Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01
"Laganier, Julien" <julienl@qualcomm.com> Fri, 20 November 2009 17:33 UTC
Return-Path: <julienl@qualcomm.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 6FFF63A67AA for <cga-ext@core3.amsl.com>;
Fri, 20 Nov 2009 09:33:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.274
X-Spam-Level:
X-Spam-Status: No,
score=-103.274 tagged_above=-999 required=5 tests=[AWL=-0.675, BAYES_00=-2.599,
USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SfYnQiRmpZ2j for
<cga-ext@core3.amsl.com>; Fri, 20 Nov 2009 09:33:21 -0800 (PST)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com
[199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 738E53A692B for
<cga-ext@ietf.org>; Fri, 20 Nov 2009 09:33:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com;
i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1258738399; x=1290274399;
h=from:to:cc:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language:
content-language:x-ms-has-attach:x-ms-tnef-correlator:
acceptlanguage:content-type:content-transfer-encoding:
mime-version:x-ironport-av;
z=From:=20"Laganier,=20Julien"=20<julienl@qualcomm.com>
|To:=20Jean-Michel=20Combes=20<jeanmichel.combes@gmail.co
m>,=0D=0A=20=20=20=20=20=20=20=20Tony=20Cheneau=0D=0A=09<
tony.cheneau@it-sudparis.eu>|CC:=20"draft-ietf-csi-proxy-
send@tools.ietf.org"=0D=0A=09<draft-ietf-csi-proxy-send@t
ools.ietf.org>,=0D=0A=20=20=20=20=20=20=20=20"cga-ext@iet
f.org"=0D=0A=09<cga-ext@ietf.org>|Date:=20Fri,=2020=20Nov
=202009=2009:32:48=20-0800|Subject:=20RE:=20[CGA-EXT]=20C
omments=20on=20draft-ietf-csi-proxy-send-01|Thread-Topic:
=20[CGA-EXT]=20Comments=20on=20draft-ietf-csi-proxy-send-
01|Thread-Index:=20Acpp/UhtyyhfB7bFRTOCEWlJDT3mrQACTqWw
|Message-ID:=20<BF345F63074F8040B58C00A186FCA57F1C65FB278
2@NALASEXMB04.na.qualcomm.com>|References:=20<alpine.LNX.
2.00.0911191100150.7833@whitebox>=0D=0A=09=20<BF345F63074
F8040B58C00A186FCA57F1C66087842@NALASEXMB04.na.qualcomm.c
om>=0D=0A=09=20<alpine.LNX.2.00.0911201144010.7546@whiteb
ox>=0D=0A=20<729b68be0911200819o39a9dd66jf5b888f05d2ab7df
@mail.gmail.com>|In-Reply-To:=20<729b68be0911200819o39a9d
d66jf5b888f05d2ab7df@mail.gmail.com>|Accept-Language:=20e
n-US|Content-Language:=20en-US|X-MS-Has-Attach:
|X-MS-TNEF-Correlator:|acceptlanguage:=20en-US
|Content-Type:=20text/plain=3B=20charset=3D"iso-8859-1"
|Content-Transfer-Encoding:=20quoted-printable
|MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5
300,2777,5808"=3B=20a=3D"28066645";
bh=VH++9zhGUs+Q0ZS8iNGZj7nsvnqXmaINaHFO1NGrjjE=;
b=JPLLzzkxVT+6dZTHdNy9xL7cf/EZiK5P+qHn9QsAZIUdFGIHS0lBUf5X
MHJgdp7u6tcRYJvvlh5RNpvdNlDH96dbQnGUR7ffwJhF8xtgUJeBT1ZD5
BRr+R7xRGF1syl2XZDaSPyupT1cRgfLin+TTbhaKnF42N823xheKTcmlv c=;
X-IronPort-AV: E=McAfee;i="5300,2777,5808"; a="28066645"
Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com)
([199.106.114.10]) by wolverine02.qualcomm.com with
ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Nov 2009 09:32:53 -0800
Received: from msgtransport03.qualcomm.com (msgtransport03.qualcomm.com
[129.46.61.154]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id
nAKHWqgo011498 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
verify=FAIL); Fri, 20 Nov 2009 09:32:52 -0800
Received: from nasanexhub05.na.qualcomm.com (nasanexhub05.na.qualcomm.com
[129.46.134.219]) by msgtransport03.qualcomm.com (8.14.2/8.14.2/1.0) with
ESMTP id nAKHWpYO031368 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128
verify=NOT); Fri, 20 Nov 2009 09:32:52 -0800
Received: from nalasexhc01.na.qualcomm.com (10.47.129.185) by
nasanexhub05.na.qualcomm.com (129.46.134.219) with Microsoft SMTP Server
(TLS) id 8.2.176.0; Fri, 20 Nov 2009 09:32:50 -0800
Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.118]) by
