IETF Logo Mail Archive

Re: [manet] WG adoption of NHDP-sec

Ulrich Herberg <ulrich@herberg.name> Sat, 23 April 2011 10:34 UTC

Return-Path: <ulrich@herberg.name>
X-Original-To: manet@ietfc.amsl.com
Delivered-To: manet@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 77181E06A7 for <manet@ietfc.amsl.com>; Sat, 23 Apr 2011 03:34:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level:
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nQXUUIdq8cKh for <manet@ietfc.amsl.com>; Sat, 23 Apr 2011 03:34:47 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by ietfc.amsl.com (Postfix) with ESMTP id 5AFC8E0661 for <manet@ietf.org>; Sat, 23 Apr 2011 03:34:46 -0700 (PDT)
Received: by wwa36 with SMTP id 36so814715wwa.13 for <manet@ietf.org>; Sat, 23 Apr 2011 03:34:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herberg.name; s=dkim; h=domainkey-signature:references:in-reply-to:mime-version :content-transfer-encoding:content-type:message-id:cc:x-mailer:from :subject:date:to; bh=sRmFt9M7ZITYKC19MLjIHj3BgtNJrYmqt2b6B09SbqE=; b=pWNjmHxWmprRM08LKqAguhLT+MLcH3daFkAV8g5YmDqzxUolDcI4PbRO4OOuQJ8gzM cpVrSgX8OBHO/KSMFO7l0dX+OI6eRDL49CcL7Befb/63nXldfHpMNwDuEE4kBvzhWSDh 2TQCKfv9xRezWUsfj+L8hdP7jyNw11F+jlF48=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=herberg.name; s=dkim; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to; b=ZF3LnmXrn1BNEPKFzEU6PIHwLrsoOYDd9G6XWiv/hYzk9YXbTKFncvnbpUu2vuLCga ewtbrEzU0EmkDZjiOs9rv6OF+ER01mQ0upsjNOwI3zqD4qXSw5k1nb9YXEcG3WlIT5Mm C+g9XLyEX/H7D+xHxcE6EgXJCi4Smy21mW/A8=
Received: by 10.227.10.149 with SMTP id p21mr1942505wbp.195.1303554885783; Sat, 23 Apr 2011 03:34:45 -0700 (PDT)
Received: from [192.168.1.16] (AMontsouris-753-1-3-56.w90-2.abo.wanadoo.fr [90.2.130.56]) by mx.google.com with ESMTPS id bd8sm2192527wbb.65.2011.04.23.03.34.43 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 23 Apr 2011 03:34:44 -0700 (PDT)
References: <02F6C412-BA94-4319-B05B-FF0B5AD343DC@nrl.navy.mil> <ABE739C5ADAC9A41ACCC72DF366B719D042645C1@GLKMS2100.GREENLNK.NET>
In-Reply-To: <ABE739C5ADAC9A41ACCC72DF366B719D042645C1@GLKMS2100.GREENLNK.NET>
Mime-Version: 1.0 (iPad Mail 8H7)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <7A7D1783-E567-4970-965C-ED138BD4EF79@herberg.name>
X-Mailer: iPad Mail (8H7)
From: Ulrich Herberg <ulrich@herberg.name>
Date: Sat, 23 Apr 2011 12:34:45 +0200
To: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
Cc: Ulrich Herberg <ulrich.herberg@polytechnique.edu>, MANET IETF <manet@ietf.org>, Thomas Heide Clausen <thomas@thomasclausen.org>
Subject: Re: [manet] WG adoption of NHDP-sec
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Apr 2011 10:34:48 -0000

Chris,

before I will reply to your comments, I have a general question: Do your comments apply to packetbb-sec or to NHDP-sec? It seems to me they apply to packetbb-sec, rather than NHDP-sec...

Ulrich

On Apr 21, 2011, at 17:17, "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com> wrote:

> Brief version: I think there's a two part change that should
> be included before finishing WGLC.
> 
> My apologies in advance in that should this spark a discussion,
> I'll be out of the loop for a week and a half and no able to
> contribute. (The UK is largely shutting down, we have for a
> combination of rare reasons, two four day weekends, with a
> three day gap. Many of us are taking those three days off too.)
> 
> My main concern over this document is that it specifies a
> signature as the composition of a hash function and a
> cryptographic function, in that order. There are other ways
> of constructing signatures that do not correspond to such
> a decomposition.
> 
> The obvious response to that is to pick a new type extension
> for such. This can't be normative text in this document, but
> I think it should be described in the applicability statement,
> which should say that this specification describes a general
> approach to signatures (much of the document, such as how to
> traety hop counts/limits is not specific to this decomposition)
> and then a specific approach to signatures, and should provide
> the comment that other mathematical forms of signature are
> possible, and should be handled by use of alternative type
> extensions. In the main body of the specification, a bit more
> clarity on what is form-specific and what is not would then
> help.
> 
> This then leads to the question a to whether the form described
> should be the privileged type extension = 0 case. Actually I
> would suggest it should be type extension = 1, with 0 reserved
> for "I'm not providing any information on algorithms, this is
> defined out of band, not in each packet. The reason I suggest
> that as type 0 (and including it in this document) is that it
> puts the two lowest-overhead options together (type extension 0,
> which can be omitted, and no algorithm information).
> 
> Note that for timestamp, what other type extensions may be is
> alraedy covered, but not so for signatures, and timestamp uses
> the type extension 0 for the analogous case I suggest for type
> extension 0 for signature, i.e. detertmined otherwise (should
> the phrase "administrative action" be used in both cases?)
> 
> I think there should be another iteration before going to
> SECDIR and IESG, as I think it will avoid work further down the
> line, as well as being a better specification this way.
> 
> -- 
> Christopher Dearlove
> Technology Leader, Communications Group
> Communications and Networks Capability
> BAE Systems Advanced Technology Centre
> West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
> Tel: +44 1245 242194  Fax: +44 1245 242124
> 
> BAE Systems (Operations) Limited
> Registered Office: Warwick House, PO Box 87,
> Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK
> Registered in England & Wales No: 1996687
> 
> -----Original Message-----
> From: manet-bounces@ietf.org [mailto:manet-bounces@ietf.org] On Behalf
> Of Joe Macker
> Sent: 07 April 2011 17:17
> To: MANET IETF
> Subject: [manet] WG adoption of NHDP-sec
> 
> 
>                    *** WARNING ***
> 
>  This message has originated outside your organisation,
>  either from an external partner or the Global Internet. 
>      Keep this in mind if you answer this message.
> 
> 
> As discussed in Prague we are presently considering adoption of NHDP
> security related document as a WG document.
> 
> reference is draft-herberg-manet-nhdp-sec-01
> 
> Please comment if you have an opinion.
> 
> -Joe
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet
> 
> 
> ********************************************************************
> This email and any attachments are confidential to the intended
> recipient and may also be privileged. If you are not the intended
> recipient please delete it from your system and notify the sender.
> You should not copy it or use it for any purpose nor disclose or
> distribute its contents to any other person.
> ********************************************************************
>

v2.23.0 | Report a Bug | By Email