IETF Logo Mail Archive

[Mipshop] Re: Comments on draft-ietf-mipshop-handover-key-01.txt

"James Kempf" <kempf@docomolabs-usa.com> Tue, 18 September 2007 20:25 UTC

Return-path: <mipshop-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IXjcz-00025y-JR; Tue, 18 Sep 2007 16:25:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IXjcx-00022h-VA for mipshop@ietf.org; Tue, 18 Sep 2007 16:24:59 -0400
Received: from key1.docomolabs-usa.com ([216.98.102.225] helo=fridge.docomolabs-usa.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IXjcm-0001Qf-Ks for mipshop@ietf.org; Tue, 18 Sep 2007 16:24:54 -0400
Message-ID: <051901c7fa31$e965c190$576115ac@dcml.docomolabsusa.com>
From: James Kempf <kempf@docomolabs-usa.com>
To: Vijay Devarapalli <vijay.devarapalli@azairenet.com>, mipshop@ietf.org, "Koodli Rajeev (NSN - US/Palo Alto)" <rajeev.koodli@nsn.com>
References: <46F01B32.1010708@azairenet.com>
Date: Tue, 18 Sep 2007 13:24:27 -0700
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Spam-Score: -97.2 (---------------------------------------------------)
X-Scan-Signature: 2857c5c041d6c02d7181d602c22822c8
Cc:
Subject: [Mipshop] Re: Comments on draft-ietf-mipshop-handover-key-01.txt
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org

Hi Vijay,

Responses  below (jak>>).

There is some confusion in the document about two different options,
"Handover Key Encryption public key option" and "Handover Key Request
Option". Both are used in the text. But in section 4, there is only the
Handover Key Request Option defined.

jak>> Ah, right, I forgot to change the text everywhere.

In section 4.1, you should have a field that tells what the length of
the key is rather than what how much padding has been added. Since the
"Length" field is a multiple of 8 octets, you know how much padding has
been added based on the length of other fields. If the key length is
fixed, then again you know much padding has been added. So in both
cases, you don't need the "Pad Length" field.

jak>> This is how it was done with SEND. The advantage of this is
that the field can be only 8 bits instead of 16 and thereby allow an
arbitrary sized key.

In section 4.2, the field "Key Hash" is not shown as a 128-bit field in
the figure. Suggested change

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |  Pad Length   |  AT   |Resrvd.|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                                                               +
   |                                                               |
   +                           Key Hash                            +
   |                                                               |
   +                                                               +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                                                               |
   .                                                               .
   .                    Encrypted Handover Key                     .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                                                               .
   .                           Padding                             .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Again, I don't think you need the "Pad Length" field.

jak>> Per the discussion with Julian, the Key Hash is unnecessary if the
SEND nonce is included, which it must be for anti-replay protection. So
I've dropped the Key Hash.

In section 1, replace

>  The message exchange between the MN and AR
>  to provision the key is required to be protected by SEND;

with

    The message exchange between the MN and AR
    to provision the handover key is required to be protected by SEND;

jak>> OK.

I am confused by the following text

>      If the AR does not respond to the PrRtSol, as would be the case if
>      the proxy router functionality is not deployed, the MN MAY include
>      the Handover Key Request option in a standard IPv6 SEND-protected
>      Router Solicitation (RS) instead [RFC2461].

If the AR does not respond to PrRtSol, is it compliant to 4068bis? I saw
the exchange with Julien. I agree that exchanging the neighborhood
information is optional, but responding to a Proxy Router Solicitation
for a mobile node is not option. The access router must respond with
whatever information it has, right?

jak>> Right, I believe that PrRtSol/PrRtAdv is optional to deploy. If it not 
deployed, there will be no PrRtAdv response if the MN deploys it and sends 
the PrRtSol but the AR does not. If neither do, then the MN would just use 
the RS/RA from the start.

jak>> Dunno about this. The FMIP spec says nothing about how this 
optionality should be handled. There is no recommendation of a configuration 
variable or anything on the MN to indicate whether it is deployed, nor any 
indication from the router if it deploys the PrRt methods which would let 
the MN decide which to send. So there is not much we can do in this spec 
with respect to providing guidance about how to do the key exchange if the 
PrRtSol/PrRtAdv is not deployed, except to say that if the MN doesn't get a 
response, it should try something different.

jak>> Any suggestions about how to fix this?

In section 3.7

>      HKEPK-HANDOVERS:  The maximum number of handovers for which the
>                         handover key encryption public key should be
>                         reused. Default is 10.

Just curious, why 10?

jak>> I did not do an extensive analysis on probability of cracking the RSA 
key to come up with the number. Is there another number you think would be 
more appropriate?

                       jak



_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop

v2.23.0 | Report a Bug | By Email