[Mipshop] What happens if an AR is compromised? (Re: How probable is compromise of an AR?)
Lakshminath Dondeti <ldondeti@qualcomm.com> Tue, 22 August 2006 09:09 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFSGi-0003Ua-6u; Tue, 22 Aug 2006 05:09:56 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFSGg-0003UU-4v for mipshop@ietf.org; Tue, 22 Aug 2006 05:09:54 -0400
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFSGe-0003Ud-R8 for mipshop@ietf.org; Tue, 22 Aug 2006 05:09:54 -0400
Received: from neophyte.qualcomm.com (neophyte.qualcomm.com [129.46.61.149]) by ithilien.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id k7M99l2a012449 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 22 Aug 2006 02:09:47 -0700
Received: from LDONDETI.qualcomm.com (qconnect-10-50-72-125.qualcomm.com [10.50.72.125]) by neophyte.qualcomm.com (8.13.6/8.13.6/1.0) with ESMTP id k7M99hED014540 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 22 Aug 2006 02:09:45 -0700 (PDT)
Message-Id: <7.0.1.0.2.20060822165636.04c09428@qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Tue, 22 Aug 2006 17:09:44 +0800
To: Wassim Haddad <whaddad@tcs.hut.fi>
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
In-Reply-To: <Pine.LNX.4.58.0608221128510.17515@rhea.tcs.hut.fi>
References: <C24CB51D5AA800449982D9BCB903251311A89F@NAEX13.na.qualcomm.com> <019401c6c23e$b6a7f7e0$5e6015ac@dcml.docomolabsusa.com> <7.0.1.0.2.20060818030914.06ea7eb0@qualcomm.com> <02c101c6c2e4$b73a2150$5e6015ac@dcml.docomolabsusa.com> <7.0.1.0.2.20060819094759.078d3650@qualcomm.com> <02fd01c6c567$3d71cf50$636015ac@dcml.docomolabsusa.com> <Pine.LNX.4.58.0608221128510.17515@rhea.tcs.hut.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: mipshop@ietf.org
Subject: [Mipshop] What happens if an AR is compromised? (Re: How probable is compromise of an AR?)
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org
Wassim, I think using an AR for HMIP key management increases the impact of compromise of the AR (I have explained how in my previous emails). You seem to think otherwise. So, I have a request for you: Please provide a comparative threat analysis assuming an AR is vulnerable to compromise between the following two cases: 1) assume IKE (4140's suggestion) as the key management protocol for HMIP. 2) assume the protocol in draft-haddad-mipshop-hmipv6-security-06 as the solution. Perhaps you might also add Vidya's suggestion of CGA-authenticated IKE as the solution into the mix and perform the analysis. Looking forward to hearing from you. thanks, Lakshminath At 04:49 PM 8/22/2006, Wassim Haddad wrote: >On Mon, 21 Aug 2006, James Kempf wrote: > > > Right. Securing the paths won't reduce threat of node compromise, however. > >=> I don't think anyone disagree with this. > > > That's where physical security comes in, > >=> And its existence cannot be ignored especially that the amount of >damage caused by an AR compromise is by far larger than the scope of >HMIPsec. > > >Wassim H. _______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop
- [Mipshop] Review of draft-haddad-mipship-hmipv6-s… Lakshminath Dondeti
- Re: [Mipshop] Review of draft-haddad-mipship-hmip… Suresh Krishnan
- DH exchange (Re: [Mipshop] Review of draft-haddad… Lakshminath Dondeti
- AR compromise (Re: [Mipshop] Review of draft-hadd… Lakshminath Dondeti
- Re: AR compromise (Re: [Mipshop] Review of draft-… Wassim Haddad
- Re: AR compromise (Re: [Mipshop] Review of draft-… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Suresh Krishnan
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Vijay Devarapalli
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Suresh Krishnan
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Vijay Devarapalli
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Vijay Devarapalli
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- SEND-based protection and related confusions (was… Narayanan, Vidya
- Re: SEND-based protection and related confusions … James Kempf
- Re: SEND-based protection and related confusions … Wassim Haddad
- Re: SEND-based protection and related confusions … Christian Vogt
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: SEND-based protection and related confusions … Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- RE: SEND-based protection and related confusions … Narayanan, Vidya
- RE: SEND-based protection and related confusions … Wassim Haddad
- Re: SEND-based protection and related confusions … Jari Arkko
- Re: SEND-based protection and related confusions … Lakshminath Dondeti
- RE: SEND-based protection and related confusions … Narayanan, Vidya
- RE: SEND-based protection and related confusions … Wassim Haddad
- [Mipshop] How probable is compromise of an AR? (w… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] RE: How probable is compromise of an AR… Wassim Haddad
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Wassim Haddad
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- RE: [Mipshop] RE: How probable is compromise of a… Wassim Haddad (KI/EAB)
- RE: [Mipshop] Re: How probable is compromise of a… Wassim Haddad (KI/EAB)
- Re: SEND-based protection and related confusions … Jari Arkko
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Wassim Haddad
- [Mipshop] What happens if an AR is compromised? (… Lakshminath Dondeti
- [Mipshop] Re: What happens if an AR is compromise… Wassim Haddad
- RE: [Mipshop] Re: What happens if an AR is compro… Narayanan, Vidya