Re: SEND-based protection and related confusions (was RE: AR compromise (Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
Wassim Haddad <whaddad@tcs.hut.fi> Wed, 02 August 2006 12:23 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G8Fl5-0004UZ-0J; Wed, 02 Aug 2006 08:23:31 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G8Fl3-0004UU-P8 for mipshop@ietf.org; Wed, 02 Aug 2006 08:23:29 -0400
Received: from neon.tcs.hut.fi ([130.233.215.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G8Fl2-00039p-9Q for mipshop@ietf.org; Wed, 02 Aug 2006 08:23:29 -0400
Received: from rhea.tcs.hut.fi (rhea.tcs.hut.fi [130.233.215.147]) by neon.tcs.hut.fi (Postfix) with ESMTP id A2E09800A43; Wed, 2 Aug 2006 15:23:27 +0300 (EEST)
Date: Wed, 02 Aug 2006 15:23:27 +0300
From: Wassim Haddad <whaddad@tcs.hut.fi>
To: Christian Vogt <chvogt@tm.uka.de>
Subject: Re: SEND-based protection and related confusions (was RE: AR compromise (Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
In-Reply-To: <44D08281.6000307@tm.uka.de>
Message-ID: <Pine.LNX.4.58.0608021522100.21207@rhea.tcs.hut.fi>
References: <C24CB51D5AA800449982D9BCB90325130A1B82@NAEX13.na.qualcomm.com> <Pine.LNX.4.58.0608021235270.20819@rhea.tcs.hut.fi> <44D08281.6000307@tm.uka.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a87a9cdae4ac5d3fbeee75cd0026d632
Cc: mipshop@ietf.org
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org
Hi Christian, On Wed, 2 Aug 2006, Christian Vogt wrote: > > Finally, there is also a draft called OMIPv6_CGA_CBA that you should > > start reading because it is based on the same approach (i.e., CGA) > > that you may consider also. > > Although I'm sure you mean this, it's worth emphasizing that > draft-arkko-mipshop-cga-cba uses only CGA for IP address ownership > verification. It does not use SEND. > > Just for clarification. => yes that's was my intention. Thanks for the note! Cheers, Wassim H. > > Wassim Haddad wrote: > > On Tue, 1 Aug 2006, Narayanan, Vidya wrote: > > > >> I want to get a clear understanding myself on what SEND provides > >> and what it doesn't. > > > > => I don't think this is the right ML for that. There are two RFCs > > about SEND that you should first start to read then there is another > > proposal on securing FMIPv6 which is based on the same approach and > > third there is ongoing proposal on optimizing SEND which you should > > also consider reading. Finally, there is also a draft called > > OMIPv6_CGA_CBA that you should start reading because it is based on > > the same approach (i.e., CGA) that you may consider also. > > > > Now if you don't like (as I told your colleague) any solution based > > on SEND because you don't like SEND itself then this is really > > unfortunate! > > > >> I seem to have an understanding that is different from some views > >> here. For instance, the following email seems to allude that SEND > >> protects against AR compromise. > > > > => Again this is not the ML to discuss what SEND does and does not. > > > >> In some previous discussions, I heard the views that once an MN and > >> AR use SEND, that link is now secure. Either I am terribly mistaken > >> in my reading of RFCs 3756, 3971 and 3972 or these misconceptions > >> really need to cleared up, before we build more protocols based on > >> SEND. > > > > => There is a difference between the "link is secure" and building > > trust between two entities which enables you to know if a message has > > been sent by the same entity or not. This is exactly what enables you > > to build on top of such feature. The problem is that when you feel > > obliged to accept this one you bring back immediately the "AR > > compromise" and we start again! > > > >> I want to state upfront that I have nothing against enhancing SEND > >> to protect other protocols or providing other functionality. > > > > => I have a strange feeling that it is actually exactly the opposite > > and you know very well why. > > > >> I am only questioning some of the fundamental assumptions being > >> made about the protection provided by SEND itself. Here are some > >> points that I think are worth getting clarity on. > > > > => and this is NOT the ML to do that. All what you're trying to do is > > misleading the others. > > > >> 1. SEND protects ND messages only - this does not extend any > >> protection whatsoever to any future messages exchanged between the > >> MN and any entity in the network, including the AR. > > > >> 2. SEND itself DOES NOT protect against AR compromises. In fact, > >> RFC3756 seems to explicitly bring this to attention in section > >> 4.2.3 - "There are currently no known solutions for any of the > >> presented three trust models." > > > > => Add to this that when you compromise an AR there is a list of > > attacks that you can do which are much more interesting than what you > > are trying to bring to attention in HMIPsec which can lead to simply > > denying the MAP service. > > > >> 2a. In the case of SEND itself, the AR is one of the signaling > >> endpoints and nothing can be done about compromise of that. > >> > >> 2b. In the case of protocols such as HMIP, the AR has no need to be > >> involved in the protocol. > > > > => This is a clear proof that you don't want SEND involved! > > > > > > Regards, > > > > Wassim H. > > > > _______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop
- [Mipshop] Review of draft-haddad-mipship-hmipv6-s… Lakshminath Dondeti
- Re: [Mipshop] Review of draft-haddad-mipship-hmip… Suresh Krishnan
- DH exchange (Re: [Mipshop] Review of draft-haddad… Lakshminath Dondeti
- AR compromise (Re: [Mipshop] Review of draft-hadd… Lakshminath Dondeti
- Re: AR compromise (Re: [Mipshop] Review of draft-… Wassim Haddad
- Re: AR compromise (Re: [Mipshop] Review of draft-… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Suresh Krishnan
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Vijay Devarapalli
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Suresh Krishnan
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Vijay Devarapalli
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Vijay Devarapalli
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- SEND-based protection and related confusions (was… Narayanan, Vidya
- Re: SEND-based protection and related confusions … James Kempf
- Re: SEND-based protection and related confusions … Wassim Haddad
- Re: SEND-based protection and related confusions … Christian Vogt
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: SEND-based protection and related confusions … Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- RE: SEND-based protection and related confusions … Narayanan, Vidya
- RE: SEND-based protection and related confusions … Wassim Haddad
- Re: SEND-based protection and related confusions … Jari Arkko
- Re: SEND-based protection and related confusions … Lakshminath Dondeti
- RE: SEND-based protection and related confusions … Narayanan, Vidya
- RE: SEND-based protection and related confusions … Wassim Haddad
- [Mipshop] How probable is compromise of an AR? (w… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] RE: How probable is compromise of an AR… Wassim Haddad
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Wassim Haddad
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- RE: [Mipshop] RE: How probable is compromise of a… Wassim Haddad (KI/EAB)
- RE: [Mipshop] Re: How probable is compromise of a… Wassim Haddad (KI/EAB)
- Re: SEND-based protection and related confusions … Jari Arkko
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Wassim Haddad
- [Mipshop] What happens if an AR is compromised? (… Lakshminath Dondeti
- [Mipshop] Re: What happens if an AR is compromise… Wassim Haddad
- RE: [Mipshop] Re: What happens if an AR is compro… Narayanan, Vidya