IETF Logo Mail Archive

RE: AERO/OMNI dropping support for SEND/CGA

"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Tue, 01 December 2020 14:12 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7767C3A129D for <ipv6@ietfa.amsl.com>; Tue, 1 Dec 2020 06:12:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8gYHH8bOZIRl for <ipv6@ietfa.amsl.com>; Tue, 1 Dec 2020 06:12:09 -0800 (PST)
Received: from clt-mbsout-01.mbs.boeing.net (clt-mbsout-01.mbs.boeing.net [130.76.144.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F96B3A129F for <ipv6@ietf.org>; Tue, 1 Dec 2020 06:12:09 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 0B1EC2XB015428; Tue, 1 Dec 2020 09:12:05 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1606831925; bh=bzf5vNSWr+9dTpowEPws5Sn530Q4qq65OrijopuKpVo=; h=From:To:Subject:Date:References:In-Reply-To:From; b=uorAC5kql2HPUIzl0W2U24lCGHlDD1TrsmeL4FcCzoVWybq5qnaPtzA6FwCVFCkeq AforJdmktFRB8GkQUpZPWNUxpUBrG54b5akqPX+tKy2GSoROS6H8yxwlMi6SBG5RC8 BFUPbk4yfUAO/shm8WIk4qmrE5KqhMW0l9czjKz/Aon7pVg2CavCGlUMzNRf3xsbDd IXZsIfhyofA5x31fyTaiYto5EanofZAUBjlheGlGD+mW86nh64xvm3IC/UodhCEcAg Px2r8eXXlM2jRTj0Dhll/z6yxF0liyh2DmVwbuU9FYO+0v20+UZOY93BnxTOP61Khk ILKwL0+2SMc7w==
Received: from XCH16-07-07.nos.boeing.com (xch16-07-07.nos.boeing.com [144.115.66.109]) by clt-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 0B1EBw7p015364 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Tue, 1 Dec 2020 09:11:58 -0500
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-07.nos.boeing.com (144.115.66.109) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.2044.4; Tue, 1 Dec 2020 06:11:57 -0800
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.2044.004; Tue, 1 Dec 2020 06:11:57 -0800
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>, "ipv6@ietf.org" <ipv6@ietf.org>
Subject: RE: AERO/OMNI dropping support for SEND/CGA
Thread-Topic: AERO/OMNI dropping support for SEND/CGA
Thread-Index: AdbHZPpW7fZRe+sEQcisGsnlYu6uigAWT2pQAAtQksA=
Date: Tue, 01 Dec 2020 14:11:57 +0000
Message-ID: <e911569e14c84918b6af0635b57860e0@boeing.com>
References: <e9d391655a124688a121db7a6664d7bb@boeing.com> <efdbcaedd3264c00bd435abdb0ea5c3a@huawei.com>
In-Reply-To: <efdbcaedd3264c00bd435abdb0ea5c3a@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: 47A929E8F29183F9379DB11F35A9C2BD0A47DB2B55945FF3335C26251AC014332000:8
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/aHxqd0WN4bFp_e6OX6soJLy3kVU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 14:12:13 -0000

Eduard, thank you for your note. AERO/OMNI will adopt the Teredo method
of securing IPv6 ND messages over the open Internet as specified in RFC4380 .

Thanks - Fred

> -----Original Message-----
> From: Vasilenko Eduard [mailto:vasilenko.eduard@huawei.com]
> Sent: Tuesday, December 01, 2020 1:07 AM
> To: Templin (US), Fred L <Fred.L.Templin@boeing.com>; ipv6@ietf.org
> Subject: RE: AERO/OMNI dropping support for SEND/CGA
> 
> Hi Fred,
> SeND needs a refresh. CGA looks ridicules now in principle. You should not use it.
> 
> I am not sure: does it make sense to develop something else instead (based on ecliptic curves).
> As Fernando pointed many times: many things in ND could be resolved only by digital signature (he calls it "untrusted model").
> But as we see: market has rejected PKI. Digital signature is not useful without proper key management.
> IMHO: it is better to keep digital signature as a separate standard.
> Therefore, if you have cycles for separate OMNI addendum, then it is better to have it for completeness. If not - not much to lose
> now.
> But make sure that Open Key Cryptography and PKI (!) would be possible to add later.
> What if something would be innovated in PKI and it became popular?
> Reminder: PKI is needed not just for ND. Enterprises have the big pressure to protect all applications by TLS.
> Your vertical would probable lead on PKI adoption.
> 
> As an alternative: you could talk with IT and Security people in your vertical: if they believe in massive deployment of PKIs then you
> have to have Digital Signature for ND.
> It would still not guaranty that it would be used, because hosts would need support for it at ND level, but it is already the good
> situation to try.
> Hence again, better to keep it in separate specification.
> 
> Eduard
> > -----Original Message-----
> > From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Templin (US), Fred L
> > Sent: 1 декабря 2020 г. 1:12
> > To: ipv6@ietf.org
> > Subject: AERO/OMNI dropping support for SEND/CGA
> >
> > Folks, this is a big decision point for the AERO/OMNI drafts but I am preparing to
> > drop support for SEND/CGA (RFC3971; RFC3972). This means that IPv6 ND
> > message authentication on OMNI interfaces will use a simple HMAC the same as
> > is done for Teredo (RFC4380; RFC6081). If anyone knows why that might cause
> > problems, it would be best to speak up now.
> >
> > Fred
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email