Re: [CGA-EXT] FW: WG Review: Cga & Send maIntenance (csi)
marcelo bagnulo braun <marcelo@it.uc3m.es> Sat, 02 February 2008 10:29 UTC
Return-Path: <cga-ext-bounces@ietf.org>
X-Original-To: ietfarch-cga-ext-archive@core3.amsl.com
Delivered-To: ietfarch-cga-ext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A471D3A6A2F; Sat, 2 Feb 2008 02:29:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.981
X-Spam-Level:
X-Spam-Status: No, score=-3.981 tagged_above=-999 required=5 tests=[AWL=-0.219, BAYES_00=-2.599, RCVD_BAD_ID=2.837, RCVD_IN_DNSWL_MED=-4]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8crJUchOi4L; Sat, 2 Feb 2008 02:29:54 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 68DF23A6A1C; Sat, 2 Feb 2008 02:29:54 -0800 (PST)
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A08D3A6A1C for <cga-ext@core3.amsl.com>; Sat, 2 Feb 2008 02:29:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iozNQ5H50Km for <cga-ext@core3.amsl.com>; Sat, 2 Feb 2008 02:29:51 -0800 (PST)
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.176.133]) by core3.amsl.com (Postfix) with ESMTP id DD10A3A689B for <cga-ext@ietf.org>; Sat, 2 Feb 2008 02:29:50 -0800 (PST)
Received: from [163.117.203.45] (unknown [163.117.203.45])(using TLSv1 with cipher AES128-SHA (128/128 bits))(No client certificate requested)by smtp03.uc3m.es (Postfix) with ESMTP id D88E12CA616;Sat, 2 Feb 2008 11:31:20 +0100 (CET)
Message-Id: <86BE39D5-2C47-46B9-BA83-461B4D595669@it.uc3m.es>
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
In-Reply-To: <550FE2FE-BB8F-4F33-BD4E-34B70523A1C3@it.uc3m.es>
Mime-Version: 1.0 (Apple Message framework v915)
Date: Sat, 02 Feb 2008 11:29:17 +0100
References: <47A35C14.1060005@piuha.net> <550FE2FE-BB8F-4F33-BD4E-34B70523A1C3@it.uc3m.es>
X-Mailer: Apple Mail (2.915)
X-imss-version: 2.049
X-imss-result: Passed
X-imss-scanInfo: M:B L:E SM:2
X-imss-tmaseResult: TT:1 TS:-38.5409 TC:1F TRN:93 TV:5.0.1023(15704.003)
X-imss-scores: Clean:100.00000 C:0 M:0 S:0 R:0
X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000)
Cc: cga-ext@ietf.org
Subject: Re: [CGA-EXT] FW: WG Review: Cga & Send maIntenance (csi)
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: cga-ext-bounces@ietf.org
Errors-To: cga-ext-bounces@ietf.org
oops, i got a bit ahead.... the WG creation is now to be discussed by the IESG i will keep you posted sorry for the confusion Regards, marcelo El 01/02/2008, a las 23:29, marcelo bagnulo braun escribió: > Hi folks, > > finally we have a wg and we will be meeting in Philadeplhia. > Let us know if you are working on some the items and you will be > interested in presenting some the work in the meeting. > > Regards, marcelo > > > Inicio del mensaje reenviado: > >> De: Jari Arkko <jari.arkko@piuha.net> >> Fecha: 1 de febrero de 2008 18:51:16 GMT+01:00 >> Para: cga-ext@ietf.org >> Asunto: [CGA-EXT] FW: WG Review: Cga & Send maIntenance (csi) >> >> IESG Secretary wrote: >>> A new IETF working group has been proposed in the Internet Area. >>> The IESG has not made any determination as yet. The following >>> draft charter was submitted, and is provided for informational >>> purposes only. Please send your comments to the IESG mailing >>> list (iesg@ietf.org) by February 7, 2008. >>> >>> Cga & Send maIntenance (csi) >>> ============================ >>> Current Status: Proposed Working Group >>> >>> Chair(s): >>> TBD >>> >>> Internet Area Area Director(s): >>> Jari Arkko <jari.arkko@piuha.net> >>> Mark Townsley <townsley@cisco.com> >>> >>> Description: >>> >>> Proposed charter for Cga & Send maIntenance (CSI) BOF >>> >>> The Secure Neighbor Discovery (SEND) protocol defined by >>> RFC 3971 provides security mechanisms protecting different >>> functions of the Neighbor Discovery (ND) protocol defined >>> by RFC 2461. This includes address resolution (discovering >>> link layer address of another node attached to the link), >>> router discovery (discovering routers attached to the link), >>> and neighbor unreachability detection (detecting that a node >>> attached to the link is no longer reachable). SEND protection >>> of address resolution and neighbor unreachability detection >>> functions relies on IPv6 address proof-of-ownership and message >>> integrity protection provided respectively via Cryptographically >>> Generated Addresses (CGAs) and RSA Digital Signatures. >>> >>> CGAs are defined in RFC 3972, and are extended with a CGA extension >>> format defined in RFC 4581, and a support for multiple hash >>> functions defined in RFC 4982. While CGAs were originally defined >>> for the SEND protocol, they have proved to be a useful security tool >>> in other environments too, and its usage has been proposed to secure >>> other protocols such as the Shim6 multihoming protocol and the >>> Mobile >>> IPv6 protocol. While there is very little deployment of SEND to >>> date, >>> there are a number of implementations, recommendations in the NIST >>> and >>> DOD profiles call for use of SEND, and operating system vendors are >>> considering adding SEND to their next releases. As a result, it is >>> desirable to review the current state of the SEND and CGA >>> specifications, >>> maintain and complement them where necessary. Up to date >>> cryptographic >>> algorithms are needed, and the protocols need to be able to deal >>> with >>> certain common situations currently not supported. >>> >>> Specifically, the WG will look at the following issues: >>> >>> - Develop an informational document analyzing the implications of >>> recent attacks on hash functions used by SeND protocol. Current SeND >>> specification uses the SHA-1 hash algorithm and does not provides >>> support for hash algorithm agility, hence the critical need for >>> understanding the impact of the attacks on the SeND protocol. In >>> addition, if as a result of the aforementioned analysis it is deemed >>> necessary, standard-track extensions to the SeND protocol to support >>> multiple hash algorithms will be defined. >>> >>> - Specify a standards-track CGA and SeND extensions to support >>> multiple public key algorithms. As currently defined CGA and SeND >>> can only use RSA keys, and they lack support for other public key >>> algorithms (e.g. Elliptic Curve Cryptography -- ECC). >>> >>> - Develop X.509 certificate management tools for SeND. SeND utilizes >>> X.509v3 certificates for performing router authorization. It uses >>> the >>> X.509 extension for IP addresses to verify whether the router is >>> authorized to advertise the mentioned IP addresses. Since the IP >>> addresses extension does not explicitly mention what functions the >>> node can perform for the IP addresses it becomes impossible to know >>> the reason for which the certificate was allowed. In order to >>> facilitate >>> issuance of certificates for specific functions, we need to encode >>> the >>> functions permitted for the certificate into the certificate >>> itself. The >>> WG will develop a certificate profile, including a definition of X. >>> 509 >>> Extended Key Usage for SeND . In addition, the WG will recommend >>> best >>> practices for (1) enrollment, (2) revocation checking, and (3) >>> publishing >>> of certificates. This WG will ensure that the profile and >>> recommended >>> practices will cover usage by hosts in addition to routers. The >>> working >>> group will coordinate this and other certificate related >>> activities with >>> the PKIX