Re: [Hipsec] About the HICCUPS draft
Jan Melen <jan.melen@nomadiclab.com> Wed, 17 March 2010 08:54 UTC
Return-Path: <jan.melen@nomadiclab.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2ED483A6849 for <hipsec@core3.amsl.com>; Wed, 17 Mar 2010 01:54:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.469
X-Spam-Level:
X-Spam-Status: No, score=-1.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42gn8OhNGhsA for <hipsec@core3.amsl.com>; Wed, 17 Mar 2010 01:54:15 -0700 (PDT)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 32B8C3A6928 for <hipsec@ietf.org>; Wed, 17 Mar 2010 01:54:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 62FA24E6D3; Wed, 17 Mar 2010 10:54:24 +0200 (EET)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lEscATJxsnSi; Wed, 17 Mar 2010 10:54:23 +0200 (EET)
Received: from smtp.nomadiclab.com (d146.nomadiclab.com [IPv6:2001:14b8:400:100::146]) by gw.nomadiclab.com (Postfix) with ESMTP id 5C20D4E6CD; Wed, 17 Mar 2010 10:54:23 +0200 (EET)
Received: from smtp.nomadiclab.com (localhost [127.0.0.1]) by smtp.nomadiclab.com (Postfix) with ESMTP id 1F7C2107194; Wed, 17 Mar 2010 10:54:23 +0200 (EET)
Received: from [IPv6:::1] (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by smtp.nomadiclab.com (Postfix) with ESMTP id DC319106F11; Wed, 17 Mar 2010 10:54:22 +0200 (EET)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Jan Melen <jan.melen@nomadiclab.com>
In-Reply-To: <1267705771.4b8fa7ab0486b@webmail.hiit.fi>
Date: Wed, 17 Mar 2010 10:54:22 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <C5C31D4E-8815-4C00-9D8E-171A5E432766@nomadiclab.com>
References: <1267705771.4b8fa7ab0486b@webmail.hiit.fi>
To: Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi>
X-Mailer: Apple Mail (2.1077)
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] About the HICCUPS draft
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2010 08:54:16 -0000
Hi,
As I already indicated in a private email discussion I would propose that you write a separate draft on PLA and HIP maybe a bis to HICCUPS. Current HICCUPS is aiming for support that is required by hip-bone.
Also the proposal of non-ACK delivery could be one thing that is added when we have PLA type authentication in the packets.
Jan
On Mar 4, 2010, at 2:29 PM, Dmitrij Lagutin wrote:
> Dear all,
>
>
> I have been working at Helsinki Institute for Information Technology (HIIT)
> with the technology called Packet Level Authentication (PLA). PLA aims to
> provide availability and hop-by-hop authentication on the network layer through
> cryptographic signatures. The main idea is to give intermediate nodes means to
> detect modified, duplicated and delayed packets, these packets can be then
> dropped immediately before they even reach the destination.
>
> Miika Komu and others suggested me combining principles of PLA with HIP since
> they mostly complement each other. The HICCUPS draft seems to be a good place
> for that. Some of my ideas are listed below.
>
> - Could the possibility of more extensive hop-by-hop verification be included in
> the security considerations chapter (7.) of the draft?
>
> - A timestamp added to HICCUPS parameters would allow detection of significantly
> delayed packets. A global time synchronization mechanism would not be absolutely
> necessary.
>
> - A separate sequence number added to every HICCUPS packet would allow detection
> of duplicated packets (which can be used in replay attacks). In contrast to
> SEQ_DATA packet, this sequence number would not be ACKed.
>
>
> Best regards,
> Dmitrij Lagutin
> Researcher, Helsinki Institute for Information Technology
>
> _______________________________________________
> Hipsec mailing list
> Hipsec@ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] About the HICCUPS draft Miika Komu
- [Hipsec] About the HICCUPS draft Dmitrij Lagutin
- Re: [Hipsec] About the HICCUPS draft Jan Melen
- Re: [Hipsec] About the HICCUPS draft Ari Keranen