RE: I-D Action: draft-jiang-6man-cga-sec-option-00.txt
Hosnieh Rafiee <hosnieh.rafiee@huawei.com> Mon, 07 July 2014 09:56 UTC
Return-Path: <hosnieh.rafiee@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 157B91B2805 for <ipv6@ietfa.amsl.com>; Mon, 7 Jul 2014 02:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.852
X-Spam-Level:
X-Spam-Status: No, score=-4.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I_L9J3fjv7mp for <ipv6@ietfa.amsl.com>; Mon, 7 Jul 2014 02:56:17 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C0DE1B2806 for <ipv6@ietf.org>; Mon, 7 Jul 2014 02:56:16 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml406-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BJS04094; Mon, 07 Jul 2014 09:56:15 +0000 (GMT)
Received: from LHREML513-MBB.china.huawei.com ([fe80::b810:863:a57e:3ff]) by lhreml406-hub.china.huawei.com ([10.201.5.243]) with mapi id 14.03.0158.001; Mon, 7 Jul 2014 10:56:13 +0100
From: Hosnieh Rafiee <hosnieh.rafiee@huawei.com>
To: "ipv6@ietf.org" <ipv6@ietf.org>
Subject: RE: I-D Action: draft-jiang-6man-cga-sec-option-00.txt
Thread-Topic: I-D Action: draft-jiang-6man-cga-sec-option-00.txt
Thread-Index: AQHPl11FmrcxRe6b0UGYLR500wsZBJuUYbKQ
Date: Mon, 07 Jul 2014 09:56:14 +0000
Message-ID: <814D0BFB77D95844A01CA29B44CBF8A7A0C8DC@lhreml513-mbb.china.huawei.com>
References: <20140704075441.19774.85374.idtracker@ietfa.amsl.com>
In-Reply-To: <20140704075441.19774.85374.idtracker@ietfa.amsl.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.221.82.100]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/7zZko3XJLvJMLT73iO0k6KIhrlE
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 09:56:19 -0000
Hi, I've read this document and I have some questions It was for purpose that in CGA document, they used 3 bits sec values as a part of an IP address. However, based on the current CGA specification document, this value has been ignored during the verification process and that was the result that I wrote http://tools.ietf.org/html/draft-rafiee-6man-cga-attack-01 But when you add new option but not a part of a CGA IP address, then the attack explained in my document can be applicable like with current CGA specification document. In other words, the attacker easily can try to match different CGA sec values with the CGA value of the legitimate node. So, I guess you need to somehow protect CGA from this attack. Best, Hosnieh -----Original Message----- From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org Sent: Friday, July 04, 2014 9:55 AM To: i-d-announce@ietf.org Subject: I-D Action: draft-jiang-6man-cga-sec-option-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : CGA SEC Option for Secure Neighbor Discovery Protocol Authors : Sheng Jiang Dacheng Zhang Suresh Krishnan Filename : draft-jiang-6man-cga-sec-option-00.txt Pages : 5 Date : 2014-07-04 Abstract: A Cryptographically Generated Address is an IPv6 addresses binding with a public/private key pair. It is a vital component of Secure Neighbor Discovery (SeND) protocol. The current SeND specifications are lack of procedures to specify the Sec bits. A new SEC option is defined accordingly to address this issue. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-jiang-6man-cga-sec-option/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-jiang-6man-cga-sec-option-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
- RE: I-D Action: draft-jiang-6man-cga-sec-option-0… Hosnieh Rafiee
- RE: I-D Action: draft-jiang-6man-cga-sec-option-0… Zhangdacheng (Dacheng)