IETF Logo Mail Archive

Re: [CGA-EXT] New Version for draft-krishnan-csi-proxy-send-00

Suresh Krishnan <suresh.krishnan@ericsson.com> Wed, 18 June 2008 18:14 UTC

Return-Path: <cga-ext-bounces@ietf.org>
X-Original-To: cga-ext-archive@optimus.ietf.org
Delivered-To: ietfarch-cga-ext-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D89FF28C1DE; Wed, 18 Jun 2008 11:14:51 -0700 (PDT)
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 17D0428C1DC for <cga-ext@core3.amsl.com>; Wed, 18 Jun 2008 11:14:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.258
X-Spam-Level:
X-Spam-Status: No, score=-6.258 tagged_above=-999 required=5 tests=[AWL=-0.009, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qnpFjcrRGPi4 for <cga-ext@core3.amsl.com>; Wed, 18 Jun 2008 11:14:50 -0700 (PDT)
Received: from mailgw3.ericsson.se (mailgw3.ericsson.se [193.180.251.60]) by core3.amsl.com (Postfix) with ESMTP id DCCD628C1D6 for <cga-ext@ietf.org>; Wed, 18 Jun 2008 11:14:49 -0700 (PDT)
Received: from mailgw3.ericsson.se (unknown [127.0.0.1]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id C5BED20831; Wed, 18 Jun 2008 20:15:36 +0200 (CEST)
X-AuditID: c1b4fb3c-ab896bb00000193b-84-485950c89fa0
Received: from esealmw128.eemea.ericsson.se (unknown [153.88.254.121]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id A1425208A4; Wed, 18 Jun 2008 20:15:36 +0200 (CEST)
Received: from esealmw128.eemea.ericsson.se ([153.88.254.176]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Wed, 18 Jun 2008 20:15:53 +0200
Received: from eusrcmw750.eamcs.ericsson.se ([138.85.77.50]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Wed, 18 Jun 2008 20:15:53 +0200
Received: from eusrcmw750.eamcs.ericsson.se ([138.85.77.50]) by eusrcmw750.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Wed, 18 Jun 2008 13:15:44 -0500
Received: from [142.133.10.113] ([142.133.10.113]) by eusrcmw750.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Wed, 18 Jun 2008 13:15:44 -0500
Message-ID: <485950F5.9020107@ericsson.com>
Date: Wed, 18 Jun 2008 14:16:21 -0400
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
User-Agent: Thunderbird 2.0.0.14 (X11/20080505)
MIME-Version: 1.0
To: Jean-Michel Combes <jeanmichel.combes@gmail.com>
References: <729b68be0806061730y7bf7f8e7ld3d2b2a5de4155f5@mail.gmail.com> <200806121653.22293.julien.IETF@laposte.net> <729b68be0806181102n12449c7ahe631c725a5ce3ad1@mail.gmail.com>
In-Reply-To: <729b68be0806181102n12449c7ahe631c725a5ce3ad1@mail.gmail.com>
X-OriginalArrivalTime: 18 Jun 2008 18:15:44.0109 (UTC) FILETIME=[52D169D0:01C8D16F]
X-Brightmail-Tracker: AAAAAA==
Cc: cga-ext@ietf.org, Julien Laganier <julien.IETF@laposte.net>
Subject: Re: [CGA-EXT] New Version for draft-krishnan-csi-proxy-send-00
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: cga-ext-bounces@ietf.org
Errors-To: cga-ext-bounces@ietf.org

Hi Jean-Michel,
   Please see comments inline

Jean-Michel Combes wrote:
> Hi Julien,
> 
> 2008/6/12, Julien Laganier <julien.IETF@laposte.net>:
>> Hello Jean-Michel,
>>
>>
>>  On Saturday 07 June 2008, Jean-Michel Combes wrote:
>>  > Hi,
>>  >
>>  > After a quick review, I have one comment and one question:
>>  > - IMHO, your solution should work too with anycast addresses case
>>
>>
>> It seems so. It also seems it would work to secure NS/NA exchange based
>>  on certificates rather than CGA.
> 
> Not sure that certs defined in krishnan-cgaext-send-cert-eku are well
> adapted for such a use: IMHO, prefix ownership is not the same as
> address ownership.

Why not :-)? If the IP address in the certificate is a /128 and the EKU 
value is "owner" (or some variant of this), these certificates can be 
used for address ownership.

> 
>> To achieve that it would also be
>>  necessary to define another EKU (extended key usage) for "Address
>>  ownership", in addition to "Router" and "Proxy".
> 
> But what is in the cert when you want to use it to proxy NS/NA? An
> address or a prefix?

The /128 address of the node with eku value of "owner"

> 
>>
>>  > - How will a ND-Proxy get the certificate authorizing it to act as an
>>  > ND-Proxy?
>>
>>
>> In the same fashion that a Router gets the certificate authorizing it to
>>  act as a router.
> 
> May I have details in the case of the MIPv6 scenario? Specially, who
> does provide the cert?

In very basic terms, the certificate is provided by anyone the MN that 
the MN trusts. e.g. this could be the mobility service provider.

Cheers
Suresh
_______________________________________________
CGA-EXT mailing list
CGA-EXT@ietf.org
https://www.ietf.org/mailman/listinfo/cga-ext

v2.23.0 | Report a Bug | By Email