Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-03

Alberto García <alberto@it.uc3m.es> Fri, 09 April 2010 16:37 UTC

Return-Path: <alberto@it.uc3m.es>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9BE153A680E for <cga-ext@core3.amsl.com>; Fri, 9 Apr 2010 09:37:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.44
X-Spam-Level:
X-Spam-Status: No, score=-4.44 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eUm8kEMoA0n7 for <cga-ext@core3.amsl.com>; Fri, 9 Apr 2010 09:37:05 -0700 (PDT)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by core3.amsl.com (Postfix) with ESMTP id 75E933A6918 for <CGA-EXT@ietf.org>; Fri, 9 Apr 2010 09:37:03 -0700 (PDT)
X-uc3m-safe: yes
Received: from bombo (bombo.it.uc3m.es [163.117.139.125]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by smtp01.uc3m.es (Postfix) with ESMTP id E9F0ABA698A; Fri, 9 Apr 2010 18:36:57 +0200 (CEST)
From: =?ISO-8859-15?Q?Alberto_Garc=EDa?= <alberto@it.uc3m.es>
To: "'Tony Cheneau'" <tony.cheneau@it-sudparis.eu>, <draft-ietf-csi-proxy-send@tools.ietf.org>
References: <alpine.LNX.2.00.1004091544180.9490@whitebox>
Date: Fri, 9 Apr 2010 18:36:59 +0200
Message-ID: <383E40D32F394FB398521C398A133C68@bombo>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <alpine.LNX.2.00.1004091544180.9490@whitebox>
Thread-Index: AcrX8anWdKeWCGhKRpac3E43AtGY6gACp1jA
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-6.0.0.1038-17162.002
Cc: CGA-EXT@ietf.org
Subject: Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-03
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Apr 2010 16:37:07 -0000

Hi,

|  -----Mensaje original-----
|  De: Tony Cheneau [mailto:tony.cheneau@it-sudparis.eu]
|  Enviado el: viernes, 09 de abril de 2010 16:33
|  Para: draft-ietf-csi-proxy-send@tools.ietf.org
|  CC: CGA-EXT@ietf.org
|  Asunto: Comments on draft-ietf-csi-proxy-send-03
|  
|  Hello,
|  
|  I read your draft and some comments.
|  
|  I will start with the "editorial" ones:
|  - I often read "PSO option", which expends to "Proxy Signature Option
|     option". IMHO, "PS option" would be better.
|  - Section 6.2: "acccording to" => "according to"
|  - Section 7.2: "these node interpret" => "these nodeS interpret"

ok

|  
|  
|  One technical comment/question:
|  - Section 6.2
|  "  When a MAG replies to a RS with a RA, the source address MUST be
|      equal to the MAG link-local address associated to the MN in this
|      PMIPv6 domain and its own link layer address as Source link-layer
|      address.  Then a timestamp (generated by the proxy) and nonce (if
|      appropriate, acccording to [RFC3971]), MUST be included.  Finally, a
|      PSO option signing the message MUST be included as the last option of
|      the message.  This procedure is followed for any other ND message
|      that could be generated by the MAG to a MN. "
|  I understand from PMIP that the node that moves through the domain sees
|  only one Link-Local address for all the MAGs. From your SNDP proposal,
|  the node relies on the RFC 3971 rules to process the timestamp. I mean,
|  the node could implement the mechanism proposed as a SHOULD in Section
|  5.3.4.2 of RFC 3971. Here, my concern is that the node will most likely
|  consider the NDP messages of all the other MAG (after the first one it
|  met) as replayed packets.
|  
|  A small example, two MAGs, MAG_A and MAG_B. MAG_B's clock has minus one
|  minute difference with MAG_A.  MAG_A sends a RA message secured with a
|  PSO. The nodes verifies it and record a RDlast and TSlast value (as per
|  RFC 3971). The node moves and MAG_B sends a RA message.  The node read
|  the Timestamp option and compares it with its RDlast and TSlast value.
|  The message is rejected as it looks like a replayed message.

Yes, I see the problem, good point.
This may also occur for MIPv6 when a node switches from communicating with
the MN to the Secure Proxy ND, and viceversa.

I think the solution is to assume that timestamp checking must be performed
independently for the different possible sources (the MN, the Secure Proxy
ND, the MAG), i.e. process the timestamp of a message received for the first
time from a proxy as if it were the first message of a communication.
Therefore, I would replace rule 5 in 5.2.2 of draft-ietf-csi-proxy-send-03
with two rules (which separate timestamp and nonce for the sake of clarity):

"5. The Timestamp option MUST be processed as specified in
       [RFC3971] Section 5.3.4, except for replacing 'RSA Signature
       option' by 'PS option'. The receiver SHOULD store the peer-related
timing information specified in [RFC3971] Section 5.3.4.1 and 5.3.4.2
(RDlast, TSlast) separately for each different proxy (which can be
identified by the different Key Hash values of the proxied message) and
separately from the timing information associated to the IP of node for
which the message is proxied. In this way, a message received for the first
time from a proxy (i.e. for which there is no information stored in the
cache) SHOULD be checked as messages received from new peers (as in
[RFC3971] section 5.3.4.2).

6. The Nonce option MUST be processed as specified in 
       [RFC3971] Section 5.3.4, except for replacing 'RSA Signature
       option' by 'PS option'. "
[...]"

I think it is not necessary to say that if the message is later received
from the original host (not from the proxy), the Timestamp is checked with
the time values specific to the host (not with the values specific to the
proxy).

I think this does not introduce new security considerations: on one hand,
caches from previous sending nodes communicating don't need to be deleted,
so old messages cannot be replied; and on the other hand, security
considerations on RFC 3971 section 9.2.5 apply to the messages sent for the
first time from the proxies.

What do you think? 

|  
|  Or maybe I missed the part that says the clocks are implicitly
|  synchronised (or something else) ? Either way, could you clarify the
|  situation for me and maybe add some text in the draft about this ?

I hope the previous solution is cleaner than requiring synchronization.

|  
|  Apart from the minor points I noted, the overall document is in a very
good
|  shape.
|  
|  (Also, sorry for my late reply to this WGLC)
|  
|  Hope it helps.

Sure, thanks Tony

Alberto

|  
|  Regards,
|   	Tony