Re: AERO/OMNI dropping support for SEND/CGA
Alexandre Petrescu <alexandre.petrescu@gmail.com> Wed, 02 December 2020 18:13 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6E7D3A1512 for <ipv6@ietfa.amsl.com>; Wed, 2 Dec 2020 10:13:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.649
X-Spam-Level:
X-Spam-Status: No, score=0.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8-q9CbfQ51V8 for <ipv6@ietfa.amsl.com>; Wed, 2 Dec 2020 10:13:57 -0800 (PST)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CBFF3A14FA for <ipv6@ietf.org>; Wed, 2 Dec 2020 10:13:56 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 0B2IDtaC017216 for <ipv6@ietf.org>; Wed, 2 Dec 2020 19:13:55 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 073342085B9 for <ipv6@ietf.org>; Wed, 2 Dec 2020 19:13:55 +0100 (CET)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id F0641208518 for <ipv6@ietf.org>; Wed, 2 Dec 2020 19:13:54 +0100 (CET)
Received: from [10.11.240.159] ([10.11.240.159]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 0B2IDsN2028442 for <ipv6@ietf.org>; Wed, 2 Dec 2020 19:13:54 +0100
Subject: Re: AERO/OMNI dropping support for SEND/CGA
To: ipv6@ietf.org
References: <e9d391655a124688a121db7a6664d7bb@boeing.com> <efdbcaedd3264c00bd435abdb0ea5c3a@huawei.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <6e8e4889-bba6-f1ce-b765-3a28a7b86f0d@gmail.com>
Date: Wed, 02 Dec 2020 19:13:54 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <efdbcaedd3264c00bd435abdb0ea5c3a@huawei.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/K9UeIz7_ytCp7RCihx_uwLAlpjk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 18:13:59 -0000
Le 01/12/2020 à 10:06, Vasilenko Eduard a écrit : > Hi Fred, > SeND needs a refresh. CGA looks ridicules now in principle. You should not use it. I am not sure what in CGA might need ridiculuous? Probably the old crypto algorithms involved? > I am not sure: does it make sense to develop something else instead (based on ecliptic curves). If there is something new to be developped it would need to take into account the 'post-quantum' crypto, i.e. algorithms whose output would resist brute force attacks performed by forthcoming quantum computers. These stronger algorithms would run on classical computer still. > As Fernando pointed many times: many things in ND could be resolved only by digital signature (he calls it "untrusted model"). YEs yes. Alex > But as we see: market has rejected PKI. Digital signature is not useful without proper key management. > IMHO: it is better to keep digital signature as a separate standard. > Therefore, if you have cycles for separate OMNI addendum, then it is better to have it for completeness. If not - not much to lose now. > But make sure that Open Key Cryptography and PKI (!) would be possible to add later. > What if something would be innovated in PKI and it became popular? > Reminder: PKI is needed not just for ND. Enterprises have the big pressure to protect all applications by TLS. > Your vertical would probable lead on PKI adoption. > > As an alternative: you could talk with IT and Security people in your vertical: if they believe in massive deployment of PKIs then you have to have Digital Signature for ND. > It would still not guaranty that it would be used, because hosts would need support for it at ND level, but it is already the good situation to try. > Hence again, better to keep it in separate specification. > > Eduard >> -----Original Message----- >> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Templin (US), Fred L >> Sent: 1 декабря 2020 г. 1:12 >> To: ipv6@ietf.org >> Subject: AERO/OMNI dropping support for SEND/CGA >> >> Folks, this is a big decision point for the AERO/OMNI drafts but I am preparing to >> drop support for SEND/CGA (RFC3971; RFC3972). This means that IPv6 ND >> message authentication on OMNI interfaces will use a simple HMAC the same as >> is done for Teredo (RFC4380; RFC6081). If anyone knows why that might cause >> problems, it would be best to speak up now. >> >> Fred >> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- AERO/OMNI dropping support for SEND/CGA Templin (US), Fred L
- RE: AERO/OMNI dropping support for SEND/CGA Vasilenko Eduard
- Re: AERO/OMNI dropping support for SEND/CGA Pascal Thubert (pthubert)
- RE: AERO/OMNI dropping support for SEND/CGA Vasilenko Eduard
- RE: AERO/OMNI dropping support for SEND/CGA Templin (US), Fred L
- Re: AERO/OMNI dropping support for SEND/CGA Behcet Sarikaya
- RE: [EXTERNAL] Re: AERO/OMNI dropping support for… Templin (US), Fred L
- Re: [EXTERNAL] Re: AERO/OMNI dropping support for… Behcet Sarikaya
- RE: [EXTERNAL] Re: AERO/OMNI dropping support for… Templin (US), Fred L
- Re: AERO/OMNI dropping support for SEND/CGA Alexandre Petrescu
- RE: AERO/OMNI dropping support for SEND/CGA Vasilenko Eduard
- RE: [EXTERNAL] Re: AERO/OMNI dropping support for… Templin (US), Fred L
- Re: [EXTERNAL] Re: AERO/OMNI dropping support for… Alexandre Petrescu
- Re: [EXTERNAL] Re: AERO/OMNI dropping support for… Behcet Sarikaya
- Re: AERO/OMNI dropping support for SEND/CGA Templin (US), Fred L
- RE: AERO/OMNI dropping support for SEND/CGA Templin (US), Fred L
- Re: AERO/OMNI dropping support for SEND/CGA Behcet Sarikaya