nalasexhc01.na.qualcomm.com ([10.47.129.185]) with mapi;
Fri, 20 Nov 2009 09:32:50 -0800
From: "Laganier, Julien" <julienl@qualcomm.com>
To: Jean-Michel Combes <jeanmichel.combes@gmail.com>,
Tony Cheneau <tony.cheneau@it-sudparis.eu>
Date: Fri, 20 Nov 2009 09:32:48 -0800
Thread-Topic: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01
Thread-Index: Acpp/UhtyyhfB7bFRTOCEWlJDT3mrQACTqWw
Message-ID: <BF345F63074F8040B58C00A186FCA57F1C65FB2782@NALASEXMB04.na.qualcomm.com>
References: <alpine.LNX.2.00.0911191100150.7833@whitebox>
<BF345F63074F8040B58C00A186FCA57F1C66087842@NALASEXMB04.na.qualcomm.com>
<alpine.LNX.2.00.0911201144010.7546@whitebox>
<729b68be0911200819o39a9dd66jf5b888f05d2ab7df@mail.gmail.com>
In-Reply-To: <729b68be0911200819o39a9dd66jf5b888f05d2ab7df@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "draft-ietf-csi-proxy-send@tools.ietf.org"
<draft-ietf-csi-proxy-send@tools.ietf.org>,
"cga-ext@ietf.org" <cga-ext@ietf.org>
Subject: Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>,
<mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>,
<mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2009 17:33:22 -0000
Hi Jean-Michel, > > Another question that comes to my mind just now, and that may need > > clarification in your document is: > > Is your solution able to provide Secure Proxy ND for the fe80::/64 > > prefix ? I mean, a router does not announce this prefix as it not a > > routable one. Then, there will be no CPS/CPA exchange for this prefix, > > meaning no certificate exchange. What is the processing of a host > > receiving a ND message toward a fe80::/64 address signed with a Proxy > > Signature Option ? How can he learn the certificate of the Secure > > Proxy ND ? This should be addressed as it is a use case of RFC 4389 (I > > think). > > IMHO, securing ND Proxy for fe80::/64 case is out of scope. It is in scope and required for RFC 4389 as Tony pointed out, e.g., link-local addresses will be used by routers and will be present in RAs sent by routers, or in NS/NA when a node attempts address resolution for a router's link local. These packets need to be proxied. However the fe80::/64 prefix needs not to be present in the authorization certificates. The draft should simply specify (although it currently does not) that a proxy ND is always authorized to proxy addresses in the fe80::/64 prefix. That has to be fixed in the next revision of the draft. --julien
- [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01 Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Jean-Michel Combes
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Roque Gagliano
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Laganier, Julien
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Roque Gagliano
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Laganier, Julien
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Roque Gagliano
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Roque Gagliano
- [CGA-EXT] Review of draft-ietf-csi-proxy-send Jari Arkko
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Tony Cheneau
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Tony Cheneau
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Jari Arkko
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Alberto García
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Alberto García
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Alberto García
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Laganier, Julien
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Tony Cheneau
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Alberto García
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Jari Arkko
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Alberto García