[CGA-EXT] Comments on draft-ietf-csi-hash-threat-05

Tony Cheneau <tony.cheneau@it-sudparis.eu> Sat, 06 February 2010 17:05 UTC

Return-Path: <tony.cheneau@it-sudparis.eu>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0170B3A6F4D for <cga-ext@core3.amsl.com>; Sat, 6 Feb 2010 09:05:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ge4Vqz+0sInO for <cga-ext@core3.amsl.com>; Sat, 6 Feb 2010 09:05:22 -0800 (PST)
Received: from smtp4.int-evry.fr (smtp4.int-evry.fr [157.159.10.71]) by core3.amsl.com (Postfix) with ESMTP id 3D2753A6F50 for <cga-ext@ietf.org>; Sat, 6 Feb 2010 09:05:22 -0800 (PST)
Received: from smtp2.int-evry.fr (smtp2.int-evry.fr [157.159.10.45]) by smtp4.int-evry.fr (Postfix) with ESMTP id 36889FE4397; Sat, 6 Feb 2010 18:06:16 +0100 (CET)
Received: from smtp-ext.int-evry.fr (smtp-ext.int-evry.fr [157.159.11.17]) by smtp2.int-evry.fr (Postfix) with ESMTP id 3CDC5404FF5; Sat, 6 Feb 2010 18:06:10 +0100 (CET)
Received: from alf94-6-82-226-232-167.fbx.proxad.net (alf94-6-82-226-232-167.fbx.proxad.net [82.226.232.167]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-ext.int-evry.fr (Postfix) with ESMTP id EF92390130; Sat, 6 Feb 2010 18:06:09 +0100 (CET)
Date: Sat, 6 Feb 2010 18:06:13 +0100 (CET)
From: Tony Cheneau <tony.cheneau@it-sudparis.eu>
X-X-Sender: shad@localhost.localdomain
To: cga-ext@ietf.org
Message-ID: <alpine.LNX.2.00.1002061709030.27575@localhost.localdomain>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-INT-MailScanner-Information: Please contact the ISP for more information
X-INT-MailScanner-ID: 3CDC5404FF5.A9B07
X-INT-MailScanner: Found to be clean
X-INT-MailScanner-SpamCheck: n'est pas un polluriel, SpamAssassin (not cached, score=0.805, requis 6.01, BAYES_00 -2.60, FH_HELO_EQ_D_D_D_D 0.00, HELO_DYNAMIC_IPADDR 2.43, RCVD_IN_SORBS_DUL 0.88, RDNS_DYNAMIC 0.10)
X-INT-MailScanner-From: tony.cheneau@it-sudparis.eu
Cc: Ana.Kukec@fer.hr
Subject: [CGA-EXT] Comments on draft-ietf-csi-hash-threat-05
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2010 17:05:23 -0000

Hello Ana, Suresh and Sheng,

I've read your draft and find it is in a good shape.

However, in the following text, I have a small comment:

    extensions.  For example, an attack against the IP address extension
    would enable the router to advertize the changed IP prefix range,
    although, not broader than the prefix range of the parent certificate
    in the ADD chain.

RFC 3971 does not mandate the use of IP prefix range (or address) (it is 
a "should"). Maybe you could add "if used in the original certificate".


Also, can you update the following references ?
    [sig-agility]
               Cheneau, T., Maknavicius, M., Shen, S., and M. Vanderveen,
               "Signature Algorithm Agility in the Secure Neighbor
               Discovery (SEND) Protocol",
               draft-cheneau-csi-send-sig-agility-00 (work in progress),
               October 2009.

Regards,
 	Tony