IETF Logo Mail Archive

Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17

Lishan Li <lilishan48@gmail.com> Tue, 08 November 2016 14:02 UTC

Return-Path: <lilishan48@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5086129C1A for <dhcwg@ietfa.amsl.com>; Tue, 8 Nov 2016 06:02:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3mNL9-tdRfER for <dhcwg@ietfa.amsl.com>; Tue, 8 Nov 2016 06:02:22 -0800 (PST)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A808129C07 for <dhcwg@ietf.org>; Tue, 8 Nov 2016 06:02:22 -0800 (PST)
Received: by mail-qk0-x231.google.com with SMTP id x190so215493499qkb.0 for <dhcwg@ietf.org>; Tue, 08 Nov 2016 06:02:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=z0ncmU1U1SgCqV++U8l0BWnP7Xeerf2rbRc4jh85mVQ=; b=VVCPHWoUxgXK/CkVrEIxWE0ai4SI5kAuL8ARKQt4HVjsKtxCuNjh/pgDZICdyRx5hC +cAXsGwQwdE4HlbD5sXlU0AVquoCXHBwLL8Z5ATkSxrD7mkYRAb+QfNQVPQUQwNYz6zz SBrcymRhvceo8DPPdVKaURH/kH7DqZ6haAGlMgN8aSw1B+QOYtanxMUOBha2yLihYUQ0 p41NTx4CHGFZ1BhbOxEIC4WPxuIyVHLolroLZjqFZDF3s8xFt3kploZ0FtT3cQQtEQHL y4wfNZ1Azqydy7K24fAdNDa/dE1zqhv035Nwr/4YAtsU2gxJTyRz+EFbQl5CEz1+ITXA kkmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=z0ncmU1U1SgCqV++U8l0BWnP7Xeerf2rbRc4jh85mVQ=; b=gDcBECMLeVeQhoTHWBjA1VfzqY9n2aJoBhERzX64R5Jfue500sM6nY0BounRB3pVNk GD1Uk2ji2qYUWNDIsw7IbtvWFUG2N+7JpzTI1LO4wNpjHeRranjSZFOwvn1SYoAtZsJ+ A2+42f124AjN16mY4Ah27J2qoZB7XhaaDFjduKtuwLFtJKthLS3C8k6Z6rI+oZkcSWiq hMPopvzLdDkLdhmBxYLtrlbCq+du4Z37axjtKZv1pQfJIxsdhXhS0ZfdBG7QbeVbHR8c gf5z/YAa4v5EtenSYBKY6939BFp+NOrjf1/u37EupCEZIn6+Ew0cjyfQTjMv/Dilp0hu 9Yug==
X-Gm-Message-State: ABUngvdibQkRcBdgF2jXjOeo20HyMiYeUv/Pnad4R/g6zpkzPWV/2dSNYp/YSjeQw68vpsDVoV/CWWGOWMyPDw==
X-Received: by 10.55.38.80 with SMTP id y77mr12227840qkg.51.1478613741794; Tue, 08 Nov 2016 06:02:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.237.62.242 with HTTP; Tue, 8 Nov 2016 06:02:21 -0800 (PST)
In-Reply-To: <m2r36nuqvn.wl%jinmei.tatuya@gmail.com>
References: <CAJE_bqebwr2WUUgaNgiYS4_8L77Gxj4Os+oPRG407B6ELMEhCQ@mail.gmail.com> <CAJ3w4Ndi5Gq63n5kZnanRhLM8nWE2wsWGh0kJJLJnq=VoXLuCg@mail.gmail.com> <CAJE_bqegh1DfWjfK2BxeC_fWa0cEk-KJNP0AT-TQuEa39w_wVQ@mail.gmail.com> <CAJ3w4NdM99nv4C19Xj=aosNme+_Ymyys=xQ3UWUfeZReZC4ckA@mail.gmail.com> <CAJE_bqdhGZnK16MooiyujDgthDNnR74EiwW0OevrN6uq4b4ANw@mail.gmail.com> <CAJE_bqfKUZe2yaW1sAq7rrib0M7wz28HHtPLqCHK=vXcN6amgg@mail.gmail.com> <CAJ3w4Nd3s+ZojjiotLkKwys6truhUgK6F-90UYjcpB9iw=fKKQ@mail.gmail.com> <m2r36nuqvn.wl%jinmei.tatuya@gmail.com>
From: Lishan Li <lilishan48@gmail.com>
Date: Tue, 08 Nov 2016 22:02:21 +0800
Message-ID: <CAJ3w4NeuNYTrX4p5rtZ6UceD5ydQ-B-vY6aqQzxWnXsrDOEFEA@mail.gmail.com>
To: JINMEI Tatuya / 神明達哉 <jinmei.tatuya@gmail.com>
Content-Type: multipart/alternative; boundary="001a11454c6cd6fe040540ca96af"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/4735FU84EIdF8HU63RlQP2CmQ08>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2016 14:02:23 -0000

2016-11-08 1:44 GMT+08:00 JINMEI Tatuya / 神明達哉 <jinmei.tatuya@gmail.com>:

> At Mon, 7 Nov 2016 16:29:45 +0800,
> Lishan Li <lilishan48@gmail.com> wrote:
>
> > > - Certificate for the public key for E1
> > > - Certificate for the public key for A1
> > > - Signature using A1 and HM
> > >
> > [LS]: In this way, we have two public key: public key for E1, and public
> > key for A1.
> > Which one will be used for the future encryption process?
>
> (Obviously) the former, but I guess your real question is how the
> client can determine that.  If so, that's a good point...I wasn't
> aware of the ambiguity at the time of my previous message.  I'm afraid
> we need some more additional protocol stuff to resolve this, e.g., add
> a new field for the certificate option to specify for which it's
> supposed to be used: encryption, authentication, or both.

[LS]: Another problem is that: whether all the certificates needed to be
verified for authentication? In general, if the certificate is verified and
then the public key can be used for encryption.
So I think one certificate is enough for authentication and encryption,
which is usually certificate for the public key for E1. There is no need
to contain the certificate for the public key for signature algorithm.

Best Regards,
Lishan

v2.23.0 | Report a Bug | By Email