[Mipshop] Re: AD review of draft-ietf-mipshop-handover-key
"James Kempf" <kempf@docomolabs-usa.com> Mon, 29 October 2007 20:20 UTC
Return-path: <mipshop-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Imb6I-0002de-E3; Mon, 29 Oct 2007 16:20:42 -0400
Received: from mipshop by megatron.ietf.org with local (Exim 4.43) id 1Imb5s-0002P4-P9 for mipshop-confirm+ok@megatron.ietf.org; Mon, 29 Oct 2007 16:20:16 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Imb5r-0002O6-0E for mipshop@ietf.org; Mon, 29 Oct 2007 16:20:16 -0400
Received: from key1.docomolabs-usa.com ([216.98.102.225] helo=fridge.docomolabs-usa.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Imb5q-0004Dr-3D for mipshop@ietf.org; Mon, 29 Oct 2007 16:20:14 -0400
Message-ID: <026201c81a69$19887280$576115ac@dcml.docomolabsusa.com>
From: James Kempf <kempf@docomolabs-usa.com>
To: Jari Arkko <jari.arkko@piuha.net>
References: <47260A0A.8030005@piuha.net> <01e801c81a4a$29352530$576115ac@dcml.docomolabsusa.com> <47260EF1.8000605@piuha.net>
Date: Mon, 29 Oct 2007 13:20:08 -0700
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Spam-Score: -97.2 (---------------------------------------------------)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Cc: Mipshop <mipshop@ietf.org>, draft-ietf-mipshop-handover-key@tools.ietf.org
Subject: [Mipshop] Re: AD review of draft-ietf-mipshop-handover-key
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org
This is very problematic. If I understand this correctly, it means that
the MN can pick a key pair and address and defend them in the
RtPrSol, but is unable to do so for regular ND operations on the
link. And you need to use ND operations on the link. Also, at
the same time any use of the given care of address with CGA
based techniques (SHIM6, RFC 4866) becomes impossible.
Did I get this correctly? If yes, I think we need to do something
about it.
jak>> No, that is not the case. The intent is that the MN uses SEND NS/NA to
defend the address, generates the address with the SEND public key, then
uses the CGA as a source address in the RtPrSol . The signature on the
RtPrSol ensure that the message came from the claimed address. The handover
key encryption public key is included for the router to use only in
encrypting the return key. In effect, the use of the CGA and SEND signature
on the RtPrSol is no different than it would be on, for example, RS.
jak>> It is not the intent of handover keys to provide an alternate
mechanism for claiming and defending an address. The CGA must be one that is
generated with the SEND key and defended in the usual SEND fashion.
jak>> If this is not clear from the current text, then perhaps you can
suggest a place where some additional text could be added to clarify?
Is the RSA vulnerability an issue for the key in question? What
if there was key pair P that was used to derive the care of address,
and to certify key pair Q. Both P and Q were included in RtPrSol,
and only Q would be used for encryption in RtPrAdv? But I'm
just thinking aloud here...
jak>> The RSA vulnerability is only an issue if the same key pair is used
for encryption and authentication, regardless of the key pair. The reason
why we changed the design to use a different key from the SEND key was
because of this vulnerability.
jak>> I suppose we could use both keys to generate the address, but that
would change SEND, and I don't see any need for it. As long as the router
has cryptographic assurance that the RtPrSol originated from the claimed
source address and that the originator is the owner of that source address
(which is provided by the CGA and SEND signature) then it can couple the
shared handover key to the address. The encryption key is just used for
security on the transport of the shared handover key, it plays no other
role. Or am I missing something?
No. I don't remember if RFC 4866 had something similar, you may
want to copy from there if it did.
jak>> OK, I'll check that.
jak
_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… James Kempf
- [Mipshop] AD review of draft-ietf-mipshop-handove… Jari Arkko
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… James Kempf
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… Jari Arkko
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… James Kempf
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… Jari Arkko
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… James Kempf
- Re: [Mipshop] Re: AD review of draft-ietf-mipshop… Vijay Devarapalli
- Re: [Mipshop] Re: AD review of draft-ietf-mipshop… James Kempf
- Re: [Mipshop] Re: AD review of draft-ietf-mipshop… Jari Arkko
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… Jari Arkko