Re: [CGA-EXT] New Version for draft-krishnan-csi-proxy-send-00
"Jean-Michel Combes" <jeanmichel.combes@gmail.com> Wed, 18 June 2008 18:01 UTC
Return-Path: <cga-ext-bounces@ietf.org>
X-Original-To: cga-ext-archive@optimus.ietf.org
Delivered-To: ietfarch-cga-ext-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D67463A6A5A; Wed, 18 Jun 2008 11:01:53 -0700 (PDT)
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D01BB3A6A5A for <cga-ext@core3.amsl.com>; Wed, 18 Jun 2008 11:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.214
X-Spam-Level:
X-Spam-Status: No, score=-1.214 tagged_above=-999 required=5 tests=[AWL=-0.915, BAYES_00=-2.599, MANGLED_TRNFER=2.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZVldXdNcSwx for <cga-ext@core3.amsl.com>; Wed, 18 Jun 2008 11:01:51 -0700 (PDT)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.225]) by core3.amsl.com (Postfix) with ESMTP id CF8D43A6998 for <cga-ext@ietf.org>; Wed, 18 Jun 2008 11:01:51 -0700 (PDT)
Received: by rv-out-0506.google.com with SMTP id b25so5639097rvf.49 for <cga-ext@ietf.org>; Wed, 18 Jun 2008 11:02:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=T/PJAsoGAChAM9FSZZQnu6czGh2DsQwfAQEr5m/OV0E=; b=SPCZKRkYRBbOkrzSbzPrvb5qaugu24qSjUsPLa9uLTixduZcnS3HvZrGjF+4bTw04w vf4cBXW89XsUMz7HdnIMfaPC5kIrvRjRZ34sTPcNQbwDqiPg9QvQyNpCZF4AZs/HslDL O8fA8PcxTD+BTVRvp77CXREnd+EqV1STYlelU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=tFSzyuYAq2ogOFZ43FtEzBhIqRA0rC3srEZAzhAF3833J5NGymSmNN+oyp65oCoLDA 0j4lpNJH1MTGfo5v3/dkWG7v7XuGqjiRQ5wfAtUhvkO1LM0rYXQMJh7NX6BwaWYErflG zI0Co68NJgXWP0QEQd5Z02yFh+CA1gCSyOgHA=
Received: by 10.141.136.19 with SMTP id o19mr5642556rvn.281.1213812160012; Wed, 18 Jun 2008 11:02:40 -0700 (PDT)
Received: by 10.141.189.15 with HTTP; Wed, 18 Jun 2008 11:02:39 -0700 (PDT)
Message-ID: <729b68be0806181102n12449c7ahe631c725a5ce3ad1@mail.gmail.com>
Date: Wed, 18 Jun 2008 20:02:39 +0200
From: Jean-Michel Combes <jeanmichel.combes@gmail.com>
To: Julien Laganier <julien.IETF@laposte.net>
In-Reply-To: <200806121653.22293.julien.IETF@laposte.net>
MIME-Version: 1.0
Content-Disposition: inline
References: <729b68be0806061730y7bf7f8e7ld3d2b2a5de4155f5@mail.gmail.com> <200806121653.22293.julien.IETF@laposte.net>
Cc: cga-ext@ietf.org
Subject: Re: [CGA-EXT] New Version for draft-krishnan-csi-proxy-send-00
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: cga-ext-bounces@ietf.org
Errors-To: cga-ext-bounces@ietf.org
Hi Julien, 2008/6/12, Julien Laganier <julien.IETF@laposte.net>: > Hello Jean-Michel, > > > On Saturday 07 June 2008, Jean-Michel Combes wrote: > > Hi, > > > > After a quick review, I have one comment and one question: > > - IMHO, your solution should work too with anycast addresses case > > > It seems so. It also seems it would work to secure NS/NA exchange based > on certificates rather than CGA. Not sure that certs defined in krishnan-cgaext-send-cert-eku are well adapted for such a use: IMHO, prefix ownership is not the same as address ownership. > To achieve that it would also be > necessary to define another EKU (extended key usage) for "Address > ownership", in addition to "Router" and "Proxy". But what is in the cert when you want to use it to proxy NS/NA? An address or a prefix? > > > > - How will a ND-Proxy get the certificate authorizing it to act as an > > ND-Proxy? > > > In the same fashion that a Router gets the certificate authorizing it to > act as a router. May I have details in the case of the MIPv6 scenario? Specially, who does provide the cert? Cheers. JMC. > > Cheers, > > > --julien > > > > 2008/6/6, Julien Laganier <julien.IETF@laposte.net>: > > > Folks, > > > > > > Sorry for the noise, but another update of the Secure Proxy ND > > > Support for SEND has been posted. It fixes some misreferences and > > > has a filename matching the WG name, thus it should appear in the > > > tools.ietf.org page. > > > > > > The new draft has support for ND proxy as per: > > > - ND proxies [RFC4389] > > > - MIPv6 Home Agent [RFC3775] > > > - PMIPv6 Mobility Access Gateway [I-D.ietf-netlmm-proxymip6] > > > > > > You can find it there: > > > > > > > > > <http://www.ietf.org/internet-drafts/draft-krishnan-csi-proxy-send- > > >00.txt> > > > > > > Comments are still welcome! > > > > > > > > > --julien > > > > > > > > > > > > ---------- Message transféré ---------- > > > From: IETF I-D Submission Tool <idsubmission@ietf.org> > > > To: julien.ietf@laposte.net > > > Date: Fri, 6 Jun 2008 08:24:12 -0700 (PDT) > > > Subject: New Version Notification for > > > draft-krishnan-csi-proxy-send-00 > > > > > > A new version of I-D, draft-krishnan-csi-proxy-send-00.txt has > > > been successfuly submitted by Julien Laganier and posted to the > > > IETF repository. > > > > > > Filename: draft-krishnan-csi-proxy-send > > > Revision: 00 > > > Title: Secure Proxy ND Support for SEND > > > Creation_date: 2008-06-06 > > > WG ID: Independent Submission > > > Number_of_pages: 22 > > > > > > Abstract: > > > Secure Neighbor Discovery (SEND) specifies a method for securing > > > Neighbor Discovery (ND) signaling against specific threats. As > > > specified today, SEND assumes that the node advertising an address > > > is the owner of the address and is in possession of the private key > > > used to generate the digital signature on the message. This means > > > that the Proxy ND signaling initiated by nodes that do not possess > > > knowledge of the address owner's private key cannot be secured > > > using SEND. This document extends the current SEND specification > > > with support for Proxy ND, the Secure Proxy ND Support for SEND. > > > > > > > > > > > > The IETF Secretariat. > > > > > > > > > > > > > > > _______________________________________________ > > > CGA-EXT mailing list > > > CGA-EXT@ietf.org > > > https://www.ietf.org/mailman/listinfo/cga-ext > > > > _______________________________________________ > > CGA-EXT mailing list > > CGA-EXT@ietf.org > > https://www.ietf.org/mailman/listinfo/cga-ext > > > _______________________________________________ CGA-EXT mailing list CGA-EXT@ietf.org https://www.ietf.org/mailman/listinfo/cga-ext
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Jean-Michel Combes
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Julien Laganier
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Silviu VLASCEANU
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Julien Laganier
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Jean-Michel Combes
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Suresh Krishnan
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Jean-Michel Combes
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Julien Laganier
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Julien Laganier
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Suresh Krishnan
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Jean-Michel Combes