Re: [Mipshop] Gauging interest in official WG adoption ofinternetdrafts

["James Kempf" <kempf@docomolabs-usa.com>]

Hesham,

Public key crypto is not in the critical path for handover. The SEND draft 
specifies that public key crypto be used for key distribution, not handover 
message authentication. Or was there some other problem you see with the 
SEND draft?

And, like I said, if Wassim or anybody else comes up with some cool 
technology to make key distribution be more efficient, then we can certainly 
incorporate it, that is what a WG draft is all about.

Regarding whether context transfer of keys should be used or not, you need 
to take up that issue with the SAAG. I think it is fair to say that, 
regardless of deployment, they have a low opinion of it. 3GPP would argue 
that their networks are tightly controlled from an administrative standpoint 
so therefore someone breaking into one of their base stations is very low 
probability, and, while that might be true of their networks, it is not true 
of all networks. Internet standards are targetted at a somewhat broader set 
of deployment scenerios, which, I think, would be Russ' argument against 
context transfer of keys in an Internet standard.

            jak

----- Original Message ----- 
From: "Soliman, Hesham" <hsoliman@qualcomm.com>
To: "James Kempf" <kempf@docomolabs-usa.com>; "Wassim Haddad" 
<whaddad@tcs.hut.fi>; "gabriel montenegro" 
<gabriel_montenegro_2000@yahoo.com>
Cc: <mipshop@ietf.org>
Sent: Monday, March 27, 2006 2:32 PM
Subject: RE: [Mipshop] Gauging interest in official WG adoption 
ofinternetdrafts






As we've discussed offlist, context transfer of keys between ARs has the
potential to violate the Housley Critera:

http://www.ietf.org/internet-drafts/draft-housley-aaa-key-mgmt-02.txt

Russ' draft is written specifically with AAA key management in mind, but the
criteria apply to other types of key management as well.

=> Independently of the draft being discussed, I think it's unrealistic
to say that no keys can be transferred. The only alternatives are: a trip to 
AAA
or the use of public keys for each handover. I really don't think either one 
is
better for a handover. However, I'd be open to including them as 
alternatives.
But I certainly wouldn't dismiss CT of keys, I think it's unrealistic. Also,
this is what most cellular systems do today, starting from GSM onwards.

Hesham



I skimmed your
draft, and it seemed to me that there might be a problem.

Rajeev and I have been working on this draft for over a year, and it was
transferred from MOBOPTS with the recommendation that it become a WG draft.
If you manage to come up with some way to reduce the amount of signaling
involved in SEND-based key exchange for handover that is consistent with the
Housley Critera, I would have no problem incorporating that into the WG
draft at that time. Gab and Stefano can correct me if I am wrong, but I do
not believe we are in a hurry to get this draft to the IESG, so there should
be plenty of time to incorporate enhancements that you or any WG member
would like to include.

            jak


----- Original Message ----- 
From: "Wassim Haddad" <whaddad@tcs.hut.fi>
To: "gabriel montenegro" <gabriel_montenegro_2000@yahoo.com>
Cc: <mipshop@ietf.org>
Sent: Monday, March 27, 2006 12:07 PM
Subject: Re: [Mipshop] Gauging interest in official WG adoption of
internetdrafts


> Hi,
>
> I support making the first two and the last three items WG items.
> Concerning the third item, I'd like to mention that the OptiSEND
> proposal (draft-haddad-mipshop-optisend-01), while not complete yet,
> allows the MN to share a secret with the *first* AR and to use it to
> authenticate ND signaling messages *and* mobility signaling messages
> exchanged between an AR and the MN during the MN movements and as
> long as the shared secret remains valid.
>
>
> Regards,
>
> Wassim H.
>
>
>
> On Tue, 21 Mar 2006, gabriel montenegro wrote:
>
>> Folks,
>>
>> In today's meeting we talked about 4 potential items up for adoption as
>> official working
>> groups. Talking with folks after the meeting, we've decided to add two
>> more to the list
>> of items we'll ask the WG whether we should adopt. This is the follow-up
>> email to today's
>> discussion, to make sure we ask this on the mailing list.
>>
>> So the question to the WG is: Should we adopt the following documents as
>> official WG
>> items (based on the individual drafts as noted below)?:
>>
>> 1. draft-ietf-mipshop-fmipv6-rev-XX.txt
>> based on draft-koodli-mipshop-rfc4068bis-00.txt
>>
>> 2. draft-ietf-mipshop-handover-keys-aaa-XX.txt
>> based on  draft-vidya-mipshop-handover-keys-aaa-01.txt
>>
>> 3. draft-ietf-mipshop-handover-key-send-XX.txt
>> based on draft-kempf-mobopts-handover-key-01.txt (currently expired)
>>
>> 4. draft-ietf-mipshop-fh80216e-XX.txt
>> based on draft-jang-mipshop-fh80216e-02.txt
>>
>> 5. draft-ietf-mipshop-3gfh-XX.txt
>> based on draft-yokota-mipshop-3gfh-02.txt
>>
>> 6. draft-ietf-mipshop-cga-cba-XX.txt
>> based on draft-arkko-mipshop-cga-cba-03.txt
>>
>> Please send comments one way or another through April 4, 2006.
>>
>> Thanks,
>>
>> chairs
>>
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>> _______________________________________________
>> Mipshop mailing list
>> Mipshop@ietf.org
>> https://www1.ietf.org/mailman/listinfo/mipshop
>>
>>
>
> _______________________________________________
> Mipshop mailing list
> Mipshop@ietf.org
> https://www1.ietf.org/mailman/listinfo/mipshop
>



_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop




_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop