RE: [Mipshop] Gauging interest in official WG adoptionofinternetdrafts
"Soliman, Hesham" <hsoliman@qualcomm.com> Tue, 28 March 2006 17:22 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FOHtn-00029C-9n; Tue, 28 Mar 2006 12:22:31 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FO5o8-0002dY-Dj for mipshop@ietf.org; Mon, 27 Mar 2006 23:27:52 -0500
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FO5o7-00067e-7n for mipshop@ietf.org; Mon, 27 Mar 2006 23:27:52 -0500
Received: from sabrina.qualcomm.com (sabrina.qualcomm.com [129.46.61.150]) by ithilien.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id k2S4Rlio025445 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 27 Mar 2006 20:27:48 -0800
Received: from NAEXBR03.na.qualcomm.com (naexbr03.qualcomm.com [129.46.134.172]) by sabrina.qualcomm.com (8.13.5/8.12.5/1.0) with ESMTP id k2S4RkjQ022084; Mon, 27 Mar 2006 20:27:47 -0800 (PST)
Received: from NAEX06.na.qualcomm.com ([129.46.135.161]) by NAEXBR03.na.qualcomm.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 27 Mar 2006 20:27:46 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [Mipshop] Gauging interest in official WG adoptionofinternetdrafts
Date: Mon, 27 Mar 2006 20:22:51 -0800
Message-ID: <1487A357FD2ED544B8AD29E528FF9DF029FA04@NAEX06.na.qualcomm.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Mipshop] Gauging interest in official WG adoptionofinternetdrafts
Thread-Index: AcZR9+w7d2pl68WWTpW9OZDqpvz11wAJ1rKY
References: <20060322074936.65932.qmail@web81910.mail.mud.yahoo.com><Pine.LNX.4.58.0603272256480.3081@rhea.tcs.hut.fi><016c01c651e0$e65d82d0$026115ac@dcml.docomolabsusa.com><1487A357FD2ED544B8AD29E528FF9DF029FA03@NAEX06.na.qualcomm.com> <021201c651f7$9de94400$026115ac@dcml.docomolabsusa.com>
From: "Soliman, Hesham" <hsoliman@qualcomm.com>
To: James Kempf <kempf@docomolabs-usa.com>, Wassim Haddad <whaddad@tcs.hut.fi>, gabriel montenegro <gabriel_montenegro_2000@yahoo.com>
X-OriginalArrivalTime: 28 Mar 2006 04:27:46.0537 (UTC) FILETIME=[F6D6BD90:01C6521F]
X-Spam-Score: 0.5 (/)
X-Scan-Signature: 680445c3afe8c9e96925f2dfef141924
X-Mailman-Approved-At: Tue, 28 Mar 2006 12:22:30 -0500
Cc: mipshop@ietf.org
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0688409959=="
Errors-To: mipshop-bounces@ietf.org
Public key crypto is not in the critical path for handover. The SEND draft specifies that public key crypto be used for key distribution, not handover message authentication. Or was there some other problem you see with the SEND draft? => Well, the key distribution would need to be repeated every time you move unless you CT keys right? Regarding whether context transfer of keys should be used or not, you need to take up that issue with the SAAG. I think it is fair to say that, regardless of deployment, they have a low opinion of it. => With all respect to SAAG, I think they're being inflexible about this and the reasons are not that clear. This is a problem in more than one aspect of security in IETF. Everything is being done in isolation without providing flexibility for complementing aspects of deployment or even describing when things can be "worked around" in a safe manner. Internet standards are targetted at a somewhat broader set of deployment scenerios, which, I think, would be Russ' argument against context transfer of keys in an Internet standard. => Sure, but it's strange IMO to limit everything else by assuming that the *only* mode of operation is the one that requires 100% security of each protocol independently of the deployment scenario. That's what SHOULDs are for, as opposed to MUSTs. Hesham jak ----- Original Message ----- From: "Soliman, Hesham" <hsoliman@qualcomm.com> To: "James Kempf" <kempf@docomolabs-usa.com>; "Wassim Haddad" <whaddad@tcs.hut.fi>; "gabriel montenegro" <gabriel_montenegro_2000@yahoo.com> Cc: <mipshop@ietf.org> Sent: Monday, March 27, 2006 2:32 PM Subject: RE: [Mipshop] Gauging interest in official WG adoption ofinternetdrafts As we've discussed offlist, context transfer of keys between ARs has the potential to violate the Housley Critera: http://www.ietf.org/internet-drafts/draft-housley-aaa-key-mgmt-02.txt Russ' draft is written specifically with AAA key management in mind, but the criteria apply to other types of key management as well. => Independently of the draft being discussed, I think it's unrealistic to say that no keys can be transferred. The only alternatives are: a trip to AAA or the use of public keys for each handover. I really don't think either one is better for a handover. However, I'd be open to including them as alternatives. But I certainly wouldn't dismiss CT of keys, I think it's unrealistic. Also, this is what most cellular systems do today, starting from GSM onwards. Hesham I skimmed your draft, and it seemed to me that there might be a problem. Rajeev and I have been working on this draft for over a year, and it was transferred from MOBOPTS with the recommendation that it become a WG draft. If you manage to come up with some way to reduce the amount of signaling involved in SEND-based key exchange for handover that is consistent with the Housley Critera, I would have no problem incorporating that into the WG draft