[Mipshop] Re: AD review of draft-ietf-mipshop-handover-key
"James Kempf" <kempf@docomolabs-usa.com> Mon, 29 October 2007 20:20 UTC
Return-path: <mipshop-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Imb6I-0002de-E3; Mon, 29 Oct 2007 16:20:42 -0400
Received: from mipshop by megatron.ietf.org with local (Exim 4.43) id 1Imb5s-0002P4-P9 for mipshop-confirm+ok@megatron.ietf.org; Mon, 29 Oct 2007 16:20:16 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Imb5r-0002O6-0E for mipshop@ietf.org; Mon, 29 Oct 2007 16:20:16 -0400
Received: from key1.docomolabs-usa.com ([216.98.102.225] helo=fridge.docomolabs-usa.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Imb5q-0004Dr-3D for mipshop@ietf.org; Mon, 29 Oct 2007 16:20:14 -0400
Message-ID: <026201c81a69$19887280$576115ac@dcml.docomolabsusa.com>
From: James Kempf <kempf@docomolabs-usa.com>
To: Jari Arkko <jari.arkko@piuha.net>
References: <47260A0A.8030005@piuha.net> <01e801c81a4a$29352530$576115ac@dcml.docomolabsusa.com> <47260EF1.8000605@piuha.net>
Date: Mon, 29 Oct 2007 13:20:08 -0700
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Spam-Score: -97.2 (---------------------------------------------------)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Cc: Mipshop <mipshop@ietf.org>, draft-ietf-mipshop-handover-key@tools.ietf.org
Subject: [Mipshop] Re: AD review of draft-ietf-mipshop-handover-key
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org
This is very problematic. If I understand this correctly, it means that the MN can pick a key pair and address and defend them in the RtPrSol, but is unable to do so for regular ND operations on the link. And you need to use ND operations on the link. Also, at the same time any use of the given care of address with CGA based techniques (SHIM6, RFC 4866) becomes impossible. Did I get this correctly? If yes, I think we need to do something about it. jak>> No, that is not the case. The intent is that the MN uses SEND NS/NA to defend the address, generates the address with the SEND public key, then uses the CGA as a source address in the RtPrSol . The signature on the RtPrSol ensure that the message came from the claimed address. The handover key encryption public key is included for the router to use only in encrypting the return key. In effect, the use of the CGA and SEND signature on the RtPrSol is no different than it would be on, for example, RS. jak>> It is not the intent of handover keys to provide an alternate mechanism for claiming and defending an address. The CGA must be one that is generated with the SEND key and defended in the usual SEND fashion. jak>> If this is not clear from the current text, then perhaps you can suggest a place where some additional text could be added to clarify? Is the RSA vulnerability an issue for the key in question? What if there was key pair P that was used to derive the care of address, and to certify key pair Q. Both P and Q were included in RtPrSol, and only Q would be used for encryption in RtPrAdv? But I'm just thinking aloud here... jak>> The RSA vulnerability is only an issue if the same key pair is used for encryption and authentication, regardless of the key pair. The reason why we changed the design to use a different key from the SEND key was because of this vulnerability. jak>> I suppose we could use both keys to generate the address, but that would change SEND, and I don't see any need for it. As long as the router has cryptographic assurance that the RtPrSol originated from the claimed source address and that the originator is the owner of that source address (which is provided by the CGA and SEND signature) then it can couple the shared handover key to the address. The encryption key is just used for security on the transport of the shared handover key, it plays no other role. Or am I missing something? No. I don't remember if RFC 4866 had something similar, you may want to copy from there if it did. jak>> OK, I'll check that. jak _______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… James Kempf
- [Mipshop] AD review of draft-ietf-mipshop-handove… Jari Arkko
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… James Kempf
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… Jari Arkko
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… James Kempf
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… Jari Arkko
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… James Kempf
- Re: [Mipshop] Re: AD review of draft-ietf-mipshop… Vijay Devarapalli
- Re: [Mipshop] Re: AD review of draft-ietf-mipshop… James Kempf
- Re: [Mipshop] Re: AD review of draft-ietf-mipshop… Jari Arkko
- [Mipshop] Re: AD review of draft-ietf-mipshop-han… Jari Arkko