Re: [Hipsec] some comments for mm-03: Section 6
Pekka Nikander <pekka.nikander@nomadiclab.com> Mon, 10 April 2006 04:35 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FSo7R-0001Nm-6I; Mon, 10 Apr 2006 00:35:17 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FSo7Q-0001Nh-7L for hipsec@lists.ietf.org; Mon, 10 Apr 2006 00:35:16 -0400
Received: from n2.nomadiclab.com ([193.234.219.2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FSo7O-0006EK-Q2 for hipsec@lists.ietf.org; Mon, 10 Apr 2006 00:35:16 -0400
Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 2170F212C63; Mon, 10 Apr 2006 07:35:14 +0300 (EEST)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id CAE66212C5F; Mon, 10 Apr 2006 07:35:13 +0300 (EEST)
In-Reply-To: <Pine.GSO.4.58.0604050339420.965@kekkonen.cs.hut.fi>
References: <Pine.GSO.4.58.0604031849370.25408@kekkonen.cs.hut.fi> <Pine.GSO.4.58.0604032327210.20948@kekkonen.cs.hut.fi> <Pine.GSO.4.58.0604040030510.20948@kekkonen.cs.hut.fi> <Pine.GSO.4.58.0604050339420.965@kekkonen.cs.hut.fi>
Mime-Version: 1.0 (Apple Message framework v746.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <A2646A79-A730-4218-86C9-46BA26E0ECD7@nomadiclab.com>
Content-Transfer-Encoding: 7bit
From: Pekka Nikander <pekka.nikander@nomadiclab.com>
Subject: Re: [Hipsec] some comments for mm-03: Section 6
Date: Mon, 10 Apr 2006 07:33:56 +0300
To: Miika Komu <miika@iki.fi>
X-Mailer: Apple Mail (2.746.3)
X-Virus-Scanned: ClamAV using ClamSMTP
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Cc: hipsec@lists.ietf.org
X-BeenThere: hipsec@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@lists.ietf.org>
List-Help: <mailto:hipsec-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=subscribe>
Errors-To: hipsec-bounces@lists.ietf.org
>> If an attacker somehow uses a bug in the implementation or >> weakness in >> some protocol to redirect a HIP connection, the original owner can >> always reclaim their connection (they can always prove ownership >> of the >> private key associated with their public HI). > > How is this possible if the private key is compromised? If the private key is compromised, there is nothing you can do. The only think you can do is to revoke the public key; something the (so far) have deliberately left out of scope. >> MitM attacks are always possible if the attacker is present during >> the >> initial HIP base exchange and if the hosts do not authenticate each >> other's identities, but once the base exchange has taken place even a >> MitM cannot steal an opportunistic HIP connection because it is very >> difficult for an attacker to create an UPDATE packet (or any HIP >> packet) >> that will be accepted as a legitimate update. > > This does not make sense because it is too obvious? After > opportunistic > connection (leap of faith) the connection is no longer opportunistic. > Maybe this text can be just removed. It may be obvious to you and me, but not to everyone. --Pekka _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec
- [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] some comments for mm-03 Miika Komu
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] some comments for mm-03: CLOSE vs. U… Pekka Nikander
- Re: [Hipsec] some comments for mm-03: including E… Pekka Nikander
- Re: [Hipsec] some comments for mm-03: Section 6 Pekka Nikander
- Re: [Hipsec] some comments for mm-03: CLOSE vs. U… Jan Mikael Melen
- Re: [Hipsec] some comments for mm-03: CLOSE vs. U… Miika Komu
- Re: [Hipsec] some comments for mm-03: including E… Miika Komu
- Re: [Hipsec] some comments for mm-03: Section 6 Miika Komu
- Re: [Hipsec] some comments for mm-03: including E… Pekka Nikander
- Re: [Hipsec] some comments for mm-03: including E… Miika Komu
- RE: [Hipsec] some comments for mm-03: including E… Henderson, Thomas R
- [Hipsec] mm-03 CBA fixes Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- Re: [Hipsec] mm-03 CBA fixes Pekka Nikander
- Re: [Hipsec] mm-03 CBA fixes Christian Vogt
- RE: [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] mm-03 CBA fixes Pekka Nikander
- Re: [Hipsec] mm-03 CBA fixes Christian Vogt
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03: including E… Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Miika Komu