[Hipsec] About the HICCUPS draft
Miika Komu <mkomu@cs.hut.fi> Mon, 08 March 2010 11:36 UTC
Return-Path: <mkomu@cs.hut.fi>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A435C3A6959 for <hipsec@core3.amsl.com>; Mon, 8 Mar 2010 03:36:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opXITOW+HZsx for <hipsec@core3.amsl.com>; Mon, 8 Mar 2010 03:36:30 -0800 (PST)
Received: from hutcs.cs.hut.fi (hutcs.cs.hut.fi [130.233.192.7]) by core3.amsl.com (Postfix) with ESMTP id B59D43A68A7 for <hipsec@ietf.org>; Mon, 8 Mar 2010 03:36:30 -0800 (PST)
Received: from hutcs.cs.hut.fi ([130.233.192.7] helo=[127.0.0.1]) by hutcs.cs.hut.fi with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.54) id 1NobGC-0006uI-Fj; Mon, 08 Mar 2010 13:36:32 +0200
Message-ID: <4B94E140.2020301@cs.hut.fi>
Date: Mon, 08 Mar 2010 13:36:32 +0200
From: Miika Komu <mkomu@cs.hut.fi>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9pre) Gecko/20100304 Shredder/3.0.4pre
MIME-Version: 1.0
To: hip WG <hipsec@ietf.org>
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi>
Subject: [Hipsec] About the HICCUPS draft
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2010 11:36:31 -0000
----- Forwarded message from Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi> ----- Date: Thu, 04 Mar 2010 14:29:31 +0200 From: Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi> Reply-To: Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi> Subject: About the HICCUPS draft To: hipsec@ietf.org Dear all, I have been working at Helsinki Institute for Information Technology (HIIT) with the technology called Packet Level Authentication (PLA). PLA aims to provide availability and hop-by-hop authentication on the network layer through cryptographic signatures. The main idea is to give intermediate nodes means to detect modified, duplicated and delayed packets, these packets can be then dropped immediately before they even reach the destination. Miika Komu and others suggested me combining principles of PLA with HIP since they mostly complement each other. The HICCUPS draft seems to be a good place for that. Some of my ideas are listed below. - Could the possibility of more extensive hop-by-hop verification be included in the security considerations chapter (7.) of the draft? - A timestamp added to HICCUPS parameters would allow detection of significantly delayed packets. A global time synchronization mechanism would not be absolutely necessary. - A separate sequence number added to every HICCUPS packet would allow detection of duplicated packets (which can be used in replay attacks). In contrast to SEQ_DATA packet, this sequence number would not be ACKed. Best regards, Dmitrij Lagutin Researcher, Helsinki Institute for Information Technology ----- End forwarded message -----
- [Hipsec] About the HICCUPS draft Miika Komu
- [Hipsec] About the HICCUPS draft Dmitrij Lagutin
- Re: [Hipsec] About the HICCUPS draft Jan Melen
- Re: [Hipsec] About the HICCUPS draft Ari Keranen