Re: AERO/OMNI dropping support for SEND/CGA
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 01 December 2020 10:27 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEAE53A10C7 for <ipv6@ietfa.amsl.com>; Tue, 1 Dec 2020 02:27:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=h4EkVL67; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=SLSahP3z
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TaDsjn5KUscs for <ipv6@ietfa.amsl.com>; Tue, 1 Dec 2020 02:27:51 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8EF93A10C5 for <ipv6@ietf.org>; Tue, 1 Dec 2020 02:27:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4168; q=dns/txt; s=iport; t=1606818470; x=1608028070; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=GnUlG8VqvMwAgkuoFHXy1FEGqbPOhcAj7L6gT08W0Zg=; b=h4EkVL67ItS0YlZDuxIOzmLhSdPvShP4mRBD+swwko6Q9nfzmXdWzb8l ZG488BygISFdeJnRNKjJfvnEyoRQSmhu5RoXYFWAhWhwrJgBtpTPdxgnf gKHBAo1I6rNoRfYIrm6T0ZVIYRBusRM+7SfXZcTbRSz8J2m9aIW6hmv40 o=;
X-IPAS-Result: A0B0BwCfGcZffZJdJa1iDg8BAQEBCQESAQUFAUCBT4FSUXxaLy6EPINJA41bmQaCUwNUCwEBAQ0BARgLCgIEAQGESgIXgXwCJTgTAgMBAQEDAgMBAQEBBQEBAQIBBgQUAQGGPAyFcgEBAQECAQEBEBERDAEBLAsBBAcEAgEGAhEEAQEDAiMDAgICJQsUAQgIAQEEDgUigwQBglUDDiABDpBKkGsCgTyIaXaBMoMEAQEFgkyCSRiCEAMGgQ4qgnOCZk5ChlcbgUE/gREnHIFXfj6CXQEBgV+DFzOCLJBUKYMAilWaIAqCcJssAx+iHLAfhDwCBAIEBQIOAQEFgW0hgVlwFTsqAYI+UBcCDYtIglmDcYUUhQRAdDcCBgEJAQEDCXyOaQEB
IronPort-PHdr: 9a23:AaGf8hYR51A2hTYvH3lDWGb/LSx94ef9IxIV55w7irlHbqWk+dH4MVfC4el21QaXD4/c5vNChKzdtKWzEWAD4JPUtncEfdQMUhIekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutbVrfo3u9qzUVH0a3OQ98PO+gHInUgoy+3Pyz/JuGZQJOiXK9bLp+IQ/wox/Ws5wdgJBpLeA6zR6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.78,384,1599523200"; d="scan'208";a="624063600"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 01 Dec 2020 10:27:49 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 0B1ARnhY031309 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 1 Dec 2020 10:27:49 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 1 Dec 2020 04:27:49 -0600
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 1 Dec 2020 04:27:48 -0600
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 1 Dec 2020 04:27:48 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BG2s+Xj6OX/a67qy1Ttb7Zwswc5sXjFNLttUdXuZ/P+3jboXz9VUD/qiafznD/0lwM4E+kDGet9NpXunMe+PozVT0eXxOEA2jcOUpd47wpADn8un2BQVp0DmWNDauj8vteFqu26iXJJU4gLOlR49NhBCcfuB9qGwuHo1adl2bk8dAIt7aTi070zIg1ZRGVfsmh8/ukJsxRT+GTVVS0lSz+a8Jt6pI6Bk8ZuRegetV70czDmScJZz5LX2thFsduHe04Z7z2SXYmiULlDoLhDvJqgJ5cF66p8ByYn9E5HfW+e0utqZzwJfIiGB7/VksRHI1SKQ90X7YNScKkTiiKAjvA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GnUlG8VqvMwAgkuoFHXy1FEGqbPOhcAj7L6gT08W0Zg=; b=AwHngPD6xc21oiNLbWFu/L6is/CapiuPz1qUC2uDMbHhn+6WjrmX49cClCtHSl40F32Um+8bK3ht8KYE9/WfsaBcKUgdipww+ozy/o5DwI+aQF30Wn3KsVWxHw89OkzeD0uVK6NUHPrr3SZKpU4sjnGXM1XRkIef20S6SDWLEffbGUOXNu9b5e5OwjQdQFLQ6yYqClFcrIct9eB/seoJu0dH+HKVds7Rz7eq98XmrLQ0J+GswwIRz54W0Fy/8XzAvEmiBZIligpr1bc/udGyct8A3fqSPr7BMDUD2evFfy3zqMFt0ZU2FnGECef/CfN0X4S+Jm46nyIOpOEuEQWFCA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GnUlG8VqvMwAgkuoFHXy1FEGqbPOhcAj7L6gT08W0Zg=; b=SLSahP3zAKV2bcafMvtDVnkgycoF+sVaikIGSj6GdrASTH6ZwnqUESI0HhIDiTwaaCgd0XfRZrPM22j2rOBaBu1PrhHekYr9n4ytrA3eX2Vdng3uYZKrMmZvyu4A3qsa5vphBaRys3emDZlgQE9AUsJIZ/8f/Tzth+EqzbPRnq4=
Received: from CO1PR11MB4881.namprd11.prod.outlook.com (2603:10b6:303:91::20) by MWHPR11MB1664.namprd11.prod.outlook.com (2603:10b6:301:c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.22; Tue, 1 Dec 2020 10:27:47 +0000
Received: from CO1PR11MB4881.namprd11.prod.outlook.com ([fe80::fc25:3e72:3e83:7df6]) by CO1PR11MB4881.namprd11.prod.outlook.com ([fe80::fc25:3e72:3e83:7df6%4]) with mapi id 15.20.3564.041; Tue, 1 Dec 2020 10:27:47 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
CC: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>, "ipv6@ietf.org" <ipv6@ietf.org>
Subject: Re: AERO/OMNI dropping support for SEND/CGA
Thread-Topic: AERO/OMNI dropping support for SEND/CGA
Thread-Index: AdbHZPpW7fZRe+sEQcisGsnlYu6uigAWT2pQAAOYk4A=
Date: Tue, 01 Dec 2020 10:27:47 +0000
Message-ID: <9753C964-07FE-42A6-9C6A-1F7D0BA3B5DF@cisco.com>
References: <efdbcaedd3264c00bd435abdb0ea5c3a@huawei.com>
In-Reply-To: <efdbcaedd3264c00bd435abdb0ea5c3a@huawei.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: boeing.com; dkim=none (message not signed) header.d=none;boeing.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:f549:4cf0:b8d6:8974]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 58dbf082-6e68-4b02-84bc-08d895e3bf90
x-ms-traffictypediagnostic: MWHPR11MB1664:
x-microsoft-antispam-prvs: <MWHPR11MB1664342FA6CF512537575F3CD8F40@MWHPR11MB1664.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wJDFLTMABw0wzuPjlqocZbtEySO0MjSMWjbiN7RV8KdkRJPktAgTN3M/vHRN9megypGkhew4GO7JdRZx14XEJKXFxYvXkw+24wli5IVR+Olh8QZ60w4r77xm37Eh8Fv10X0EzHSrnSXXR+2QeUd5aY4/vzqgCCKUxsObz7NSMCRdYxqznX15Xus2mN08L/HLcPW7aDJ05khOYn7HqzwFaqs88vomayqIuhukybs5YzQwhGYEYjKctoGI3vcy/h1+pBawsH8w6w5JJGc/FRcrCJElGH28g08vN1UnkZV+nMx8id6DLUcjUa7ZqO1T7/qXQD3Npr+lPRXP0c2Uw0Y6KfjlQ10oD+fP1nV1vihtD3bOnZs8N4gk5k+L7p2Al8FEUsJs2syv4chxX2E6Zkbbtg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB4881.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(136003)(396003)(376002)(366004)(346002)(76116006)(2616005)(66946007)(36756003)(6512007)(478600001)(66556008)(66476007)(91956017)(33656002)(64756008)(8936002)(86362001)(2906002)(6916009)(316002)(66574015)(71200400001)(5660300002)(54906003)(8676002)(6486002)(66446008)(4326008)(966005)(186003)(83380400001)(6506007)(53546011); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: DNWHaSAu1O2LFXM7p0geL4qGR90fcg/+sLu26GKxQWpN71TqapJ01zofmTb6aLPcOfwICit02zRJKPsZDDsjjvYQhUQeJVWpGVqvEzaQ+2p29knXiUxE33HMCC0hPNYwM5yvaoijgSNejOhD1MFylkIwrRd2gluDsu1wLI4ganHW60v6EuLzOSHxKpMBv1tgVE0hhJptnwUwMjRopLW0Bck6m4v7jAbD8UTB2k81Fm92ShH4Jf31XfDvy47z7Q+z8b55SjZYpzvj73zhX5iJV0LpMa2qzAYjx/Bow+Zdy+vXEkjpUAmDXPkmZfPR8er7DJdvLHHKj/kn7vLL5Y0xE0o2iG13Dneox+Oty/SPz8G92FTC9yiEO5zkpQj4aTo/v+LlQE1KqspdMd1LkzSvx9uypGUVpc+ysPZE2FRV2ezPzQqTUwn/JaFwuN9NaccWbn/998iZUzy+2HCoeC5DO+aW+jzSliaBNI1Lve+UFQVdgRSAzTiSF1fL4WqrAak3ADUX7IPZPs3ilTpr4F/mdZBkT7aAaoQAWIJoW2Ess1iATjRRxdn52AQ4TbXKOmIGVo2U7WXmsPeV1hBTGHRFj2smlKQyMcSYZGmInGAvnhf/iRdxJA03IBEKD3i68pv/jCowmXhfcKQ9hukO/z7qPmRJlYnSTvE4EzapkB2Dmk43pC3Yogu4AuFsM66EJVcXhvcFZVQ9rQdjAuhzyAJloJt/d6b7xmZxele7Ab/5hLG3qgNCVNFlPw+vCX76dRYrUFZnw3CrUrpuwrI+qw6TrQlE1urTZ2zptH9Cb7eoUEN43Q/CeEERULWP/FFtOUv5Udo6lndnTzFNLCDCGi/yXiNK4UU2vBLXcSFpCXDvPzTMh1IeiqZQMarjhLP8HTLWnR546w/hHrMJHVynsZGn1eAs6JKZQrLj6R02m68XhzSRXeOPbNpYNXBZlchhk56J2BrGS6t9qyk/KI6//PrdF3UOTebKYs+ek7e2SttmzLryKXnptvB2XI1KwLoLsOGG+WlDhb9fovWDBNMxHxTAz7UVp5iZJARjuWnJRxCSc7EgWXMCAFhB+phv6XEpNpGX
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <5FBF211D59DB9D4CBB533971FDF50041@cisco.onmicrosoft.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4881.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 58dbf082-6e68-4b02-84bc-08d895e3bf90
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2020 10:27:47.5834 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yWHBJBDj9/olsOoDMX7042Fe/ID9cBK4hCqsIfXWFT8FujWPLTh4Q2DNMKyPsKSLQRj2+Ia79SjcaoDnUdpiDg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1664
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ZEV1ZfFeo5bxK9844vNMJJ6U0vo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 10:27:53 -0000
Hello Eduard I believe your question about a replacement for secure ND deserves its own thread to ensure a better visibility. Note: RFC 8928 was designed for a network where all nodes have a virtual P2P link with the router and the prefix shows as not-onlink; this way nodes only need to prove the ownership to the router and that makes things a lot simpler. Keep safe, Pascal > Le 1 déc. 2020 à 10:07, Vasilenko Eduard <vasilenko.eduard@huawei.com> a écrit : > > Hi Fred, > SeND needs a refresh. CGA looks ridicules now in principle. You should not use it. > > I am not sure: does it make sense to develop something else instead (based on ecliptic curves). > As Fernando pointed many times: many things in ND could be resolved only by digital signature (he calls it "untrusted model"). > But as we see: market has rejected PKI. Digital signature is not useful without proper key management. > IMHO: it is better to keep digital signature as a separate standard. > Therefore, if you have cycles for separate OMNI addendum, then it is better to have it for completeness. If not - not much to lose now. > But make sure that Open Key Cryptography and PKI (!) would be possible to add later. > What if something would be innovated in PKI and it became popular? > Reminder: PKI is needed not just for ND. Enterprises have the big pressure to protect all applications by TLS. > Your vertical would probable lead on PKI adoption. > > As an alternative: you could talk with IT and Security people in your vertical: if they believe in massive deployment of PKIs then you have to have Digital Signature for ND. > It would still not guaranty that it would be used, because hosts would need support for it at ND level, but it is already the good situation to try. > Hence again, better to keep it in separate specification. > > Eduard >> -----Original Message----- >> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Templin (US), Fred L >> Sent: 1 декабря 2020 г. 1:12 >> To: ipv6@ietf.org >> Subject: AERO/OMNI dropping support for SEND/CGA >> >> Folks, this is a big decision point for the AERO/OMNI drafts but I am preparing to >> drop support for SEND/CGA (RFC3971; RFC3972). This means that IPv6 ND >> message authentication on OMNI interfaces will use a simple HMAC the same as >> is done for Teredo (RFC4380; RFC6081). If anyone knows why that might cause >> problems, it would be best to speak up now. >> >> Fred >> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- AERO/OMNI dropping support for SEND/CGA Templin (US), Fred L
- RE: AERO/OMNI dropping support for SEND/CGA Vasilenko Eduard
- Re: AERO/OMNI dropping support for SEND/CGA Pascal Thubert (pthubert)
- RE: AERO/OMNI dropping support for SEND/CGA Vasilenko Eduard
- RE: AERO/OMNI dropping support for SEND/CGA Templin (US), Fred L
- Re: AERO/OMNI dropping support for SEND/CGA Behcet Sarikaya
- RE: [EXTERNAL] Re: AERO/OMNI dropping support for… Templin (US), Fred L
- Re: [EXTERNAL] Re: AERO/OMNI dropping support for… Behcet Sarikaya
- RE: [EXTERNAL] Re: AERO/OMNI dropping support for… Templin (US), Fred L
- Re: AERO/OMNI dropping support for SEND/CGA Alexandre Petrescu
- RE: AERO/OMNI dropping support for SEND/CGA Vasilenko Eduard
- RE: [EXTERNAL] Re: AERO/OMNI dropping support for… Templin (US), Fred L
- Re: [EXTERNAL] Re: AERO/OMNI dropping support for… Alexandre Petrescu
- Re: [EXTERNAL] Re: AERO/OMNI dropping support for… Behcet Sarikaya
- Re: AERO/OMNI dropping support for SEND/CGA Templin (US), Fred L
- RE: AERO/OMNI dropping support for SEND/CGA Templin (US), Fred L
- Re: AERO/OMNI dropping support for SEND/CGA Behcet Sarikaya