[icnrg] Fwd: New Version Notification for draft-li-icnrg-hopauth-02.txt
Ruidong Li <lrd@nict.go.jp> Fri, 06 March 2020 07:21 UTC
Return-Path: <lrd@nict.go.jp>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62DF43A08D2 for <icnrg@ietfa.amsl.com>; Thu, 5 Mar 2020 23:21:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nict.go.jp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qfDzxpjnH_P6 for <icnrg@ietfa.amsl.com>; Thu, 5 Mar 2020 23:21:26 -0800 (PST)
Received: from mo-csw.securemx.jp (mo-csw1516.securemx.jp [210.130.202.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 662F43A08D1 for <icnrg@irtf.org>; Thu, 5 Mar 2020 23:21:26 -0800 (PST)
DKIM-Signature: v=1;a=rsa-sha256;c=relaxed/simple;d=nict.go.jp;h=Subject: References:From:To:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type;i= lrd@nict.go.jp; s=20200225.smx; t=1583479283; x=1584688883; bh=4XQdkenlJQRcVxnR76 anXoOZKBJ/T85Dq3hRDFhuXXc=; b=M9pRQTHcHU0NXjeJpW8JJqAk/OV/tDIHs1C3CTm158IUMyv7 LzbzXM53VGWv6/Dmwin1Xfn6QpQxAMPkCnt6BX+nldd5TE9/QJdbZLWYk0hsGWtPmFuGzdaDU3/gR sXmRjK4Z1oxyc2+dPgKDjAZ2VflN1f1bj0BQ0lGIJm6+E+vcyW8yrKgEYxJX47c2ZFwbfjgiiZlrU u7BDsLFQvhfEuhBOppWNwwrdVCy6t0EkOyGMySGTLIdkT8fEBMwo3hR76kU9nbXey9oJ4EEVemAzz tg00I6w7f9zwmUM4dQy5iL05jr4uU5P/VVGd0ty8mwNgZ7iK72T/++O2r736k2w==;
Received: by mo-csw.securemx.jp (mx-mo-csw1516) id 0267LNNn023985; Fri, 6 Mar 2020 16:21:23 +0900
X-Iguazu-Qid: 34tMYZyghUjA6vqTDy
X-Iguazu-QSIG: v=2; s=0; t=1583479282; q=34tMYZyghUjA6vqTDy; m=VI3O/L9Q+PkkSGd7OwJeDTBZ6NPDTmB75QbTrbhfIpY=
Received: from mail2.nict.go.jp (ipv6.mail2.nict.go.jp [IPv6:2001:df0:232:1200::f]) by relay.securemx.jp (mx-mr1511) id 0267LLeo015540 (version=TLSv1.2 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 6 Mar 2020 16:21:22 +0900
Received: from [133.243.146.182] (5gou2f-dhcp22.nict.go.jp [133.243.146.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail2.nict.go.jp (NICT Mail Spool Server2) with ESMTPSA id DDBFB3BD64 for <icnrg@irtf.org>; Fri, 6 Mar 2020 16:21:21 +0900 (JST)
References: <158347699222.14715.14168168919440492512@ietfa.amsl.com>
From: Ruidong Li <lrd@nict.go.jp>
To: ICNRG <icnrg@irtf.org>
X-Forwarded-Message-Id: <158347699222.14715.14168168919440492512@ietfa.amsl.com>
Message-ID: <f50ec9fc-f5a7-e9a2-0e75-f06a09298f5f@nict.go.jp>
Date: Fri, 06 Mar 2020 16:21:19 +0900
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <158347699222.14715.14168168919440492512@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------067CEB3465A16C7D8CA8F741"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/uqCTmyw66n-NCp6xmVa_iFesQFU>
Subject: [icnrg] Fwd: New Version Notification for draft-li-icnrg-hopauth-02.txt
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2020 07:21:29 -0000
Dear All, We have updated and uploaded our HopAuth draft v02. This draft targets to provide copyholder authentication, data-retrieval path authentication and Interest authentication to mitigate data poisoning attack and Interest flooding attack, besides the publisher authentication. It is basically a certificate chain-based approach, which can be operated completely independent of centralized servers (e.g. certificate authority (CA)). In this new version, to make the problem more clearly, we added one paragraph (last paragraph in pp. 3) to explain the differences with the existing KeyID mechanism built in the CCNx design. Besides, we also address the anonymity question raised from Dirk in this new version. That is, the first-hop router to consumer can remove the certificate from it to consumer before forwarding the Interest to preserve the consumer anonymity. Your feedback on this document is welcome. Best Regards, Ruidong -- Ruidong Li, Senior Researcher, Network System Research Institute, National Institute of Information and Communications Technology (NICT), Japan Email: lrd@nict.go.jp liruidong@ieee.org -------- Forwarded Message -------- Subject: New Version Notification for draft-li-icnrg-hopauth-02.txt Date: Thu, 05 Mar 2020 22:43:12 -0800 From: internet-drafts@ietf.org To: Hitoshi Asaeda <asaeda@nict.go.jp>, Ruidong Li <lrd@nict.go.jp> A new version of I-D, draft-li-icnrg-hopauth-02.txt has been successfully submitted by Ruidong Li and posted to the IETF repository. Name: draft-li-icnrg-hopauth Revision: 02 Title: Hop-by-Hop Authentication in Content-Centric Networking/Named Data Networking Document date: 2020-03-05 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/internet-drafts/draft-li-icnrg-hopauth-02.txt Status: https://datatracker.ietf.org/doc/draft-li-icnrg-hopauth/ Htmlized: https://tools.ietf.org/html/draft-li-icnrg-hopauth-02 Htmlized: https://datatracker.ietf.org/doc/html/draft-li-icnrg-hopauth Diff: https://www.ietf.org/rfcdiff?url2=draft-li-icnrg-hopauth-02 Abstract: The unpredictability of consumers, routers, copyholders, and publishers for the in-network data retrievals in Content-Centric Networking (CCN) / Named Data Networking (NDN) poses a challenge to design an authentication mechanism to inhibit the malicious consumers to flood data requests and prevent the fake data from being provided. Signature is adopted as the fundamental function in CCN / NDN, which however can only provide publisher authentication with additional certificate acquisition. This document describes the Hop-by-Hop Authentication mechanism (HopAuth) integrating certificate collection and packet forwarding potentially with the assistance from certificate authority to provide consumer authentication, copyholder authentication and path authentication to enable the in-network data retrieval to be trustworthy, besides the publisher authentication. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat