RE: [Mipshop] Gauging interest in official WG adoptionofinternetdrafts

Public key crypto is not in the critical path for handover. The SEND draft 
specifies that public key crypto be used for key distribution, not handover 
message authentication. Or was there some other problem you see with the 
SEND draft?

=> Well, the key distribution would need to be repeated every time you
move unless you CT keys right?

Regarding whether context transfer of keys should be used or not, you need 
to take up that issue with the SAAG. I think it is fair to say that, 
regardless of deployment, they have a low opinion of it. 

=> With all respect to SAAG, I think they're being inflexible about this
and the reasons are not that clear. This is a problem in more than one 
aspect of security in IETF. Everything is being done in isolation without 
providing flexibility for complementing aspects of deployment or even
describing when things can be "worked around" in a safe manner. 

Internet standards are targetted at a somewhat broader set 
of deployment scenerios, which, I think, would be Russ' argument against 
context transfer of keys in an Internet standard.

=> Sure, but it's strange IMO to limit everything else by assuming that 
the *only* mode of operation is the one that requires 100% security of 
each protocol independently of the deployment scenario. That's what SHOULDs
are for, as opposed to MUSTs.

Hesham

            jak

----- Original Message ----- 
From: "Soliman, Hesham" <hsoliman@qualcomm.com>
To: "James Kempf" <kempf@docomolabs-usa.com>; "Wassim Haddad" 
<whaddad@tcs.hut.fi>; "gabriel montenegro" 
<gabriel_montenegro_2000@yahoo.com>
Cc: <mipshop@ietf.org>
Sent: Monday, March 27, 2006 2:32 PM
Subject: RE: [Mipshop] Gauging interest in official WG adoption 
ofinternetdrafts

As we've discussed offlist, context transfer of keys between ARs has the
potential to violate the Housley Critera:

http://www.ietf.org/internet-drafts/draft-housley-aaa-key-mgmt-02.txt

Russ' draft is written specifically with AAA key management in mind, but the
criteria apply to other types of key management as well.

=> Independently of the draft being discussed, I think it's unrealistic
to say that no keys can be transferred. The only alternatives are: a trip to 
AAA
or the use of public keys for each handover. I really don't think either one 
is
better for a handover. However, I'd be open to including them as 
alternatives.
But I certainly wouldn't dismiss CT of keys, I think it's unrealistic. Also,
this is what most cellular systems do today, starting from GSM onwards.

Hesham

I skimmed your
draft, and it seemed to me that there might be a problem.

Rajeev and I have been working on this draft for over a year, and it was
transferred from MOBOPTS with the recommendation that it become a WG draft.
If you manage to come up with some way to reduce the amount of signaling
involved in SEND-based key exchange for handover that is consistent with the
Housley Critera, I would have no problem incorporating that into the WG
draft at that time. Gab and Stefano can correct me if I am wrong, but I do
not believe we are in a hurry to get this draft to the IESG, so there should
be plenty of time to incorporate enhancements that you or any WG member
would like to include.

            jak

----- Original Message ----- 
From: "Wassim Haddad" <whaddad@tcs.hut.fi>
To: "gabriel montenegro" <gabriel_montenegro_2000@yahoo.com>
Cc: <mipshop@ietf.org>
Sent: Monday, March 27, 2006 12:07 PM
Subject: Re: [Mipshop] Gauging interest in official WG adoption of
internetdrafts

> Hi,
>
> I support making the first two and the last three items WG items.
> Concerning the third item, I'd like to mention that the OptiSEND
> proposal (draft-haddad-mipshop-optisend-01), while not complete yet,
> allows the MN to share a secret with the *first* AR and to use it to
> authenticate ND signaling messages *and* mobility signaling messages
> exchanged between an AR and the MN during the MN movements and as
> long as the shared secret remains valid.
>
>
> Regards,
>
> Wassim H.
>
>
>
> On Tue, 21 Mar 2006, gabriel montenegro wrote:
>
>> Folks,
>>
>> In today's meeting we talked about 4 potential items up for adoption as
>> official working
>> groups. Talking with folks after the meeting, we've decided to add two
>> more to the list
>> of items we'll ask the WG whether we should adopt. This is the follow-up
>> email to today's
>> discussion, to make sure we ask this on the mailing list.
>>
>> So the question to the WG is: Should we adopt the following documents as
>> official WG
>> items (based on the individual drafts as noted below)?:
>>
>> 1. draft-ietf-mipshop-fmipv6-rev-XX.txt
>> based on draft-koodli-mipshop-rfc4068bis-00.txt
>>
>> 2. draft-ietf-mipshop-handover-keys-aaa-XX.txt
>> based on  draft-vidya-mipshop-handover-keys-aaa-01.txt
>>
>> 3. draft-ietf-mipshop-handover-key-send-XX.txt
>> based on draft-kempf-mobopts-handover-key-01.txt (currently expired)
>>
>> 4. draft-ietf-mipshop-fh80216e-XX.txt
>> based on draft-jang-mipshop-fh80216e-02.txt
>>
>> 5. draft-ietf-mipshop-3gfh-XX.txt
>> based on draft-yokota-mipshop-3gfh-02.txt
>>
>> 6. draft-ietf-mipshop-cga-cba-XX.txt
>> based on draft-arkko-mipshop-cga-cba-03.txt
>>
>> Please send comments one way or another through April 4, 2006.
>>
>> Thanks,
>>
>> chairs
>>
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>> _______________________________________________
>> Mipshop mailing list
>> Mipshop@ietf.org
>> https://www1.ietf.org/mailman/listinfo/mipshop
>>
>>
>
> _______________________________________________
> Mipshop mailing list
> Mipshop@ietf.org
> https://www1.ietf.org/mailman/listinfo/mipshop
>

_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop

_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop