Re: [Int-area] SeND & CGA Extensions BOF
"Jean-Michel Combes" <jeanmichel.combes@gmail.com> Tue, 05 June 2007 11:54 UTC
Return-path: <int-area-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HvXc9-0007zO-VP; Tue, 05 Jun 2007 07:54:17 -0400
Received: from int-area by megatron.ietf.org with local (Exim 4.43) id 1HvXc9-0007zJ-5R for int-area-confirm+ok@megatron.ietf.org; Tue, 05 Jun 2007 07:54:17 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HvXc8-0007zB-S9 for int-area@ietf.org; Tue, 05 Jun 2007 07:54:16 -0400
Received: from an-out-0708.google.com ([209.85.132.246]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HvXc7-0005WX-Hg for int-area@ietf.org; Tue, 05 Jun 2007 07:54:16 -0400
Received: by an-out-0708.google.com with SMTP id c17so411602anc for <int-area@ietf.org>; Tue, 05 Jun 2007 04:54:15 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XYIvHnkx/iIbN13V+dZPiBW37LetuJy4eZdd0xUXUEB0sL9N1ooueGDOCsW1slettlZZnIjT98ezfSxszeL+zBro2alURurgXBb6ErahSxHEccs+arH3eJv/vYjZ8bZQzfGiMHH9qUu5YOhpGn+f/SF/2qzQhSpK0x+ZsUpBqqY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lr/eILEgcAWLDsOItKxw2YFqT6K4GuUOljurd8zrYf+puD9YUUgO7luqjbz1TEvkcGpmnrIhdM9SJxkYjynUFhrAxhNduRlOfSp8teX7PSOmjXWrbwSYXNNAMVp4uZAts7ga4oENtXlPrlxQ6nuTdkvMxFa1dx2rUpy7kE/7uGo=
Received: by 10.100.200.12 with SMTP id x12mr3146409anf.1181044446117; Tue, 05 Jun 2007 04:54:06 -0700 (PDT)
Received: by 10.100.191.14 with HTTP; Tue, 5 Jun 2007 04:54:06 -0700 (PDT)
Message-ID: <729b68be0706050454v55eda5d2mc1fedb252728bcf7@mail.gmail.com>
Date: Tue, 05 Jun 2007 13:54:06 +0200
From: Jean-Michel Combes <jeanmichel.combes@gmail.com>
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: [Int-area] SeND & CGA Extensions BOF
In-Reply-To: <a50af956f4a4127e3f9c863b092c1f07@it.uc3m.es>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <a50af956f4a4127e3f9c863b092c1f07@it.uc3m.es>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 14582b0692e7f70ce7111d04db3781c8
Cc: INT Area <int-area@ietf.org>
X-BeenThere: int-area@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/int-area>
List-Post: <mailto:int-area@lists.ietf.org>
List-Help: <mailto:int-area-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@lists.ietf.org?subject=subscribe>
Errors-To: int-area-bounces@lists.ietf.org
Hi, I support such a future work, specially the interaction between IKE and CGA. Best regards. JMC. 2007/6/1, marcelo bagnulo braun <marcelo@it.uc3m.es>: > Hi, > > we have proposed a BOF on SeND and CGA extensions for the Chicago IETF. > I attach the proposed charter below. There is a mailing list created > for the discussion (https://www1.ietf.org/mailman/listinfo/cga-ext) > > If you have comments about the proposed work, it would be appreciated. > > Thanks, marcelo > > > > Proposed charter for SeND & CGA Extensions BOF > > Secure Neighbour Discovery (SeND) protocol as defined in RFC 3971 > provides the security mechanisms to protecting the different > functions performed by the Neighbour Discovery (ND) protocol, > including the discovery of other nodes on the link and their > link-layer addresses, router discovery and reachability detection > for the paths to active neighbors. However, current SeND > specification lacks of support for ND Proxies as defined in > RFC 4389. The SeND protocol relies on the usage of > Cryptographically GEnerated Addresses (CGAs) to provide some of > these functions, in particular to provide IPv6 address ownership > proof to the other nodes on the link and authenticate node related > information of the ND protocol. CGAs are defined in RFC 3972 which > has been recently updated by RFC 4581 to define the CGA extension > format and by RFC-to-be draft-bagnulo-multiple-hash-cga-03.txt to > support multiple hash functions. While CGAs were originally > defined for the SeND protocol, they have proved to be a useful > security tool in other environments too, and its usage has been > proposed to secure other protocols such as the Shim6 multihoming > protocol and the Mobile IPv6 protocol. As the CGAs become more > widely used for different purposes, it is necessary to produce > some extensions to support such new usages. > > The objective of this working