Re: SEND-based protection and related confusions (was RE: AR compromise (Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
Christian Vogt <chvogt@tm.uka.de> Wed, 02 August 2006 10:46 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G8EFL-00088M-V6; Wed, 02 Aug 2006 06:46:39 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G8EFK-000883-5i for mipshop@ietf.org; Wed, 02 Aug 2006 06:46:38 -0400
Received: from iramx1.ira.uni-karlsruhe.de ([141.3.10.80]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G8EFI-0007JH-M2 for mipshop@ietf.org; Wed, 02 Aug 2006 06:46:38 -0400
Received: from i72ms2.tm.uni-karlsruhe.de ([141.3.70.17] helo=smtp.ipv6.tm.uni-karlsruhe.de) by iramx1.ira.uni-karlsruhe.de with esmtps id 1G8EF8-00007s-UQ; Wed, 02 Aug 2006 12:46:33 +0200
Received: from [IPv6:2001:638:204:6:20c:6eff:fe40:8d95] (archimedes.ipv6.tm.uni-karlsruhe.de [IPv6:2001:638:204:6:20c:6eff:fe40:8d95]) by smtp.ipv6.tm.uni-karlsruhe.de (Postfix) with ESMTP id 4ADE5A60F; Wed, 2 Aug 2006 12:46:26 +0200 (CEST)
Message-ID: <44D08281.6000307@tm.uka.de>
Date: Wed, 02 Aug 2006 12:46:25 +0200
From: Christian Vogt <chvogt@tm.uka.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.5) Gecko/20060725 SUSE/1.5.0.5-0.1 Thunderbird/1.5.0.5 Mnenhy/0.7.4.0
MIME-Version: 1.0
To: Wassim Haddad <whaddad@tcs.hut.fi>
Subject: Re: SEND-based protection and related confusions (was RE: AR compromise (Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
References: <C24CB51D5AA800449982D9BCB90325130A1B82@NAEX13.na.qualcomm.com> <Pine.LNX.4.58.0608021235270.20819@rhea.tcs.hut.fi>
In-Reply-To: <Pine.LNX.4.58.0608021235270.20819@rhea.tcs.hut.fi>
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: -4.5 (----)
X-Spam-Status: No
X-Spam-Report: -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] -0.1 AWL AWL: From: address is in the auto white-list
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cf3becbbd6d1a45acbe2ffd4ab88bdc2
Cc: mipshop@ietf.org
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org
Hi Wassim. > Finally, there is also a draft called OMIPv6_CGA_CBA that you should > start reading because it is based on the same approach (i.e., CGA) > that you may consider also. Although I'm sure you mean this, it's worth emphasizing that draft-arkko-mipshop-cga-cba uses only CGA for IP address ownership verification. It does not use SEND. Just for clarification. Take care, - Christian -- Christian Vogt, Institute of Telematics, Universitaet Karlsruhe (TH) www.tm.uka.de/~chvogt/pubkey/ Wassim Haddad wrote: > On Tue, 1 Aug 2006, Narayanan, Vidya wrote: > >> I want to get a clear understanding myself on what SEND provides >> and what it doesn't. > > => I don't think this is the right ML for that. There are two RFCs > about SEND that you should first start to read then there is another > proposal on securing FMIPv6 which is based on the same approach and > third there is ongoing proposal on optimizing SEND which you should > also consider reading. Finally, there is also a draft called > OMIPv6_CGA_CBA that you should start reading because it is based on > the same approach (i.e., CGA) that you may consider also. > > Now if you don't like (as I told your colleague) any solution based > on SEND because you don't like SEND itself then this is really > unfortunate! > >> I seem to have an understanding that is different from some views >> here. For instance, the following email seems to allude that SEND >> protects against AR compromise. > > => Again this is not the ML to discuss what SEND does and does not. > >> In some previous discussions, I heard the views that once an MN and >> AR use SEND, that link is now secure. Either I am terribly mistaken >> in my reading of RFCs 3756, 3971 and 3972 or these misconceptions >> really need to cleared up, before we build more protocols based on >> SEND. > > => There is a difference between the "link is secure" and building > trust between two entities which enables you to know if a message has > been sent by the same entity or not. This is exactly what enables you > to build on top of such feature. The problem is that when you feel > obliged to accept this one you bring back immediately the "AR > compromise" and we start again! > >> I want to state upfront that I have nothing