[cgasec] To your health, and a comment on strength
Christian Huitema <huitema@microsoft.com> Sun, 25 July 2010 15:01 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: cgasec@core3.amsl.com
Delivered-To: cgasec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 523963A67EE for <cgasec@core3.amsl.com>; Sun, 25 Jul 2010 08:01:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ew9mwyReUEpP for <cgasec@core3.amsl.com>; Sun, 25 Jul 2010 08:01:35 -0700 (PDT)
Received: from smtp.microsoft.com (mail2.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 7833F3A6849 for <cgasec@ietf.org>; Sun, 25 Jul 2010 08:01:34 -0700 (PDT)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Sun, 25 Jul 2010 08:01:54 -0700
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) with Microsoft SMTP Server (TLS) id 14.1.180.4; Sun, 25 Jul 2010 08:01:53 -0700
Received: from TK5EX14MBXW652.wingroup.windeploy.ntdev.microsoft.com ([169.254.2.160]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Sun, 25 Jul 2010 08:01:54 -0700
From: Christian Huitema <huitema@microsoft.com>
To: Margaret Wasserman <margaretw42@gmail.com>, "cgasec@ietf.org" <cgasec@ietf.org>
Thread-Topic: To your health, and a comment on strength
Thread-Index: AcssBhMoQJwh2EoeQFuPVrhNSfneSQ==
Date: Sun, 25 Jul 2010 15:01:50 +0000
Message-ID: <727B5244734C1F4E83CF2575353129BA085D36@TK5EX14MBXW652.wingroup.windeploy.ntdev.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [cgasec] To your health, and a comment on strength
X-BeenThere: cgasec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA-based Security discussion list <cgasec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cgasec>, <mailto:cgasec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cgasec>
List-Post: <mailto:cgasec@ietf.org>
List-Help: <mailto:cgasec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cgasec>, <mailto:cgasec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2010 15:01:36 -0000
Santé! I hope you will enjoy the bar's offerings. I will not be able to join you, but I wish you luck. CGA have the potential for providing address authentication without relying on certification authority, and that's certainly valuable. Having a standard way to "prove it" is also commendable. I am sure that there will be debates on the general architecture. Instead of using IPv6 options, one could think of out of band mechanisms like ICMP, application layer challenges, or extensions to existing protocols like IKE or SSL. Also, there is no little value in authenticating the source address of a packet if the content or destination can be tampered with, so CGA can only be a piece of the puzzle. But this is not the point of my mail. I would like to discuss strength, and specifically the 2**59 issue. The draft correctly states that the "cryptographic strength of CGA addresses makes it 2**59 times harder to forge an address than to generate a new address." But the cost of generating new addresses can be made arbitrarily harder by the "Security Parameter" and "Hash Extension" mechanism of RFC 3972. The draft does not mention it. I believe it should. The Security Parameter is defined in RFC 3972 as three bits that define increasing difficulty of address generation, and ipso facto increasing difficulty of address spoofing. Access control lists can easily be restricted to only include addresses generated with the appropriate values of the CGA Security parameter. This will force users of a protected service to generate CGA with appropriate strength. I believe this type of restriction should be documented in the security consideration. In the interest of full disclosure, I need to point out Microsoft's IPR statement about CGA: https://datatracker.ietf.org/ipr/676/. -- Christian Huitema
- [cgasec] To your health, and a comment on strength Christian Huitema
- Re: [cgasec] To your health, and a comment on str… Sam Hartman
- Re: [cgasec] To your health, and a comment on str… Christian Huitema