Re: [manet] Fwd: New Version Notification fordraft-ietf-manet-packetbb-sec-00
"Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com> Wed, 23 June 2010 09:49 UTC
Return-Path: <Chris.Dearlove@baesystems.com>
X-Original-To: manet@core3.amsl.com
Delivered-To: manet@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 301B83A681B for <manet@core3.amsl.com>; Wed, 23 Jun 2010 02:49:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jT7AzLdgbXmD for <manet@core3.amsl.com>; Wed, 23 Jun 2010 02:49:33 -0700 (PDT)
Received: from ukmta3.baesystems.com (ukmta3.baesystems.com [20.133.40.55]) by core3.amsl.com (Postfix) with ESMTP id B90C03A68AF for <manet@ietf.org>; Wed, 23 Jun 2010 02:49:32 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.53,466,1272841200"; d="scan'208";a="72379689"
Received: from unknown (HELO baemasodc004.greenlnk.net) ([10.108.36.11]) by Baemasodc001ir.sharelnk.net with ESMTP; 23 Jun 2010 10:49:40 +0100
Received: from glkms1102.GREENLNK.NET (glkms1102.greenlnk.net [10.108.36.193]) by baemasodc004.greenlnk.net (Switch-3.4.3/Switch-3.4.3) with ESMTP id o5N9ndoN028503; Wed, 23 Jun 2010 10:49:39 +0100
Received: from GLKMS2100.GREENLNK.NET ([10.15.184.93]) by glkms1102.GREENLNK.NET with Microsoft SMTPSVC(6.0.3790.3959); Wed, 23 Jun 2010 10:49:39 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 23 Jun 2010 10:49:38 +0100
Message-ID: <ABE739C5ADAC9A41ACCC72DF366B719D032FD821@GLKMS2100.GREENLNK.NET>
In-Reply-To: <AANLkTimChQc_ilcgqCpghXe2_fJacd7rvOQq2MqNaQI1@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [manet] Fwd: New Version Notification fordraft-ietf-manet-packetbb-sec-00
Thread-Index: AcsQVHDP/d0Buzb8TNa64qMaroaXdgCXup5A
References: <20100620021330.75FB43A683D@core3.amsl.com> <AANLkTimChQc_ilcgqCpghXe2_fJacd7rvOQq2MqNaQI1@mail.gmail.com>
From: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
To: Ulrich Herberg <ulrich@herberg.name>, manet@ietf.org
X-OriginalArrivalTime: 23 Jun 2010 09:49:39.0681 (UTC) FILETIME=[65D3A510:01CB12B9]
Cc: Thomas Clausen <thomas@thomasclausen.org>
Subject: Re: [manet] Fwd: New Version Notification fordraft-ietf-manet-packetbb-sec-00
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jun 2010 09:49:36 -0000
I'm in favour of a signature TLV, for the usual reasons of not all reinventing similar wheels. However for an instance of use I may have, this proposal wouldn't work as is. Expecting not to be unique, here are some comments. The first issue is that not all signatures are simply an encryption of a hash. I have a concrete example in mind, but rather than disclose that example, I'll refer to the Schnorr signature (there's a Wikipedia page that's good enough to show this). This would make this constained specification not work. Note that even a minimal expansion to include Schnorr wouldn't be sufficient. Note that I'm not suggesting using Schnorr, it's just a convenient public example of the point. The next point pulls in two directions. First some cryptographic algorithms need parameters, so to specify such an algorithm needs more than just an algorithm code. But then a given deployment might, for various reasons, require all nodes to be using the same set of parameters, at which point space considerations (if nothing else) dictate that sending those parameters in every packet/message is pointless. But now why send the octet (or anything else) indicating the encryption algorithm? It doesn't fully specify the method, and if the parameters are agreed, so by implication is the encryption algorithm. The only value of the indication of the method is if we support more than one method, to distinguish between them. But that may be to distinguish between, for example, different parameterisations of the same method. Putting those together, the only thing I could use from this specification for the approach I'm interested in (or at least one of them) is to use the given TLV value and then pick a private type extension and do my own thing in that space. If that didn't involve passing any method information, but was just implicitly assuming that the algorithm (and parameters) was agreed, then the TLV value would simply be the signature. This could then be a defined type extension rather than having to use a private one. Arguably that should be type extension zero, with type extension 1 being the special case of signature=encrypt(hash(data)). -- Christopher Dearlove Technology Leader, Communications Group Networks, Security and Information Systems Department BAE Systems Advanced Technology Centre West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK Tel: +44 1245 242194 Fax: +44 1245 242124 BAE Systems (Operations) Limited Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK Registered in England & Wales No: 1996687 -----Original Message----- From: manet-bounces@ietf.org [mailto:manet-bounces@ietf.org] On Behalf Of Ulrich Herberg Sent: 20 June 2010 09:42 To: manet@ietf.org Cc: Thomas Clausen Subject: [manet] Fwd: New Version Notification fordraft-ietf-manet-packetbb-sec-00 *** WARNING *** This message has originated outside your organisation, either from an external partner or the Global Internet. Keep this in mind if you answer this message. I have submitted the packetbb-sec draft as WG draft. The draft does not contain any changes since the last individual draft (draft-herberg-manet-packetbb-sec-03). We will work on a new revision until the IETF meeting in Maastricht. Best regards Ulrich ---------- Forwarded message ---------- From: IETF I-D Submission Tool <idsubmission@ietf.org> Date: Sun, Jun 20, 2010 at 4:13 AM Subject: New Version Notification for draft-ietf-manet-packetbb-sec-00 To: ulrich@herberg.name Cc: T.Clausen@computer.org A new version of I-D, draft-ietf-manet-packetbb-sec-00.txt has been successfully submitted by Ulrich Herberg and posted to the IETF repository. Filename: draft-ietf-manet-packetbb-sec Revision: 00 Title: MANET Cryptographical Signature TLV Definition Creation_date: 2010-06-20 WG ID: manet Number_of_pages: 17 Abstract: This document describes a general and flexible TLV (type-length-value structure) for representing cryptographic signatures as well as timestamps, using the generalized MANET packet/message format [RFC5444]. It defines two Packet TLVs, two Message TLVs, and two Address Block TLVs, for affixing cryptographic signatures and timestamps to a packet, message and address, respectively. The IETF Secretariat. _______________________________________________ manet mailing list manet@ietf.org https://www.ietf.org/mailman/listinfo/manet ******************************************************************** This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. ********************************************************************
- [manet] Fwd: New Version Notification for draft-i… Ulrich Herberg
- Re: [manet] Fwd: New Version Notification fordraf… Dearlove, Christopher (UK)