Re: [manet] I-D Action:draft-ietf-manet-packetbb-sec-00.txt
Bo Berry <boberry@cisco.com> Sun, 20 June 2010 12:14 UTC
Return-Path: <boberry@cisco.com>
X-Original-To: manet@core3.amsl.com
Delivered-To: manet@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 31CB93A69C1 for <manet@core3.amsl.com>; Sun, 20 Jun 2010 05:14:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v7ONKRYs+oLA for <manet@core3.amsl.com>; Sun, 20 Jun 2010 05:14:01 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id 94F7A3A69BD for <manet@ietf.org>; Sun, 20 Jun 2010 05:14:00 -0700 (PDT)
Authentication-Results: rtp-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Aj4FAOeiHUxAZnwM/2dsb2JhbACSZ4wjcaVzmTeFGwQ
X-IronPort-AV: E=Sophos;i="4.53,447,1272844800"; d="scan'208";a="123464569"
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by rtp-iport-1.cisco.com with ESMTP; 20 Jun 2010 12:14:06 +0000
Received: from [192.168.1.107] (ggsg-vpn2-230-65.cisco.com [10.81.230.65]) by rtp-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o5KCE6Fp028166 for <manet@ietf.org>; Sun, 20 Jun 2010 12:14:06 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1078)
From: Bo Berry <boberry@cisco.com>
In-Reply-To: <20100620021504.7D1093A6834@core3.amsl.com>
Date: Sun, 20 Jun 2010 08:14:06 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <C2120E0E-AB18-4709-BB45-0FF427F91243@cisco.com>
References: <20100620021504.7D1093A6834@core3.amsl.com>
To: manet@ietf.org
X-Mailer: Apple Mail (2.1078)
X-Mailman-Approved-At: Sun, 20 Jun 2010 08:09:20 -0700
Subject: Re: [manet] I-D Action:draft-ietf-manet-packetbb-sec-00.txt
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jun 2010 12:14:04 -0000
Ulrich, Thomas:
Below are a few points for consideration and discussion.
Regards
-Bo Berry
In section 10.2.2. Hash Function suggest adding SHA-128, SHA-256,
SHA-386, SHA-512 under SHA-2.
And in section 10.2.3. Cryptographic Algorithm, suggest adding ECC.
As noted in section 5, "Before being able to validate a cryptographic
signature, routers have to exchange keys (e.g. public keys)." Each
router (node) may have several keys (key ring). In this case, it would
be useful to define a key index TLVs. The Key Index TLV would be
needed when multiple keys are used.
Also suggest breaking the <signature> TLV into separate TLVs to
increase flexibility and to align with the separate <timestamp> TLV.
Nodes may wish/need to configure the hash and crypto functions when
keys are configured and would not need to carry this info in the
signature TLV.
So we could define the following TLVs:
<key-index TLV> := <key index value>
<hash-function TLV> := <hash function identifier>
<cryptographic-algorithm TLV> := <crypto-algor identifier>
<signature-value TLV> := <signature value>
On Jun 20, 2010, at 4:41 AM, Ulrich Herberg wrote:
> I have submitted the packetbb-sec draft as WG draft. The draft does
> not contain any changes since the last individual draft
> (draft-herberg-manet-packetbb-sec-03). We will work on a new revision
> until the IETF meeting in Maastricht.
>
> Best regards
> Ulrich
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Mobile Ad-hoc Networks Working Group of the IETF.
>
>
> Title : MANET Cryptographical Signature TLV Definition
> Author(s) : U. Herberg, T. Clausen
> Filename : draft-ietf-manet-packetbb-sec-00.txt
> Pages : 17
> Date : 2010-06-19
>
> This document describes a general and flexible TLV (type-length-value
> structure) for representing cryptographic signatures as well as
> timestamps, using the generalized MANET packet/message format
> [RFC5444]. It defines two Packet TLVs, two Message TLVs, and two
> Address Block TLVs, for affixing cryptographic signatures and
> timestamps to a packet, message and address, respectively.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-manet-packetbb-sec-00.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
> <Mail Attachment>_______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet
- [manet] I-D Action:draft-ietf-manet-packetbb-sec-… Internet-Drafts
- Re: [manet] I-D Action:draft-ietf-manet-packetbb-… Bo Berry
- Re: [manet] I-D Action:draft-ietf-manet-packetbb-… Paul Lambert
- Re: [manet] I-D Action:draft-ietf-manet-packetbb-… Bo Berry
- Re: [manet] I-D Action:draft-ietf-manet-packetbb-… Paul Lambert
- Re: [manet] I-D Action:draft-ietf-manet-packetbb-… Henning Rogge