against enhancing SEND >> to protect other protocols or providing other functionality. > > => I have a strange feeling that it is actually exactly the opposite > and you know very well why. > >> I am only questioning some of the fundamental assumptions being >> made about the protection provided by SEND itself. Here are some >> points that I think are worth getting clarity on. > > => and this is NOT the ML to do that. All what you're trying to do is > misleading the others. > >> 1. SEND protects ND messages only - this does not extend any >> protection whatsoever to any future messages exchanged between the >> MN and any entity in the network, including the AR. > >> 2. SEND itself DOES NOT protect against AR compromises. In fact, >> RFC3756 seems to explicitly bring this to attention in section >> 4.2.3 - "There are currently no known solutions for any of the >> presented three trust models." > > => Add to this that when you compromise an AR there is a list of > attacks that you can do which are much more interesting than what you > are trying to bring to attention in HMIPsec which can lead to simply > denying the MAP service. > >> 2a. In the case of SEND itself, the AR is one of the signaling >> endpoints and nothing can be done about compromise of that. >> >> 2b. In the case of protocols such as HMIP, the AR has no need to be >> involved in the protocol. > > => This is a clear proof that you don't want SEND involved! > > > Regards, > > Wassim H. _______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop
- [Mipshop] Review of draft-haddad-mipship-hmipv6-s… Lakshminath Dondeti
- Re: [Mipshop] Review of draft-haddad-mipship-hmip… Suresh Krishnan
- DH exchange (Re: [Mipshop] Review of draft-haddad… Lakshminath Dondeti
- AR compromise (Re: [Mipshop] Review of draft-hadd… Lakshminath Dondeti
- Re: AR compromise (Re: [Mipshop] Review of draft-… Wassim Haddad
- Re: AR compromise (Re: [Mipshop] Review of draft-… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Suresh Krishnan
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Vijay Devarapalli
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Suresh Krishnan
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Vijay Devarapalli
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Vijay Devarapalli
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- SEND-based protection and related confusions (was… Narayanan, Vidya
- Re: SEND-based protection and related confusions … James Kempf
- Re: SEND-based protection and related confusions … Wassim Haddad
- Re: SEND-based protection and related confusions … Christian Vogt
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Lakshminath Dondeti
- Re: SEND-based protection and related confusions … Wassim Haddad
- Re: DH exchange (Re: [Mipshop] Review of draft-ha… Wassim Haddad
- RE: SEND-based protection and related confusions … Narayanan, Vidya
- RE: SEND-based protection and related confusions … Wassim Haddad
- Re: SEND-based protection and related confusions … Jari Arkko
- Re: SEND-based protection and related confusions … Lakshminath Dondeti
- RE: SEND-based protection and related confusions … Narayanan, Vidya
- RE: SEND-based protection and related confusions … Wassim Haddad
- [Mipshop] How probable is compromise of an AR? (w… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] RE: How probable is compromise of an AR… Wassim Haddad
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Wassim Haddad
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] RE: How probable is compromise of an AR… Narayanan, Vidya
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- RE: [Mipshop] RE: How probable is compromise of a… Wassim Haddad (KI/EAB)
- RE: [Mipshop] Re: How probable is compromise of a… Wassim Haddad (KI/EAB)
- Re: SEND-based protection and related confusions … Jari Arkko
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… James Kempf
- [Mipshop] Re: How probable is compromise of an AR… Lakshminath Dondeti
- [Mipshop] Re: How probable is compromise of an AR… Wassim Haddad
- [Mipshop] What happens if an AR is compromised? (… Lakshminath Dondeti
- [Mipshop] Re: What happens if an AR is compromise… Wassim Haddad
- RE: [Mipshop] Re: What happens if an AR is compro… Narayanan, Vidya