IETF Logo Mail Archive

Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01

"Laganier, Julien" <julienl@qualcomm.com> Tue, 01 December 2009 00:27 UTC

Return-Path: <julienl@qualcomm.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6CA7A3A69F1 for <cga-ext@core3.amsl.com>; Mon, 30 Nov 2009 16:27:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.704
X-Spam-Level:
X-Spam-Status: No, score=-103.704 tagged_above=-999 required=5 tests=[AWL=-1.105, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JpS++bHSDG3G for <cga-ext@core3.amsl.com>; Mon, 30 Nov 2009 16:27:13 -0800 (PST)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 745BF3A6842 for <cga-ext@ietf.org>; Mon, 30 Nov 2009 16:27:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1259627226; x=1291163226; h=from:to:cc:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version:x-ironport-av; z=From:=20"Laganier,=20Julien"=20<julienl@qualcomm.com> |To:=20Tony=20Cheneau=20<tony.cheneau@it-sudparis.eu>|CC: =20"draft-ietf-csi-proxy-send@tools.ietf.org"=0D=0A=09<dr aft-ietf-csi-proxy-send@tools.ietf.org>,=0D=0A=20=20=20 =20=20=20=20=20"cga-ext@ietf.org"=0D=0A=09<cga-ext@ietf.o rg>|Date:=20Mon,=2030=20Nov=202009=2016:26:59=20-0800 |Subject:=20RE:=20[CGA-EXT]=20Comments=20on=20draft-ietf- csi-proxy-send-01|Thread-Topic:=20[CGA-EXT]=20Comments=20 on=20draft-ietf-csi-proxy-send-01|Thread-Index:=20AcpudfV LYtBBXlElRuiL4OjrZlAt6wDpj6hw|Message-ID:=20<BF345F63074F 8040B58C00A186FCA57F1C65FB2B11@NALASEXMB04.na.qualcomm.co m>|References:=20<alpine.LNX.2.00.0911191100150.7833@whit ebox>=0D=0A=09<BF345F63074F8040B58C00A186FCA57F1C66087842 @NALASEXMB04.na.qualcomm.com>=0D=0A=09<alpine.LNX.2.00.09 11201144010.7546@whitebox>=0D=0A=09<BF345F63074F8040B58C0 0A186FCA57F1C65FB277D@NALASEXMB04.na.qualcomm.com>=0D=0A =09<alpine.LNX.2.00.0911211025090.11248@localhost.localdo main>=0D=0A=09<BF345F63074F8040B58C00A186FCA57F1C65FB2942 @NALASEXMB04.na.qualcomm.com>=0D=0A=09<alpine.LNX.2.00.09 11242317130.11124@localhost.localdomain>=0D=0A=09<BF345F6 3074F8040B58C00A186FCA57F1C65FB2A51@NALASEXMB04.na.qualco mm.com>=0D=0A=20<alpine.LNX.2.00.0911260951580.7596@white box>|In-Reply-To:=20<alpine.LNX.2.00.0911260951580.7596@w hitebox>|Accept-Language:=20en-US|Content-Language:=20en- US|X-MS-Has-Attach:|X-MS-TNEF-Correlator:|acceptlanguage: =20en-US|Content-Type:=20text/plain=3B=20charset=3D"us-as cii"|Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 400,1158,5818"=3B=20a=3D"28748296"; bh=cpzEqZiQjyANVFgTGZNHQ2Tz6lAjaTINiFaPDrZ/JEY=; b=N3zKUyLNQczNzP7gHWrkbeXIG1a44KLNo5NIe/0i94FPansdu4BvsHFP xn+Ok4nNgJ6LUif1GpClhLNX2f8xjJh5QWKLqg6IFVQE9PlmufC3q7RhF z9jILIryIqBJOIgwsc7GxVJJqMS6W+ahp5qQuae7OYaRSLjJpeU977XUp A=;
X-IronPort-AV: E=McAfee;i="5400,1158,5818"; a="28748296"
Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP; 30 Nov 2009 16:27:06 -0800
Received: from msgtransport06.qualcomm.com (msgtransport06.qualcomm.com [129.46.61.149]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nB10R6ps002926 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 30 Nov 2009 16:27:06 -0800
Received: from nasanexhub01.na.qualcomm.com (nasanexhub01.na.qualcomm.com [10.46.93.121]) by msgtransport06.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id nB10Qpbh000334 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 30 Nov 2009 16:27:05 -0800
Received: from nalasexhub03.na.qualcomm.com (10.47.130.45) by nasanexhub01.na.qualcomm.com (10.46.93.121) with Microsoft SMTP Server (TLS) id 8.2.176.0; Mon, 30 Nov 2009 16:27:01 -0800
Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.118]) by nalasexhub03.na.qualcomm.com ([10.47.130.45]) with mapi; Mon, 30 Nov 2009 16:27:01 -0800
From: "Laganier, Julien" <julienl@qualcomm.com>
To: Tony Cheneau <tony.cheneau@it-sudparis.eu>
Date: Mon, 30 Nov 2009 16:26:59 -0800
Thread-Topic: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01
Thread-Index: AcpudfVLYtBBXlElRuiL4OjrZlAt6wDpj6hw
Message-ID: <BF345F63074F8040B58C00A186FCA57F1C65FB2B11@NALASEXMB04.na.qualcomm.com>
References: <alpine.LNX.2.00.0911191100150.7833@whitebox> <BF345F63074F8040B58C00A186FCA57F1C66087842@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911201144010.7546@whitebox> <BF345F63074F8040B58C00A186FCA57F1C65FB277D@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911211025090.11248@localhost.localdomain> <BF345F63074F8040B58C00A186FCA57F1C65FB2942@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911242317130.11124@localhost.localdomain> <BF345F63074F8040B58C00A186FCA57F1C65FB2A51@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911260951580.7596@whitebox>
In-Reply-To: <alpine.LNX.2.00.0911260951580.7596@whitebox>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "draft-ietf-csi-proxy-send@tools.ietf.org" <draft-ietf-csi-proxy-send@tools.ietf.org>, "cga-ext@ietf.org" <cga-ext@ietf.org>
Subject: Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2009 00:27:14 -0000

Tony Cheneau wrote:
>  
> Hi Julien,
> 
> > All right Tony, then I assume we want to have the fe80::/64 prefix
> > present in the certificate when proxying of link local addresses is
> > required (e.g., RFC 4389, RFC 5213.) Do you think we have to include
> > additional text in the draft to reflect that? If yes, any suggestion?
> 
> I think some text may be needed to clarify the issue (which is new and
> related to the Secure ND proxy).

Ok.

> Maybe a new section, right after 6.2, named "Handling of Link-Local
> Addresses". Containing:

Maybe rather "Proxying Link-Local Addresses"?
 
> "Secure Neighbor Discovery [RFC3971] relies on certificate to
> prove that routers are authorized to announce a certain prefix.
> However, Neighbor Discovery [RFC4861] states that router does not
> announce the Link-Local prefix (fe80::/64). Hence, it is unusual for a

s/unusual/not required/

> SEND certificate to hold a X.509 IP address extensions that authorizes
> the fe80::/64 prefix. Some scenario ([RFC4389], [RFC5213], etc) imposes
> that the Secure ND proxy provides proxying function for the Link-Local
> address of a node. When Secure ND proxy functionality on a Link-Local
> address is required, either the address or the Link-Local prefix MUST
> be explicitly authorized in routers certificate."
> 
> What do you think of it ?

Sounds good Tony, thanks for the text!

--julien

v2.23.0 | Report a Bug | By Email