WG. Prior to IESG submission of the certificate profile, >>> the >>> working group will seek input from and coordinate with other groups >>> enabling cryptographic identification of device-related properties >>> (e.g., >>> IEEE 802.1ar, IEEE 802.16, WiMAX Forum, IETF CAPWAP WG). >>> >>> - Develop a standard track document defining a mechanism to >>> perform SeND >>> certificate provisioning for routers. SeND protocol as defined in >>> RFC3971 specifies how IPv6 nodes can trust the prefixes advertised >>> by a >>> router. The solution is based on the use of the IP Address >>> Delegation >>> extension (RFC3779) in X.509 v3 certificates (RFC3280). >>> This work will provide the tools require to provision with the >>> certificates >>> to the routers in an automatic manner. >>> >>> - Produce a problem statement document for Neighbor Discovery >>> Proxies >>> and then specify standards-track SEND Extensions to support Neighbor >>> Discovery Proxies: SEND protocol as currently defined in RFC 3971 >>> lacks >>> of support for ND Proxies defined in RFC 3775 and RFC 4389. >>> Extensions to the SEND protocol will be defined in order to provide >>> equivalent SEND security capabilities to ND Proxies. >>> >>> - Develop an informational document analysing different approaches >>> to >>> allow SeND and CGAs to be used in conjunction with DHCP, and making >>> recommendations on which are the best suited. Recharter based on the >>> result of the analysis. >>> >>> - Update base specifications (RFC 3971 and 3972). >>> >>> Goals and Milestones: >>> >>> Jun 08 WG last-call on analysis of hash related threats in SeND >>> Aug 08 WG last-call on Proxy-SeND problem statement >>> Dec 08 WG last-call on multiple hash function support in SeND, if >>> required >>> Dec 08 WG last-call on multiple public key algorithm support >>> for CGA >>> Dec 08 WG last-call on multiple public key algorithm support >>> for SeND >>> Dec 08 WG last-call on certificate profile definition for SeND >>> Jan 09 WG last-call on Proxy SeND >>> Jun 09 WG last-call on certificate provision mechanism for SeND >>> routers >>> Jun 09 WG last-call on certificate management best practices >>> for SeND >>> routers >>> Jul 09 WG last-call on CGA-DHCP interaction >>> Nov 09 WG last-call on updated SeND specification >>> Nov 09 WG last-call on updated CGA specification >>> >>> Jul 08 Submit draft on analysis of hash related threats in SeND >>> to >>> IESG >>> Sept 08 Submit draft on Proxy-SeND problem statement to IESG >>> Jan 09 Submit draft on multiple hash function support in SeND >>> to IESG, >>> if required >>> Jan 09 Submit draft on multiple public key algorithm support >>> for CGA to >>> IESG >>> Jan 09 Submit draft on multiple public key algorithm support >>> for SeND >>> to IESG >>> Jan 09 Submit draft on certificate profile definition for SeND >>> to IESG >>> Feb 09 Submit draft on Proxy SeND to IESG >>> Jul 09 Submit draft on certificate provision mechanism for SeND >>> routers >>> to IESG >>> Jul 09 Submit draft on certificate management best practices >>> for SeND >>> routers to IESG >>> Aug 09 Submit draft on CGA-DHCP interaction to IESG >>> Dec 09 Submit draft on updated SeND specification to IESG >>> Dec 09 Submit draft on updated CGA specification to IESG >>> >>> >>> >>> >> >> _______________________________________________ >> CGA-EXT mailing list >> CGA-EXT@ietf.org >> http://www.ietf.org/mailman/listinfo/cga-ext > _______________________________________________ CGA-EXT mailing list CGA-EXT@ietf.org http://www.ietf.org/mailman/listinfo/cga-ext
- [CGA-EXT] Fwd: FW: WG Review: Cga & Send maIntena… marcelo bagnulo braun
- Re: [CGA-EXT] FW: WG Review: Cga & Send maIntenan… marcelo bagnulo braun