[Hipsec] About the HICCUPS draft
Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi> Thu, 04 March 2010 12:29 UTC
Return-Path: <Dmitrij.Lagutin@hiit.fi>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B93283A89EC for <hipsec@core3.amsl.com>; Thu, 4 Mar 2010 04:29:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QwJdJbRJ1DH3 for <hipsec@core3.amsl.com>; Thu, 4 Mar 2010 04:29:30 -0800 (PST)
Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 87B0E3A89E0 for <hipsec@ietf.org>; Thu, 4 Mar 2010 04:29:30 -0800 (PST)
Received: from localhost (hydra.otaverkko.fi [212.68.0.4]) by argo.otaverkko.fi (Postfix) with ESMTP id 07C1625ED20 for <hipsec@ietf.org>; Thu, 4 Mar 2010 14:29:31 +0200 (EET)
Received: from victory.hiit.fi (victory.hiit.fi [128.214.113.205]) by webmail.hiit.fi (IMP) with HTTP for <dlagutin.hiit@nestor.otaverkko.fi>; Thu, 04 Mar 2010 14:29:31 +0200
Message-ID: <1267705771.4b8fa7ab0486b@webmail.hiit.fi>
Date: Thu, 04 Mar 2010 14:29:31 +0200
From: Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi>
To: hipsec@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.6
X-Originating-IP: 128.214.113.205
X-Mailman-Approved-At: Mon, 08 Mar 2010 23:38:29 -0800
Subject: [Hipsec] About the HICCUPS draft
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2010 12:30:34 -0000
Dear all, I have been working at Helsinki Institute for Information Technology (HIIT) with the technology called Packet Level Authentication (PLA). PLA aims to provide availability and hop-by-hop authentication on the network layer through cryptographic signatures. The main idea is to give intermediate nodes means to detect modified, duplicated and delayed packets, these packets can be then dropped immediately before they even reach the destination. Miika Komu and others suggested me combining principles of PLA with HIP since they mostly complement each other. The HICCUPS draft seems to be a good place for that. Some of my ideas are listed below. - Could the possibility of more extensive hop-by-hop verification be included in the security considerations chapter (7.) of the draft? - A timestamp added to HICCUPS parameters would allow detection of significantly delayed packets. A global time synchronization mechanism would not be absolutely necessary. - A separate sequence number added to every HICCUPS packet would allow detection of duplicated packets (which can be used in replay attacks). In contrast to SEQ_DATA packet, this sequence number would not be ACKed. Best regards, Dmitrij Lagutin Researcher, Helsinki Institute for Information Technology
- [Hipsec] About the HICCUPS draft Miika Komu
- [Hipsec] About the HICCUPS draft Dmitrij Lagutin
- Re: [Hipsec] About the HICCUPS draft Jan Melen
- Re: [Hipsec] About the HICCUPS draft Ari Keranen