: from chelo-it-uc3m-es.it.uc3m.es (chelo-it-uc3m-es.it.uc3m.es [163.117.139.32])(using TLSv1 with cipher AES128-SHA (128/128 bits))(No client certificate requested)by smtp01.uc3m.es (Postfix) with ESMTP id 5766B3AACB9for <cga-ext@ietf.org>; Thu, 14 Feb 2008 09:31:01 +0100 (CET)
Message-Id: <75D403A6-0082-43B9-9474-3551567507CB@it.uc3m.es>
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
To: cga-ext@ietf.org
Mime-Version: 1.0 (Apple Message framework v915)
Date: Thu, 14 Feb 2008 09:31:01 +0100
References: <20080213203001.C2F903A6FF7@core3.amsl.com>
X-Mailer: Apple Mail (2.915)
X-imss-version: 2.049
X-imss-result: Passed
X-imss-scanInfo: M:B L:E SM:2
X-imss-tmaseResult: TT:1 TS:-31.4680 TC:1F TRN:93 TV:5.0.1023(15728.003)
X-imss-scores: Clean:100.00000 C:0 M:0 S:0 R:0
X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000)
Subject: [CGA-EXT] Fwd: WG Action: Cga & Send maIntenance (csi)
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: cga-ext-bounces@ietf.org
Errors-To: cga-ext-bounces@ietf.org
So, now we have a WG! As we entioned before, we are meeting in Philadelphia, and we will make a call for agenda items soon Regards, marcelo Inicio del mensaje reenviado: > De: The IESG <iesg@ietf.org> > Fecha: 13 de febrero de 2008 21:30:01 GMT+01:00 > Para: ietf-announce@ietf.org > Cc: marcelo@it.uc3m.es, Gabriel.Montenegro@microsoft.com, cga-ext@ietf.org > Asunto: WG Action: Cga & Send maIntenance (csi) > > A new IETF working group has been formed in the Internet Area. For > additional information, please contact the Area Directors or the WG > Chairs. > > Cga & Send maIntenance (csi) > ============================ > > Last Modified: 2008-02-07 > > Current Status: Active Working Group > > Chair(s): > Marcelo Bagnulo Braun <marcelo@it.uc3m.es> > Gabriel Montenegro <Gabriel.Montenegro@microsoft.com> > > Internet Area Area Director(s): > Jari Arkko <jari.arkko@piuha.net> > Mark Townsley <townsley@cisco.com> > > Mailing Lists: > General Discussion: cga-ext at ietf.org > To Subscribe: http://www.ietf.org/mailman/listinfo/cga-ext > Archive: http://www.ietf.org/mail-archive/web/cga-ext/current/index.html > > Description: > > The Secure Neighbor Discovery (SEND) protocol defined by RFC 3971 > provides security mechanisms protecting different functions of the > Neighbor Discovery (ND) protocol defined by RFC 2461. This includes > address resolution (discovering link layer address of another node > attached to the link), router discovery (discovering routers attached > to the link), and neighbor unreachability detection (detecting that a > node attached to the link is no longer reachable). SEND protection of > address resolution and neighbor unreachability detection functions > relies on IPv6 address proof-of-ownership and message integrity > protection provided respectively via Cryptographically Generated > Addresses (CGAs) and RSA Digital Signatures. > > CGAs are defined in RFC 3972, and are extended with a CGA extension > format defined in RFC 4581, and a support for multiple hash functions > defined in RFC 4982. While CGAs were originally defined for the SEND > protocol, they have proved to be a useful security tool in other > environments too, and its usage has been proposed to secure other > protocols such as the Shim6 multihoming protocol and the Mobile IPv6 > protocol. While there is very little deployment of SEND to date, > there are > a number of implementations, recommendations in the NIST and DOD > profiles > call for use of SEND, and operating system vendors are considering > adding > SEND to their next releases. As a result, it is desirable to review > the > current state of the SEND and CGA specifications, maintain and > complement > them where necessary. Up to date cryptographic algorithms are > needed, and > the protocols need to be able to deal with certain common situations > currently not supported. > > Specifically, the WG will look at the following issues: > > - Develop an informational document analyzing the implications of > recent attacks on hash functions used by SeND protocol. Current SeND > specification uses the SHA-1 hash algorithm and does not provides > support for hash algorithm agility, hence the critical need for > understanding the impact of the attacks on the SeND protocol. In > addition, if as a result of the aforementioned analysis it is deemed > necessary, standard-track extensions to the SeND protocol to support > multiple hash algorithms will be defined. > > - Specify a standards-track CGA and SeND extensions to support > multiple public key algorithms. As