Re: [Mip6] Secure binding update..
Jari Arkko <jari.arkko@kolumbus.fi> Mon, 22 December 2003 07:31 UTC
Received: from optimus.ietf.org ([132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA06035 for <mip6-archive@odin.ietf.org>; Mon, 22 Dec 2003 02:31:02 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYKWG-0005DX-3w for mip6-archive@odin.ietf.org; Mon, 22 Dec 2003 02:30:35 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id hBM7UNJQ020041 for mip6-archive@odin.ietf.org; Mon, 22 Dec 2003 02:30:23 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYKWF-0005D3-K1 for mip6-web-archive@optimus.ietf.org; Mon, 22 Dec 2003 02:30:23 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA06003 for <mip6-web-archive@ietf.org>; Mon, 22 Dec 2003 02:30:20 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AYKWB-00019T-00 for mip6-web-archive@ietf.org; Mon, 22 Dec 2003 02:30:20 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AYKWA-00019M-00 for mip6-web-archive@ietf.org; Mon, 22 Dec 2003 02:30:19 -0500
Received: from [132.151.1.19] (helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1AYKWA-00019J-00 for mip6-web-archive@ietf.org; Mon, 22 Dec 2003 02:30:18 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYKVz-0005BM-Jr; Mon, 22 Dec 2003 02:30:07 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYKV4-00059K-0T for mip6@optimus.ietf.org; Mon, 22 Dec 2003 02:29:25 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA05955 for <mip6@ietf.org>; Mon, 22 Dec 2003 02:29:06 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AYKV0-00010z-00 for mip6@ietf.org; Mon, 22 Dec 2003 02:29:06 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AYKUz-00010s-00 for mip6@ietf.org; Mon, 22 Dec 2003 02:29:05 -0500
Received: from fep21-0.kolumbus.fi ([193.229.0.48] helo=fep21-app.kolumbus.fi) by ietf-mx with esmtp (Exim 4.12) id 1AYKUy-00010p-00 for mip6@ietf.org; Mon, 22 Dec 2003 02:29:04 -0500
Received: from kolumbus.fi ([62.248.170.204]) by fep21-app.kolumbus.fi with ESMTP id <20031222072904.KSUM27281.fep21-app.kolumbus.fi@kolumbus.fi>; Mon, 22 Dec 2003 09:29:04 +0200
Message-ID: <3FE69D08.7020206@kolumbus.fi>
Date: Mon, 22 Dec 2003 09:28:08 +0200
From: Jari Arkko <jari.arkko@kolumbus.fi>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Warodom Werapun <ple@graduate.kmitl.ac.th>
CC: mip6@ietf.org
Subject: Re: [Mip6] Secure binding update..
References: <3FD338ED.5080900@graduate.kmitl.ac.th> <3FD36BC9.7060306@iprg.nokia.com> <3FE5C5D3.8060307@graduate.kmitl.ac.th> <3FE5FFBE.1000604@kolumbus.fi> <3FE65B33.50706@graduate.kmitl.ac.th>
In-Reply-To: <3FE65B33.50706@graduate.kmitl.ac.th>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: mip6-admin@ietf.org
Errors-To: mip6-admin@ietf.org
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Id: <mip6.ietf.org>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Warodom Werapun wrote: > >> >> ABKs were considered as a potential mechanism to secure BUs to >> correspondent nodes, among other techniques. The current RR >> technique was the one chosen for the base spec, however. >> >> ABKs do not have anything to do with IPsec SAs. > > > In ABKs draft said that > (http://www.math.ohio-state.edu/~silver/bibliography/mobileip) > RR has a weakness that if an attacker can eavesdrop on two links > (HA-CN and MN-CN), then it can send a fake BU successfully. CGA with an > initial round of RR is susceptible to this attack. The ABK protocol does > not have this weakness: an attacker who can eavesdrop on two links still > cannot send a MAC'd BU. However, if an attacker Okazaki, S. > Informational [Page 12] Internet Draft Securing BUs July, 2002 can > alter messages on both the MN-CN and HA-CN links, then it is possible to > establish a fake BU with CN. As mentioned above, both RR and CGA (with > an initial round of RR) are susceptible to a similar attack. > > Why current RR technique was choosed? How RR technique protected > this problem? Some of the background has been discussed in http://www.ietf.org/internet-drafts/draft-nikander-mobileip-v6-ro-sec-02.txt --Jari _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www.ietf.org/mailman/listinfo/mip6
- [Mip6] Secure binding update.. Warodom Werapun
- Re: [Mip6] Secure binding update.. Vijay Devarapalli
- Re: [Mip6] Secure binding update.. Warodom Werapun
- Re: [Mip6] Secure binding update.. Vijay Devarapalli
- Re: [Mip6] Secure binding update.. Warodom Werapun
- Re: [Mip6] Secure binding update.. Jari Arkko
- Re: [Mip6] Secure binding update.. Warodom Werapun
- Re: [Mip6] Secure binding update.. Jari Arkko
- Re: [Mip6] Secure binding update.. James Kempf
- Re: [Mip6] Secure binding update.. Warodom Werapun
- Re: [Mip6] Secure binding update.. James Kempf