IETF Logo Mail Archive

Re: [MEXT] re-direction attack on MCoA

marcelo bagnulo braun <marcelo@it.uc3m.es> Fri, 01 February 2008 17:32 UTC

Return-Path: <mext-bounces@ietf.org>
X-Original-To: ietfarch-mip6-archive@core3.amsl.com
Delivered-To: ietfarch-mip6-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8559028C3BE; Fri, 1 Feb 2008 09:32:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.762
X-Spam-Level:
X-Spam-Status: No, score=-3.762 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_BAD_ID=2.837, RCVD_IN_DNSWL_MED=-4]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mos-owb0lD7f; Fri, 1 Feb 2008 09:32:00 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 41A8428C387; Fri, 1 Feb 2008 09:31:51 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C9F8A28C387 for <mext@core3.amsl.com>; Fri, 1 Feb 2008 09:31:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v481-uoPjXcY for <mext@core3.amsl.com>; Fri, 1 Feb 2008 09:31:49 -0800 (PST)
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.176.133]) by core3.amsl.com (Postfix) with ESMTP id E7ACD3A68A6 for <mext@ietf.org>; Fri, 1 Feb 2008 09:31:44 -0800 (PST)
Received: from chelo-it-uc3m-es.it.uc3m.es (chelo-it-uc3m-es.it.uc3m.es [163.117.139.76])(using TLSv1 with cipher AES128-SHA (128/128 bits))(No client certificate requested)by smtp03.uc3m.es (Postfix) with ESMTP id 172372C68F9;Fri, 1 Feb 2008 18:33:18 +0100 (CET)
Message-Id: <AEED9021-C752-4A31-9130-741091CBF81C@it.uc3m.es>
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
To: RYUJI WAKIKAWA <ryuji.wakikawa@gmail.com>
In-Reply-To: <855CE3D2-FD2E-498F-BABB-1970645CBC77@gmail.com>
Mime-Version: 1.0 (Apple Message framework v915)
Date: Fri, 01 Feb 2008 18:33:16 +0100
References: <7892795E1A87F04CADFCCF41FADD00FC051C02A0@xmb-ams-337.emea.cisco .com><4C47BAA9-BA58-45F7-BDCF-2C050118BACE@it.uc3m.es><Pine.LNX.4.64.08013 0 1915130.30941@rhea.tcs.hut.fi><F9F7F253-DC2E-4F89-B235-6C00A981425B@it.uc3m .es><Pine.LNX.4.64.0801302010130.30941@rhea.tcs.hut.fi><E4A82F11-1FA6-4908 - A466-EC839FD7C315@it.uc3m.es><6D19CA8D71C89C43A057926FE0D4ADAA232B6D@ecamlm w720.eamcs.ericsson.se><d3886a520801310308u937f976u214dff17a050d97b@mail.g mail.com> <855CE3D2-FD2E-498F-BABB-1970645CBC77@gmail.com>
X-Mailer: Apple Mail (2.915)
X-imss-version: 2.049
X-imss-result: Passed
X-imss-scanInfo: M:B L:E SM:2
X-imss-tmaseResult: TT:1 TS:-30.4878 TC:1F TRN:51 TV:5.0.1023(15704.000)
X-imss-scores: Clean:100.00000 C:0 M:0 S:0 R:0
X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000)
Cc: Julien Laganier <julien.laganier@laposte.net>, mext@ietf.org
Subject: Re: [MEXT] re-direction attack on MCoA
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org

right

El 01/02/2008, a las 11:33, RYUJI WAKIKAWA escribió:

