[Mobopts] Comments on draft-kempf-mobopts-ringsig-ndproxy-02.txt
Jari Arkko <jari.arkko@kolumbus.fi> Wed, 24 August 2005 11:18 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7tH3-0005zt-IY; Wed, 24 Aug 2005 07:18:30 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7tH2-0005zo-9n for mobopts@megatron.ietf.org; Wed, 24 Aug 2005 07:18:28 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA13519 for <mobopts@irtf.org>; Wed, 24 Aug 2005 07:18:27 -0400 (EDT)
Received: from p130.piuha.net ([193.234.218.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E7tHI-0004A8-TA for mobopts@irtf.org; Wed, 24 Aug 2005 07:18:47 -0400
Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130]) by p130.piuha.net (Postfix) with ESMTP id 4D7CD89852; Wed, 24 Aug 2005 14:17:59 +0300 (EEST)
Message-ID: <430C5772.7090905@kolumbus.fi>
Date: Wed, 24 Aug 2005 14:18:10 +0300
From: Jari Arkko <jari.arkko@kolumbus.fi>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: James Kempf <kempf@docomolabs-usa.com>
References: <E1E7emX-00033A-MO@newodin.ietf.org>
In-Reply-To: <E1E7emX-00033A-MO@newodin.ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 2.4 (++)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
Content-Transfer-Encoding: 7bit
Cc: mobopts@irtf.org
Subject: [Mobopts] Comments on draft-kempf-mobopts-ringsig-ndproxy-02.txt
X-BeenThere: mobopts@irtf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Mobility Optimizations <mobopts.irtf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=unsubscribe>
List-Post: <mailto:mobopts@irtf.org>
List-Help: <mailto:mobopts-request@irtf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=subscribe>
Sender: mobopts-bounces@irtf.org
Errors-To: mobopts-bounces@irtf.org
Hi James, I read the draft... I liked it a lot, a very nice scheme for a hard problem! Some comments and questions, though: > Prior to verifying the CGA or signature, the verifying node MUST > check that the router public key in the CGA Parameters Option matches > a certified public key from a router on the link. This step assures > that the keys used in signing the signature are both legitimate > members of the group, which in this case consists of the node owning > the address and a certified router on the link. If this step is not > taken, an attacker not authorized to route can sign a message with > its own key and the victim node's public key, then claim to securely > proxy the address on the victim's behalf. > > I don't see how this attack could be done, because if both keys are a part of the CGA parameters then changing either one will change the address. Of course, you may still want to check that the proxy is a legitimate proxy from your point of view. Just because the peer delegated the responsibility to someone may not imply that you want to trust that someone. But this appears to be a different issue than the one that you talk about above. > If a multi-CGA capable node receives a message with a standard RFC > 3971 RSA Signature Option but the CGA Parameters Option contains an > RST Ring Signature Key Suboption, the node SHOULD ignore the RST Ring > Signature Option and treat the message like a standard RFC 3791 SEND- > secured message. The node SHOULD use the standard RSA signature > verification algorithm and the key in the Public Key Field of the CGA > Parameters Option to verify the signature. > > Ignore? As in delete it from the contents of the CGA Parameters Option, or keep it there but not do anything special for it? > concat-val = SHA1(pk(1) | pk(2) | ... | pk(n) ) > Is this necessary, if the other keys are in the CGA parameters block? They would be included as input for the same output value from Step 2 of RFC 3971 Section 4 algorithm, as far as I can see. > The Secure Proxy Mobility Option has the following format: Is there a need to include other information that is used in the calculation of the final address, such as the modifier? Editorial: > and 6 in Section 5. In both steps, instead of calculating the has > s/has/hash/ --Jari _______________________________________________ Mobopts mailing list Mobopts@irtf.org https://www1.ietf.org/mailman/listinfo/mobopts
- [Mobopts] Comments on draft-kempf-mobopts-ringsig… Jari Arkko
- [Mobopts] Re: Comments on draft-kempf-mobopts-rin… James Kempf
- [Mobopts] Re: Comments on draft-kempf-mobopts-rin… Jari Arkko
- [Mobopts] Re: Comments on draft-kempf-mobopts-rin… James Kempf
- Re: [Mobopts] Re: Comments on draft-kempf-mobopts… Jari Arkko