at that time. Gab and Stefano can correct me if I am wrong, but I do not believe we are in a hurry to get this draft to the IESG, so there should be plenty of time to incorporate enhancements that you or any WG member would like to include. jak ----- Original Message ----- From: "Wassim Haddad" <whaddad@tcs.hut.fi> To: "gabriel montenegro" <gabriel_montenegro_2000@yahoo.com> Cc: <mipshop@ietf.org> Sent: Monday, March 27, 2006 12:07 PM Subject: Re: [Mipshop] Gauging interest in official WG adoption of internetdrafts > Hi, > > I support making the first two and the last three items WG items. > Concerning the third item, I'd like to mention that the OptiSEND > proposal (draft-haddad-mipshop-optisend-01), while not complete yet, > allows the MN to share a secret with the *first* AR and to use it to > authenticate ND signaling messages *and* mobility signaling messages > exchanged between an AR and the MN during the MN movements and as > long as the shared secret remains valid. > > > Regards, > > Wassim H. > > > > On Tue, 21 Mar 2006, gabriel montenegro wrote: > >> Folks, >> >> In today's meeting we talked about 4 potential items up for adoption as >> official working >> groups. Talking with folks after the meeting, we've decided to add two >> more to the list >> of items we'll ask the WG whether we should adopt. This is the follow-up >> email to today's >> discussion, to make sure we ask this on the mailing list. >> >> So the question to the WG is: Should we adopt the following documents as >> official WG >> items (based on the individual drafts as noted below)?: >> >> 1. draft-ietf-mipshop-fmipv6-rev-XX.txt >> based on draft-koodli-mipshop-rfc4068bis-00.txt >> >> 2. draft-ietf-mipshop-handover-keys-aaa-XX.txt >> based on draft-vidya-mipshop-handover-keys-aaa-01.txt >> >> 3. draft-ietf-mipshop-handover-key-send-XX.txt >> based on draft-kempf-mobopts-handover-key-01.txt (currently expired) >> >> 4. draft-ietf-mipshop-fh80216e-XX.txt >> based on draft-jang-mipshop-fh80216e-02.txt >> >> 5. draft-ietf-mipshop-3gfh-XX.txt >> based on draft-yokota-mipshop-3gfh-02.txt >> >> 6. draft-ietf-mipshop-cga-cba-XX.txt >> based on draft-arkko-mipshop-cga-cba-03.txt >> >> Please send comments one way or another through April 4, 2006. >> >> Thanks, >> >> chairs >> >> >> __________________________________________________ >> Do You Yahoo!? >> Tired of spam? Yahoo! Mail has the best spam protection around >> http://mail.yahoo.com >> >> _______________________________________________ >> Mipshop mailing list >> Mipshop@ietf.org >> https://www1.ietf.org/mailman/listinfo/mipshop >> >> > > _______________________________________________ > Mipshop mailing list > Mipshop@ietf.org > https://www1.ietf.org/mailman/listinfo/mipshop > _______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop _______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop
_______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop
- [Mipshop] Gauging interest in official WG adoptio… gabriel montenegro
- Re: [Mipshop] Gauging interest in official WG ado… James Kempf
- Re: [Mipshop] Gauging interest in official WG ado… Soohong Daniel Park
- Re: [Mipshop] Gauging interest in official WG ado… Yoshihiro Ohba
- Re: [Mipshop] Gauging interest in official WG ado… Lakshminath Dondeti
- Re: [Mipshop] Gauging interest in official WG ado… Yoshihiro Ohba
- Re: [Mipshop] Gauging interest in official WG ado… Lakshminath Dondeti
- Re: [Mipshop] Gauging interest in official WG ado… Yoshihiro Ohba
- RE: [Mipshop] Gauging interest in official WG ado… Soliman, Hesham
- Re: [Mipshop] Gauging interest in official WG ado… Lakshminath Dondeti
- Re: [Mipshop] Gauging interest in official WG ado… Alexandru Petrescu
- Re: [Mipshop] Gauging interest in official WG ado… Wassim Haddad
- Re: [Mipshop] Gauging interest in official WG ado… James Kempf
- Re: [Mipshop] Gauging interest in official WG ado… James Kempf
- Re: [Mipshop] Gauging interest in official WG ado… Rajeev Koodli
- RE: [Mipshop] Gauging interest in official WG ado… Wassim Haddad
- RE: [Mipshop] Gauging interest in official WG ado… Soliman, Hesham
- Re: [Mipshop] Gauging interest in official WG ado… James Kempf
- Re: [Mipshop] Gauging interest in official WG ado… James Kempf
- Re: [Mipshop] Gauging interest in official WG ado… Wassim Haddad
- Re: [Mipshop] Gauging interest in official WG ado… Yoshihiro Ohba
- RE: [Mipshop] Re: Gauging interest in official WG… stefano.faccin
- OptiSEND and FMIP SEND-based Key Provisioning (wa… James Kempf
- Re: [Mipshop] Gauging interest in official WG ado… Junghoon Jee
- Re: [Mipshop] Gauging interest in official WG ado… Behcet Sarikaya
- [Mipshop] Re: Gauging interest in official WG ado… gabriel montenegro
- Re: [Mipshop] Re: Gauging interest in official WG… Lakshminath Dondeti
- RE: [Mipshop] Re: Gauging interest in official WG… stefano.faccin
- Re: [Mipshop] Re: Gauging interest in official WG… James Kempf
- RE: [Mipshop] Re: Gauging interest in official WG… Lakshminath Dondeti
- RE: [Mipshop] Re: Gauging interest in official WG… Lakshminath Dondeti
- RE: [Mipshop] Re: Gauging interest in official WG… gabriel montenegro
- Re: [Mipshop] Re: Gauging interest in official WG… James Kempf