> Hi All,
>
> Thanks for all your comments. I agree with George and see the  
> progress.
>
> I treated this action as a consensus.
> We will not include the Ben's solution in the MCoA and leave it to
> other work.
>
> thanks,
> ryuji
>
>
>
> On 2008/01/31, at 20:08, George Tsirtsis wrote:
>
>> I am of course also interested in this work. I guess we already have
>> enough people to get the ball rolling on this.
>>
>> Thanks
>> George
>>
>> On Jan 31, 2008 10:59 AM, Suresh Krishnan <suresh.krishnan@ericsson.com
>>> wrote:
>>> Hi Marcelo,
>>> I am willing to work on a generic MIPv6 threats document along
>>> with the other interested people.
>>>
>>> Cheers
>>> Suresh
>>>
>>> -----Original Message-----
>>> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
>>> Sent: January 31, 2008 11:13 AM
>>> To: Wassim Haddad
>>> Cc: Julien Laganier; mext@ietf.org
>>>
>>> Subject: Re: [MEXT] re-direction attack on MCoA
>>>
>>>
>>> El 30/01/2008, a las 19:16, Wassim Haddad escribió:
>>>>
>>>> => As there is a clear interest in the redirection attack on the HA
>>>> side, I volunteer to do some work on this one.
>>>>
>>>
>>> I think the work should be general to all residual threats on MIP as
>>> George mentioned, i think this would be more interesting since it
>>> would allow us to put the different threats in perspective and  
>>> figure
>>> out which ones we should address.
>>>
>>>
>>>
>>>>
>>>> Regards,
>>>>
>>>> Wassim H.
>>>>
>>>>
>>>>> El 30/01/2008, a las 18:19, Wassim Haddad escribió:
>>>>>
>>>>>> Hi Marcelo,
>>>>>> IMHO, this topic has to be included as a new item in the new
>>>>>> charter and
>>>>>> should not be limited to MCoA.
>>>>>> Regards,
>>>>>> Wassim H.
>>>>>> On Wed, 30 Jan 2008, marcelo bagnulo braun wrote:
>>>>>>> Pascal,
>>>>>>> The question at this point is the following one: do you think
>>>>>>> that this threat should be addressed in the MCoA draft itself?
>>>>>>> comments?
>>>>>>> Regards, marcelo
>>>>>>> El 30/01/2008, a las 10:09, Pascal Thubert (pthubert) escribió:
>>>>>>>> I agree with Wassim on both mails.
>>>>>>>> There's also the situation where the MN/MR might be fooled by
>>>>>>>> the
>>>>>>>> visited network into believing that the CoA (or its prefix if a
>>>>>>>> network
>>>>>>>> is attacked as opposed to a host) is on the visited link. DSMIP
>>>>>>>> is also
>>>>>>>> exposed, in particular with IPv4 CoAs.
>>>>>>>> There are many scenarios that do not involve high mobility were
>>>>>>>> a 3-way
>>>>>>>> or a 4-way handshake could be used to verify the CoA. We have
>>>>>>>> proposed
>>>>>>>> such a test in section 6 of the RRH draft that uses a triggered
>>>>>>>> 2nd BU
>>>>>>>> flow to verify the CoA in the first one:
>>>>>>>> http://tools.ietf.org/html/draft-thubert-nemo-reverse-routing-header-07#
>>>>>>>> section-6
>>>>>>>> Pascal
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Wassim Haddad [mailto:whaddad@tcs.hut.fi]
>>>>>>>>> Sent: mercredi 30 janvier 2008 09:32
>>>>>>>>> To: Benjamin Lim
>>>>>>>>> Cc: 'Julien Laganier'; mext@ietf.org
>>>>>>>>> Subject: RE: [MEXT] re-direction attack on MCoA
>>>>>>>>> On Wed, 30 Jan 2008, Benjamin Lim wrote:
>>>>>>>>>> All in all, what I am trying to say is that tracing only
>>>>>>>>>> limits the
>>>>>>>>>> effect of the attack from escalating further and not
>>>>>>>>>> preventing it.
>>>>>>>>> => which (again) also perfectly applies to a single CoA.
>>>>>>>>> Regards,
>>>>>>>>> Wassim H.
>>>>>>>>> _______________________________________________
>>>>>>>>> MEXT mailing list
>>>>>>>>> MEXT@ietf.org
>>>>>>>>> https://www1.ietf.org/mailman/listinfo/mext
>>>>>>>> _______________________________________________
>>>>>>>> MEXT mailing list
>>>>>>>> MEXT@ietf.org
>>>>>>>> https://www1.ietf.org/mailman/listinfo/mext
>>>>>> _______________________________________________
>>>>>> MEXT mailing list
>>>>>> MEXT@ietf.org
>>>>>> https://www1.ietf.org/mailman/listinfo/mext
>>>>>
>>>> _______________________________________________
>>>> MEXT mailing list
>>>> MEXT@ietf.org
>>>> https://www1.ietf.org/mailman/listinfo/mext
>>>
>>>
>>> _______________________________________________
>>> MEXT mailing list
>>> MEXT@ietf.org
>>> https://www1.ietf.org/mailman/listinfo/mext
>>>
>>> _______________________________________________
>>> MEXT mailing list
>>> MEXT@ietf.org
>>> https://www1.ietf.org/mailman/listinfo/mext
>>>
>>
>> _______________________________________________
>> MEXT mailing list
>> MEXT@ietf.org
>> https://www1.ietf.org/mailman/listinfo/mext
>
> _______________________________________________
> MEXT mailing list
> MEXT@ietf.org
> http://www.ietf.org/mailman/listinfo/mext

_______________________________________________
MEXT mailing list
MEXT@ietf.org
http://www.ietf.org/mailman/listinfo/mext
From mext-bounces@ietf.org  Fri Feb  1 10:15:15 2008
Return-Path: <mext-bounces@ietf.org>
X-Original-To: ietfarch-mip6-archive@core3.amsl.com
Delivered-To: ietfarch-mip6-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 9599928C169;
	Fri,  1 Feb 2008 10:15:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.762
X-Spam-Level: 
X-Spam-Status: No, score=-3.762 tagged_above=-999 required=5
	tests=[BAYES_00=-2.599, RCVD_BAD_ID=2.837, RCVD_IN_DNSWL_MED=-4]
Received: from core3.amsl.com ([127.0.0.1])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id jDZooEDgnCjM; Fri,  1 Feb 2008 10:15:14 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 705103A693A;
	Fri,  1 Feb 2008 10:15:14 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 30F0B3A69B2
	for <mext@core3.amsl.com>; Fri,  1 Feb 2008 10:15:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id LatYHeQOFF10 for <mext@core3.amsl.com>;
	Fri,  1 Feb 2008 10:15:12 -0800 (PST)
Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.176.132])
	by core3.amsl.com (Postfix) with ESMTP id 4A8D93A6930
	for <mext@ietf.org>; Fri,  1 Feb 2008 10:13:49 -0800 (PST)
Received: from chelo-it-uc3m-es.it.uc3m.es (chelo-it-uc3m-es.it.uc3m.es 
	[163.117.139.76])(using TLSv1 with cipher AES128-SHA (128/128 bits))(No
	client certificate requested)by smtp02.uc3m.es (Postfix) with ESMTP id 
	A2B822EBD92;Fri,  1 Feb 2008 19:15:23 +0100 (CET)
Message-Id: <DF45FDEC-D800-4B1D-BF5F-3903A781BD32@it.uc3m.es>
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
To: mext@ietf.org
Mime-Version: 1.0 (Apple Message framework v915)
Date: Fri, 1 Feb 2008 19:15:22 +0100
X-Mailer: Apple Mail (2.915)
X-imss-version: 2.049
X-imss-result: Passed
X-imss-scanInfo: M:B L:E SM:2
X-imss-tmaseResult: TT:1 TS:-6.9168 TC:1F TRN:10 TV:5.0.1023(15704.000)
X-imss-scores: Clean:100.00000 C:0 M:0 S:0 R:0
X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000)
Cc: Julien Laganier <julien.laganier@laposte.net>
Subject: [MEXT] MEXT review of Diameter Mobile IPv6: Support for Network
	Access Server to Diameter Server Interaction draft
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/mext>,
	<mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/mext>,
	<mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org

Hi,

i would like to request feedback from the MEXT community on the  
following draft

Diameter Mobile IPv6: Support for Network Access Server to Diameter  
Server Interaction
draft-ietf-dime-mip6-integrated-07.txt

http://tools.ietf.org/html/draft-ietf-dime-mip6-integrated-07

Even though this is not a MEXT document, it is clearly MIP6 related,  
so it would be important that MEXT WG feel comfortable with it.

Thanks, marcelo
_______________________________________________
MEXT mailing list
MEXT@ietf.org
http://www.ietf.org/mailman/listinfo/mext

v2.23.0 | Report a Bug | By Email