RE: I-D Action: draft-jiang-6man-cga-sec-option-00.txt
"Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com> Fri, 01 August 2014 02:43 UTC
Return-Path: <zhangdacheng@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3F691A03BE for <ipv6@ietfa.amsl.com>; Thu, 31 Jul 2014 19:43:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RW0mzSYgEay9 for <ipv6@ietfa.amsl.com>; Thu, 31 Jul 2014 19:43:03 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 708C61A03BB for <ipv6@ietf.org>; Thu, 31 Jul 2014 19:43:03 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml406-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BHU43359; Fri, 01 Aug 2014 02:43:02 +0000 (GMT)
Received: from NKGEML401-HUB.china.huawei.com (10.98.56.32) by lhreml406-hub.china.huawei.com (10.201.5.243) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 1 Aug 2014 03:43:01 +0100
Received: from NKGEML507-MBS.china.huawei.com ([169.254.6.141]) by nkgeml401-hub.china.huawei.com ([10.98.56.32]) with mapi id 14.03.0158.001; Fri, 1 Aug 2014 10:42:55 +0800
From: "Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com>
To: "ipv6@ietf.org" <ipv6@ietf.org>
Subject: RE: I-D Action: draft-jiang-6man-cga-sec-option-00.txt
Thread-Topic: I-D Action: draft-jiang-6man-cga-sec-option-00.txt
Thread-Index: AQHPl11FmrcxRe6b0UGYLR500wsZBJuUYbKQgCbSBtA=
Date: Fri, 01 Aug 2014 02:42:54 +0000
Message-ID: <C72CBD9FE3CA604887B1B3F1D145D05E7BCAD4C7@nkgeml507-mbs.china.huawei.com>
References: <20140704075441.19774.85374.idtracker@ietfa.amsl.com> <814D0BFB77D95844A01CA29B44CBF8A7A0C8DC@lhreml513-mbb.china.huawei.com>
In-Reply-To: <814D0BFB77D95844A01CA29B44CBF8A7A0C8DC@lhreml513-mbb.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.98.139]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/lYdbX0QIpCdODvY7zqfQ4GIMUo8
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2014 02:43:06 -0000
Hi, Hosnieh: I think you talking about a issues in the CGA specification rather than in our document. You are indicating if the sec value is checked during the verification process, this issues will no longer exist, right? Correct me if I misunderstood anything. ^_^ Cheers Dacheng > -----Original Message----- > From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Hosnieh Rafiee > Sent: Monday, July 07, 2014 5:56 PM > To: ipv6@ietf.org > Subject: RE: I-D Action: draft-jiang-6man-cga-sec-option-00.txt > > Hi, > I've read this document and I have some questions It was for purpose that in > CGA document, they used 3 bits sec values as a part of an IP address. However, > based on the current CGA specification document, this value has been ignored > during the verification process and that was the result that I wrote > http://tools.ietf.org/html/draft-rafiee-6man-cga-attack-01 > But when you add new option but not a part of a CGA IP address, then the > attack explained in my document can be applicable like with current CGA > specification document. In other words, the attacker easily can try to match > different CGA sec values with the CGA value of the legitimate node. > > So, I guess you need to somehow protect CGA from this attack. > > Best, > Hosnieh > > > -----Original Message----- > From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of > internet-drafts@ietf.org > Sent: Friday, July 04, 2014 9:55 AM > To: i-d-announce@ietf.org > Subject: I-D Action: draft-jiang-6man-cga-sec-option-00.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > > Title : CGA SEC Option for Secure Neighbor Discovery > Protocol > Authors : Sheng Jiang > Dacheng Zhang > Suresh Krishnan > Filename : draft-jiang-6man-cga-sec-option-00.txt > Pages : 5 > Date : 2014-07-04 > > Abstract: > A Cryptographically Generated Address is an IPv6 addresses binding > with a public/private key pair. It is a vital component of Secure > Neighbor Discovery (SeND) protocol. The current SeND specifications > are lack of procedures to specify the Sec bits. A new SEC option is > defined accordingly to address this issue. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-jiang-6man-cga-sec-option/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-jiang-6man-cga-sec-option-00 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html or > ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- RE: I-D Action: draft-jiang-6man-cga-sec-option-0… Hosnieh Rafiee
- RE: I-D Action: draft-jiang-6man-cga-sec-option-0… Zhangdacheng (Dacheng)