[Int-area] SeND & CGA Extensions BOF
marcelo bagnulo braun <marcelo@it.uc3m.es> Fri, 01 June 2007 15:42 UTC
Return-path: <int-area-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hu9Gm-0005HY-25; Fri, 01 Jun 2007 11:42:28 -0400
Received: from int-area by megatron.ietf.org with local (Exim 4.43) id 1Hu9Gk-00055C-HM for int-area-confirm+ok@megatron.ietf.org; Fri, 01 Jun 2007 11:42:26 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hu9Gk-000512-1z for int-area@ietf.org; Fri, 01 Jun 2007 11:42:26 -0400
Received: from smtp03.uc3m.es ([163.117.176.133] helo=smtp.uc3m.es) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Hu9Gj-0005yg-Hs for int-area@ietf.org; Fri, 01 Jun 2007 11:42:26 -0400
Received: from [163.117.139.70] (chelo-it-uc3m-es.it.uc3m.es [163.117.139.70])by smtp.uc3m.es (Postfix) with ESMTP id 6825019D76for <int-area@ietf.org>; Fri, 1 Jun 2007 17:42:24 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v624)
Content-Transfer-Encoding: 7bit
Message-Id: <a50af956f4a4127e3f9c863b092c1f07@it.uc3m.es>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
To: INT Area <int-area@ietf.org>
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Fri, 01 Jun 2007 17:42:28 +0200
X-Mailer: Apple Mail (2.624)
X-imss-version: 2.047
X-imss-result: Passed
X-imss-scanInfo: M:B L:E SM:2
X-imss-tmaseResult: TT:1 TS:-16.0840 TC:1F TRN:55 TV:3.6.1039(15212.003)
X-imss-scores: Clean:100.00000 C:0 M:0 S:0 R:0
X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000)
X-Spam-Score: 0.1 (/)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024
Cc:
Subject: [Int-area] SeND & CGA Extensions BOF
X-BeenThere: int-area@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/int-area>
List-Post: <mailto:int-area@lists.ietf.org>
List-Help: <mailto:int-area-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@lists.ietf.org?subject=subscribe>
Errors-To: int-area-bounces@lists.ietf.org
Hi, we have proposed a BOF on SeND and CGA extensions for the Chicago IETF. I attach the proposed charter below. There is a mailing list created for the discussion (https://www1.ietf.org/mailman/listinfo/cga-ext) If you have comments about the proposed work, it would be appreciated. Thanks, marcelo Proposed charter for SeND & CGA Extensions BOF Secure Neighbour Discovery (SeND) protocol as defined in RFC 3971 provides the security mechanisms to protecting the different functions performed by the Neighbour Discovery (ND) protocol, including the discovery of other nodes on the link and their link-layer addresses, router discovery and reachability detection for the paths to active neighbors. However, current SeND specification lacks of support for ND Proxies as defined in RFC 4389. The SeND protocol relies on the usage of Cryptographically GEnerated Addresses (CGAs) to provide some of these functions, in particular to provide IPv6 address ownership proof to the other nodes on the link and authenticate node related information of the ND protocol. CGAs are defined in RFC 3972 which has been recently updated by RFC 4581 to define the CGA extension format and by RFC-to-be draft-bagnulo-multiple-hash-cga-03.txt to support multiple hash functions. While CGAs were originally defined for the SeND protocol, they have proved to be a useful security tool in other environments too, and its usage has been proposed to secure other protocols such as the Shim6 multihoming protocol and the Mobile IPv6 protocol. As the CGAs become more widely used for different purposes, it is necessary to produce some extensions to support such new usages. The objective of this working group is to define extensions related to both to the SeND protocol and to the CGAs. The following are charter items for the working group: - Extensions to the SeND protocol to support Neighbour Discovery Proxies: SeND protocol as currently defined in RFC 3971 lacks of support for ND Proxies defined in RFC 4389. Extensions to the SeND protocol will be defined in order to provide equivalent SeND security capabilities to ND Proxies. - Extensions to the IKEv2 protocol to create IPSec SAs associated to the CGA key. Because of their cryptographic nature, CGAs are inherently bound to the key pair that was used for their generation. This is used in existent protocols for proving address ownership. However, it would be possible also to use this cryptographic material to create a security association between peers. The key benefit of such approach is that it allows the creation of a security association that is cryptographically bound to the IP address of the end points without dependence on a common trust anchor point, eg. PKI. Such approach would provide additional protection compared to the opportunistic approaches. The proposed work will produce an analysis of this type of solution and the required extensions to CGAs and to the IKEv2 protocol in order to be able to create IPSec SA using the CGAs keys. - DHCP support for CGAs. An analysis of possible approaches to allow the usage of the DHCP protocol to assign CGAs will be produced. The output of the analysis will be an informational document describing the recommended approaches that will be provided as an input to the DHC working group where the actual DHCP extensions needed for the recommended approaches will be defined. - Define a CGA extension to support other public key algorithms: As currently defined, CGAs can only use RSA keys in the CGA Parameter Data Structure. An extension to update the CGA specification in order to multiple public key cryptographic algorithm support will be defined. Related drafts: draft-kempf-mobopts-ringsig-ndproxy-01.txt draft-laganier-ike-ipv6-cga-01.txt _______________________________________________ Int-area mailing list Int-area@lists.ietf.org https://www1.ietf.org/mailman/listinfo/int-area
- [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF Markus Stenberg
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF Stig Venaas
- Re: [Int-area] SeND & CGA Extensions BOF Markus Stenberg
- Re: [Int-area] SeND & CGA Extensions BOF Fred Baker
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF Suresh Krishnan
- [Int-area] Re: SeND & CGA Extensions BOF Bernard Aboba
- Re: [Int-area] Re: SeND & CGA Extensions BOF Suresh Krishnan
- Re: [Int-area] Re: SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- Re: [Int-area] SeND & CGA Extensions BOF Jean-Michel Combes
- Re: [Int-area] SeND & CGA Extensions BOF Fred Baker
- Re: [Int-area] SeND & CGA Extensions BOF Jean-Michel Combes
- RE: [Int-area] Re: SeND & CGA Extensions BOF Dave Thaler
- Re: [Int-area] Re: SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF Brian Haberman
- Re: [Int-area] SeND & CGA Extensions BOF Fred Baker
- Re: [Int-area] SeND & CGA Extensions BOF Behcet Sarikaya
- Re: [Int-area] SeND & CGA Extensions BOF Jari Arkko
- Re: [Int-area] SeND & CGA Extensions BOF marcelo bagnulo braun
- DHCPv6 and CGA (was: Re: [Int-area] SeND & CGA Ex… James Kempf
- Re: [Int-area] Re: SeND & CGA Extensions BOF James Kempf
- RE: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Templin, Fred L
- RE: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Templin, Fred L
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… James Kempf
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… James Kempf
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Thomas Narten
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… James Kempf
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Ralph Droms
- RE: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… Alberto García
- Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CG… James Kempf