group is to define extensions related > to both to the SeND protocol and to the CGAs. The following are > charter items for the working group: > > - Extensions to the SeND protocol to support Neighbour Discovery > Proxies: SeND protocol as currently defined in RFC 3971 lacks of > support for ND Proxies defined in RFC 4389. Extensions to the SeND > protocol will be defined in order to provide equivalent SeND > security capabilities to ND Proxies. > > - Extensions to the IKEv2 protocol to create IPSec SAs associated to > the CGA key. Because of their cryptographic nature, CGAs are > inherently bound to the key pair that was used for their generation. > This is used in existent protocols for proving address ownership. > However, it would be possible also to use this cryptographic material > to create a security association between peers. The key benefit of > such approach is that it allows the creation of a security association > that is cryptographically bound to the IP address of the end points > without dependence on a common trust anchor point, eg. PKI. Such > approach would provide additional protection compared to the > opportunistic approaches. The proposed work will produce an analysis > of this type of solution and the required extensions to CGAs and to > the IKEv2 protocol in order to be able to create IPSec SA using the > CGAs keys. > > - DHCP support for CGAs. An analysis of possible approaches to allow > the usage of the DHCP protocol to assign CGAs will be produced. The > output of the analysis will be an informational document describing > the recommended approaches that will be provided as an input to the > DHC working group where the actual DHCP extensions needed for the > recommended approaches will be defined. > > - Define a CGA extension to support other public key algorithms: As > currently defined, CGAs can only use RSA keys in the CGA Parameter > Data Structure. An extension to update the CGA specification in > order to multiple public key cryptographic algorithm support will be > defined. > > > Related drafts: > > draft-kempf-mobopts-ringsig-ndproxy-01.txt > draft-laganier-ike-ipv6-cga-01.txt > > > > _______________________________________________ > Int-area mailing list > Int-area@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/int-area > _______________________________________________ Int-area mailing list Int-area@lists.ietf.org https://www1.ietf.org/mailman/listinfo/int-area
- [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF Markus Stenberg
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF Stig Venaas
- Re: [Int-area] SeND & CGA Extensions BOF Markus Stenberg
- Re: [Int-area] SeND & CGA Extensions BOF Fred Baker
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF Suresh Krishnan
- [Int-area] Re: SeND & CGA Extensions BOF Bernard Aboba
- Re: [Int-area] Re: SeND & CGA Extensions BOF Suresh Krishnan
- Re: [Int-area] Re: SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF Jean-Michel Combes
- Re: [Int-area] SeND & CGA Extensions BOF Fred Baker
- Re: [Int-area] SeND & CGA Extensions BOF Jean-Michel Combes
- RE: [Int-area] Re: SeND & CGA Extensions BOF Dave Thaler
- Re: [Int-area] Re: SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF Brian Haberman
- Re: [Int-area] SeND & CGA Extensions BOF Fred Baker
- Re: [Int-area] SeND & CGA Extensions BOF Behcet Sarikaya
- Re: [Int-area] SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- DHCPv6 and CGA (was: Re: [Int-area] SeND & CGA Ex… James Kempf
- Re: [Int-area] Re: SeND & CGA Extensions BOF James Kempf
- RE: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Templin, Fred L
- RE: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Templin, Fred L
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… James Kempf
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… James Kempf
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Thomas Narten
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… James Kempf
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Ralph Droms
- RE: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Alberto García
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… James Kempf