Re: [CGA-EXT] New Version for draft-krishnan-csi-proxy-send-00
"Jean-Michel Combes" <jeanmichel.combes@gmail.com> Wed, 18 June 2008 21:13 UTC
Return-Path: <cga-ext-bounces@ietf.org>
X-Original-To: cga-ext-archive@optimus.ietf.org
Delivered-To: ietfarch-cga-ext-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ADF683A6B88; Wed, 18 Jun 2008 14:13:17 -0700 (PDT)
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D74773A6B7C for <cga-ext@core3.amsl.com>; Wed, 18 Jun 2008 14:13:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.307
X-Spam-Level:
X-Spam-Status: No, score=-2.307 tagged_above=-999 required=5 tests=[AWL=0.292, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mg9lEDzKD7RN for <cga-ext@core3.amsl.com>; Wed, 18 Jun 2008 14:13:16 -0700 (PDT)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.226]) by core3.amsl.com (Postfix) with ESMTP id E50E03A6B88 for <cga-ext@ietf.org>; Wed, 18 Jun 2008 14:13:15 -0700 (PDT)
Received: by rv-out-0506.google.com with SMTP id b25so5710254rvf.49 for <cga-ext@ietf.org>; Wed, 18 Jun 2008 14:14:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=WkoMXetCMyukqkeXxyJxlIUUUaKU9l4r/AsCY52DpSU=; b=SGpsg+rLRGtmBbQ3Hwz+W06NtwbCJIfcO0s6XYUaMXczVFEI1X855POnxKOLYQOJXp 6iYCNsc7RKQxAC4bQp/noaMggkMYZN4Ybb3uIk6nn+S2nBQR6kwvYWGhefce9CCZnO7m 9tLGN6OVvXX6MY/kpKQ04IXpPOErWngfmeh2k=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=rKfQ0qKBksWmULfc+2XrIQJKKeEWfQGXAYtY+WD/AQa0hvXJtvBchwCVDTXofZNeiJ JM0Hz8sObVYqJtL67vRuRdwITDlJhj7wpUxb+7nzXuOGappRxoHq0XUTMLLQKduPV7wt c1AG7juRozUsITgzxUksyw1mnreUcvCrbpknU=
Received: by 10.140.163.3 with SMTP id l3mr5893034rve.117.1213823644279; Wed, 18 Jun 2008 14:14:04 -0700 (PDT)
Received: by 10.141.189.15 with HTTP; Wed, 18 Jun 2008 14:14:04 -0700 (PDT)
Message-ID: <729b68be0806181414q2b8cdc17vd37b6fee1aa83892@mail.gmail.com>
Date: Wed, 18 Jun 2008 23:14:04 +0200
From: Jean-Michel Combes <jeanmichel.combes@gmail.com>
To: Suresh Krishnan <suresh.krishnan@ericsson.com>
In-Reply-To: <485950F5.9020107@ericsson.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <729b68be0806061730y7bf7f8e7ld3d2b2a5de4155f5@mail.gmail.com> <200806121653.22293.julien.IETF@laposte.net> <729b68be0806181102n12449c7ahe631c725a5ce3ad1@mail.gmail.com> <485950F5.9020107@ericsson.com>
Cc: cga-ext@ietf.org, Julien Laganier <julien.IETF@laposte.net>
Subject: Re: [CGA-EXT] New Version for draft-krishnan-csi-proxy-send-00
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: cga-ext-bounces@ietf.org
Errors-To: cga-ext-bounces@ietf.org
Hi Suresh, Sorry but some points are unclear for me. At first, what are assumptions you have regarding the MN? >From my point of view, the MN is able to use SEND: in using either CGA or a cert linked to its address. Is it the same assumption for you because I am not sure this is the case? :) Second point, if the MN have a CGA, how does the ND Proxy get the cert which will allow it to sign the NDP signaling instead of the MN? Last point, if the MN have a cert linked to its address, how does this cert is provided to the MN? Thanks for your help. Cheers. JMC. 2008/6/18, Suresh Krishnan <suresh.krishnan@ericsson.com>: > Hi Jean-Michel, > Please see comments inline > > Jean-Michel Combes wrote: > > > Hi Julien, > > > > 2008/6/12, Julien Laganier <julien.IETF@laposte.net>: > > > > > Hello Jean-Michel, > > > > > > > > > On Saturday 07 June 2008, Jean-Michel Combes wrote: > > > > Hi, > > > > > > > > After a quick review, I have one comment and one question: > > > > - IMHO, your solution should work too with anycast addresses case > > > > > > > > > It seems so. It also seems it would work to secure NS/NA exchange based > > > on certificates rather than CGA. > > > > > > > Not sure that certs defined in krishnan-cgaext-send-cert-eku are well > > adapted for such a use: IMHO, prefix ownership is not the same as > > address ownership. > > > > Why not :-)? If the IP address in the certificate is a /128 and the EKU > value is "owner" (or some variant of this), these certificates can be used > for address ownership. > > > > > > > > > To achieve that it would also be > > > necessary to define another EKU (extended key usage) for "Address > > > ownership", in addition to "Router" and "Proxy". > > > > > > > But what is in the cert when you want to use it to proxy NS/NA? An > > address or a prefix? > > > > The /128 address of the node with eku value of "owner" > > > > > > > > > > > > > - How will a ND-Proxy get the certificate authorizing it to act as an > > > > ND-Proxy? > > > > > > > > > In the same fashion that a Router gets the certificate authorizing it to > > > act as a router. > > > > > > > May I have details in the case of the MIPv6 scenario? Specially, who > > does provide the cert? > > > > In very basic terms, the certificate is provided by anyone the MN that the > MN trusts. e.g. this could be the mobility service provider. > > Cheers > Suresh > _______________________________________________ CGA-EXT mailing list CGA-EXT@ietf.org https://www.ietf.org/mailman/listinfo/cga-ext
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Jean-Michel Combes
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Julien Laganier
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Silviu VLASCEANU
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Julien Laganier
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Jean-Michel Combes
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Suresh Krishnan
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Jean-Michel Combes
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Julien Laganier
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Julien Laganier
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Suresh Krishnan
- Re: [CGA-EXT] New Version for draft-krishnan-csi-… Jean-Michel Combes