currently defined CGA and SeND can > only use RSA keys, and they lack support for other public key > algorithms (e.g. Elliptic Curve Cryptography -- ECC). > > - Develop X.509 certificate management tools for SeND. SeND utilizes > X.509v3 certificates for performing router authorization. It uses the > X.509 extension for IP addresses to verify whether the router is > authorized to advertise the mentioned IP addresses. Since the IP > addresses extension does not explicitly mention what functions the > node can perform for the IP addresses it becomes impossible to know > the reason for which the certificate was allowed. In order to > facilitate issuance of certificates for specific functions, we need > toencode the functions permitted for the certificate into the > certificate itself. The WG will develop a certificate profile, > including a definition of X.509 Extended Key Usage for SeND . In > addition, the WG will recommend best practices for (1) enrollment, > (2)revocation checking, and (3) publishing of certificates. This WG > will > ensure that the profile and recommended practices will cover usage by > hosts in addition to routers. The working group will coordinate this > activity with the PKIX and SIDR WGs. Prior to IESG submission of the > certificate profile, the working group will seek input from and > coordinate > with other groups enabling cryptographic identification of device- > related > properties (e.g., IEEE 802.1ar, IEEE 802.16, WiMAX Forum, IETF > CAPWAP WG). > > > - Develop a standard track document defining a mechanism to perform > SeND certificate provisioning for routers. SeND protocol as defined in > RFC3971 specifies how IPv6 nodes can trust the prefixes advertised > by a > router. The solution is based on the use of the IP Address > Delegation extension (RFC3779) in X.509 v3 certificates (RFC3280). > This work will provide the tools require to provision with the > certificates to the routers in an automatic manner. The working will > coordinate this activity with the PKIX WG. > > - Produce a problem statement document for Neighbor Discovery Proxies > and then specify standards-track SEND Extensions to support Neighbor > Discovery Proxies: SEND protocol as currently defined in RFC 3971 > lacks of support for ND Proxies defined in RFC 3775 and RFC 4389. > Extensions to the SEND protocol will be defined in order to provide > equivalent SEND security capabilities to ND Proxies. > > - Develop an informational document analysing different approaches to > allow SeND and CGAs to be used in conjunction with DHCP, and making > recommendations on which are the best suited. Recharter based on the > result of the analysis. > > - Update base specifications (RFC 3971 and 3972). > > Goals and Milestones: > > Jun 08 WG last-call on analysis of hash related threats in SeND > Aug 08 WG last-call on Proxy-SeND problem statement > Dec 08 WG last-call on multiple hash function support in SeND, if > required > Dec 08 WG last-call on multiple public key algorithm support for CGA > Dec 08 WG last-call on multiple public key algorithm support for SeND > Dec 08 WG last-call on certificate profile definition for SeND > Jan 09 WG last-call on Proxy SeND > Jun 09 WG last-call on certificate provision mechanism for SeND > routers > Jun 09 WG last-call on certificate management best practices for SeND > routers > Jul 09 WG last-call on CGA-DHCP interaction > Nov 09 WG last-call on updated SeND specification > Nov 09 WG last-call on updated CGA specification > > Jul 08 Submit draft on analysis of hash related threats in SeND to > IESG > Set 08 Submit draft on Proxy-SeND problem statement to IESG > Jan 09 Submit draft on multiple hash function support in SeND to > IESG, if > required > Jan 09 Submit draft on multiple public key algorithm support for CGA > to > IESG > Jan 09 Submit draft on multiple public key algorithm support for > SeND to > IESG > Jan 09 Submit draft on certificate profile definition for SeND to IESG > Feb 09 Submit draft on Proxy SeND to IESG > Jul 09 Submit draft on certificate provision mechanism for SeND > routers to > IESG > Jul 09 Submit draft on certificate management best practices for SeND > routers to IESG > Aug 09 Submit draft on CGA-DHCP interaction to IESG > Dec 09 Submit draft on updated SeND specification to IESG > Dec 09 Submit draft on updated CGA specification to IESG _______________________________________________ CGA-EXT mailing list CGA-EXT@ietf.org http://www.ietf.org/mailman/listinfo/cga-ext
- [CGA-EXT] Fwd: WG Action: Cga & Send maIntenance … marcelo bagnulo braun