Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01
Tony Cheneau <tony.cheneau@it-sudparis.eu> Thu, 26 November 2009 08:53 UTC
Return-Path: <tony.cheneau@it-sudparis.eu>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4B933A6A6D for <cga-ext@core3.amsl.com>; Thu, 26 Nov 2009 00:53:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQWhvvB6p18v for <cga-ext@core3.amsl.com>; Thu, 26 Nov 2009 00:53:45 -0800 (PST)
Received: from smtp4.int-evry.fr (smtp4.int-evry.fr [157.159.10.71]) by core3.amsl.com (Postfix) with ESMTP id BC5573A6BA9 for <cga-ext@ietf.org>; Thu, 26 Nov 2009 00:53:44 -0800 (PST)
Received: from smtp2.int-evry.fr (smtp2.int-evry.fr [157.159.10.45]) by smtp4.int-evry.fr (Postfix) with ESMTP id 19071FE1BEF; Thu, 26 Nov 2009 09:53:39 +0100 (CET)
Received: from smtp-ext.int-evry.fr (smtp-ext.int-evry.fr [157.159.11.17]) by smtp2.int-evry.fr (Postfix) with ESMTP id C56504055D8; Thu, 26 Nov 2009 09:53:32 +0100 (CET)
Received: from pat4661.micro.int-evry.fr (unknown [157.159.103.112]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-ext.int-evry.fr (Postfix) with ESMTP id 3638290103; Thu, 26 Nov 2009 09:53:32 +0100 (CET)
Date: Thu, 26 Nov 2009 09:53:46 +0100
From: Tony Cheneau <tony.cheneau@it-sudparis.eu>
X-X-Sender: shad@whitebox
To: "Laganier, Julien" <julienl@qualcomm.com>
In-Reply-To: <BF345F63074F8040B58C00A186FCA57F1C65FB2A51@NALASEXMB04.na.qualcomm.com>
Message-ID: <alpine.LNX.2.00.0911260951580.7596@whitebox>
References: <alpine.LNX.2.00.0911191100150.7833@whitebox> <BF345F63074F8040B58C00A186FCA57F1C66087842@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911201144010.7546@whitebox> <BF345F63074F8040B58C00A186FCA57F1C65FB277D@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911211025090.11248@localhost.localdomain> <BF345F63074F8040B58C00A186FCA57F1C65FB2942@NALASEXMB04.na.qualcomm.com> <alpine.LNX.2.00.0911242317130.11124@localhost.localdomain> <BF345F63074F8040B58C00A186FCA57F1C65FB2A51@NALASEXMB04.na.qualcomm.com>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-INT-MailScanner-Information: Please contact the ISP for more information
X-INT-MailScanner-ID: C56504055D8.A860A
X-INT-MailScanner: Found to be clean
X-INT-MailScanner-SpamCheck: n'est pas un polluriel, SpamAssassin (not cached, score=-4.399, requis 6.01, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60)
X-INT-MailScanner-From: tony.cheneau@it-sudparis.eu
Cc: "draft-ietf-csi-proxy-send@tools.ietf.org" <draft-ietf-csi-proxy-send@tools.ietf.org>, "cga-ext@ietf.org" <cga-ext@ietf.org>
Subject: Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2009 08:53:45 -0000
Hi Julien, > All right Tony, then I assume we want to have the fe80::/64 prefix present in the certificate when proxying of link local addresses is required (e.g., RFC 4389, RFC 5213.) Do you think we have to include additional text in the draft to reflect that? If yes, any suggestion? I think some text may be needed to clarify the issue (which is new and related to the Secure ND proxy). Maybe a new section, right after 6.2, named "Handling of Link-Local Addresses". Containing: "Secure Neighbor Discovery [RFC3971] relies on certificate to prove that routers are authorized to announce a certain prefix. However, Neighbor Discovery [RFC4861] states that router does not announce the Link-Local prefix (fe80::/64). Hence, it is unusual for a SEND certificate to hold a X.509 IP address extensions that authorizes the fe80::/64 prefix. Some scenario ([RFC4389], [RFC5213], etc) imposes that the Secure ND proxy provides proxying function for the Link-Local address of a node. When Secure ND proxy functionality on a Link-Local address is required, either the address or the Link-Local prefix MUST be explicitly authorized in routers certificate." What do you think of it ? Regards, Tony
- [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01 Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Jean-Michel Combes
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Tony Cheneau
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Laganier, Julien
- [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Roque Gagliano
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Laganier, Julien
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Roque Gagliano
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Laganier, Julien
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Roque Gagliano
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Roque Gagliano
- [CGA-EXT] Review of draft-ietf-csi-proxy-send Jari Arkko
- Re: [CGA-EXT] Review draft-ietf-csi-proxy-send-01 Tony Cheneau
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Tony Cheneau
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Jari Arkko
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Alberto García
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Alberto García
- Re: [CGA-EXT] Comments on draft-ietf-csi-proxy-se… Alberto García
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Laganier, Julien
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Tony Cheneau
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Alberto García
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Jari Arkko
- Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send Alberto García