RE: [Mipshop] Gauging interest in official WG adoptionofinternetdrafts

[Wassim Haddad <whaddad@tcs.hut.fi>]

On Mon, 27 Mar 2006, Soliman, Hesham wrote:

>
> Public key crypto is not in the critical path for handover. The SEND draft
> specifies that public key crypto be used for key distribution, not handover
> message authentication. Or was there some other problem you see with the
> SEND draft?
>
> => Well, the key distribution would need to be repeated every time you
> move unless you CT keys right?

=> This is why I am not sure about it. I mean on one one side, we are trying
to eliminate the use of CGA in OptiSEND as much as possible and IMHO we'll
achieve this goal. And OTOS, we're bringing CGA back *just* for generating
a "handoff key" while we have a symmetric key generated in OptiSEND, which
can be used for different purposes including handoff signaling!


Regards,

Wassim H.


> Regarding whether context transfer of keys should be used or not, you need
> to take up that issue with the SAAG. I think it is fair to say that,
> regardless of deployment, they have a low opinion of it.
>
> => With all respect to SAAG, I think they're being inflexible about this
> and the reasons are not that clear. This is a problem in more than one
> aspect of security in IETF. Everything is being done in isolation without
> providing flexibility for complementing aspects of deployment or even
> describing when things can be "worked around" in a safe manner.
>
>
> Internet standards are targetted at a somewhat broader set
> of deployment scenerios, which, I think, would be Russ' argument against
> context transfer of keys in an Internet standard.
>
> => Sure, but it's strange IMO to limit everything else by assuming that
> the *only* mode of operation is the one that requires 100% security of
> each protocol independently of the deployment scenario. That's what SHOULDs
> are for, as opposed to MUSTs.
>
> Hesham
>
>
>             jak
>
> ----- Original Message -----
> From: "Soliman, Hesham" <hsoliman@qualcomm.com>
> To: "James Kempf" <kempf@docomolabs-usa.com>; "Wassim Haddad"
> <whaddad@tcs.hut.fi>; "gabriel montenegro"
> <gabriel_montenegro_2000@yahoo.com>
> Cc: <mipshop@ietf.org>
> Sent: Monday, March 27, 2006 2:32 PM
> Subject: RE: [Mipshop] Gauging interest in official WG adoption
> ofinternetdrafts
>
>
>
>
>
>
> As we've discussed offlist, context transfer of keys between ARs has the
> potential to violate the Housley Critera:
>
> http://www.ietf.org/internet-drafts/draft-housley-aaa-key-mgmt-02.txt
>
> Russ' draft is written specifically with AAA key management in mind, but the
> criteria apply to other types of key management as well.
>
> => Independently of the draft being discussed, I think it's unrealistic
> to say that no keys can be transferred. The only alternatives are: a trip to
> AAA
> or the use of public keys for each handover. I really don't think either one
> is
> better for a handover. However, I'd be open to including them as
> alternatives.
> But I certainly wouldn't dismiss CT of keys, I think it's unrealistic. Also,
> this is what most cellular systems do today, starting from GSM onwards.
>
> Hesham
>
>
>
> I skimmed your
> draft, and it seemed to me that there might be a problem.
>
> Rajeev and I have been working on this draft for over a year, and it was
> transferred from MOBOPTS with the recommendation that it become a WG draft.
> If you manage to come up with some way to reduce the amount of signaling
> involved in SEND-based key exchange for handover that is consistent with the
> Housley Critera, I would have no problem incorporating that into the WG
> draft at that time. Gab and Stefano can correct me if I am wrong, but I do
> not believe we are in a hurry to get this draft to the IESG, so there should
> be plenty of time to incorporate enhancements that you or any WG member
> would like to include.
>
>             jak
>
>
> ----- Original Message -----
> From: "Wassim Haddad" <whaddad@tcs.hut.fi>
> To: "gabriel montenegro" <gabriel_montenegro_2000@yahoo.com>
> Cc: <mipshop@ietf.org>
> Sent: Monday, March 27, 2006 12:07 PM
> Subject: Re: [Mipshop] Gauging interest in official WG adoption of
> internetdrafts
>
>
> > Hi,
> >
> > I support making the first two and the last three items WG items.
> > Concerning the third item, I'd like to mention that the OptiSEND
> > proposal (draft-haddad-mipshop-optisend-01), while not complete yet,
> > allows the MN to share a secret with the *first* AR and to use it to
> > authenticate ND signaling messages *and* mobility signaling messages
> > exchanged between an AR and the MN during the MN movements and as
> > long as the shared secret remains valid.
> >
> >
> > Regards,
> >
> > Wassim H.
> >
> >
> >
> > On Tue, 21 Mar 2006, gabriel montenegro wrote:
> >
> >> Folks,
> >>
> >> In today's meeting we talked about 4 potential items up for adoption as
> >> official working
> >> groups. Talking with folks after the meeting, we've decided to add two
> >> more to the list
> >> of items we'll ask the WG whether we should adopt. This is the follow-up
> >> email to today's
> >> discussion, to make sure we ask this on the mailing list.
> >>
> >> So the question to the WG is: Should we adopt the following documents as
> >> official WG
> >> items (based on the individual drafts as noted below)?:
> >>
> >> 1. draft-ietf-mipshop-fmipv6-rev-XX.txt
> >> based on draft-koodli-mipshop-rfc4068bis-00.txt
> >>
> >> 2. draft-ietf-mipshop-handover-keys-aaa-XX.txt
> >> based on  draft-vidya-mipshop-handover-keys-aaa-01.txt
> >>
> >> 3. draft-ietf-mipshop-handover-key-send-XX.txt
> >> based on draft-kempf-mobopts-handover-key-01.txt (currently expired)
> >>
> >> 4. draft-ietf-mipshop-fh80216e-XX.txt
> >> based on draft-jang-mipshop-fh80216e-02.txt
> >>
> >> 5. draft-ietf-mipshop-3gfh-XX.txt
> >> based on draft-yokota-mipshop-3gfh-02.txt
> >>
> >> 6. draft-ietf-mipshop-cga-cba-XX.txt
> >> based on draft-arkko-mipshop-cga-cba-03.txt
> >>
> >> Please send comments one way or another through April 4, 2006.
> >>
> >> Thanks,
> >>
> >> chairs
> >>
> >>
> >> __________________________________________________
> >> Do You Yahoo!?
> >> Tired of spam?  Yahoo! Mail has the best spam protection around
> >> http://mail.yahoo.com
> >>
> >> _______________________________________________
> >> Mipshop mailing list
> >> Mipshop@ietf.org
> >> https://www1.ietf.org/mailman/listinfo/mipshop
> >>
> >>
> >
> > _______________________________________________
> > Mipshop mailing list
> > Mipshop@ietf.org
> > https://www1.ietf.org/mailman/listinfo/mipshop
> >
>
>
>
> _______________________________________________
> Mipshop mailing list
> Mipshop@ietf.org
> https://www1.ietf.org/mailman/listinfo/mipshop
>
>
>
>
> _______________________________________________
> Mipshop mailing list
> Mipshop@ietf.org
> https://www1.ietf.org/mailman/listinfo/mipshop
>
>

_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop