[Mobopts] Re: Comments on draft-kempf-mobopts-ringsig-ndproxy-02.txt
Jari Arkko <jari.arkko@kolumbus.fi> Wed, 24 August 2005 17:54 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7zRo-0001wz-OV; Wed, 24 Aug 2005 13:54:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7zRn-0001wu-TB for mobopts@megatron.ietf.org; Wed, 24 Aug 2005 13:53:59 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08409 for <mobopts@irtf.org>; Wed, 24 Aug 2005 13:53:59 -0400 (EDT)
Received: from p130.piuha.net ([193.234.218.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E7zS7-0001Pn-96 for mobopts@irtf.org; Wed, 24 Aug 2005 13:54:22 -0400
Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130]) by p130.piuha.net (Postfix) with ESMTP id 5BD1889852; Wed, 24 Aug 2005 20:53:42 +0300 (EEST)
Message-ID: <430CB431.3010905@kolumbus.fi>
Date: Wed, 24 Aug 2005 20:53:53 +0300
From: Jari Arkko <jari.arkko@kolumbus.fi>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: James Kempf <Kempf@docomolabs-usa.com>
References: <E1E7emX-00033A-MO@newodin.ietf.org> <430C5772.7090905@kolumbus.fi> <027501c5a8cf$e65abc90$196115ac@dcml.docomolabsusa.com>
In-Reply-To: <027501c5a8cf$e65abc90$196115ac@dcml.docomolabsusa.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 2.4 (++)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5
Content-Transfer-Encoding: 7bit
Cc: mobopts@irtf.org
Subject: [Mobopts] Re: Comments on draft-kempf-mobopts-ringsig-ndproxy-02.txt
X-BeenThere: mobopts@irtf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Mobility Optimizations <mobopts.irtf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=unsubscribe>
List-Post: <mailto:mobopts@irtf.org>
List-Help: <mailto:mobopts-request@irtf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=subscribe>
Sender: mobopts-bounces@irtf.org
Errors-To: mobopts-bounces@irtf.org
James Kempf wrote: >>> If a multi-CGA capable node receives a message with a >>> standard RFC 3971 RSA Signature Option but the CGA Parameters Option >>> contains an RST Ring Signature Key Suboption, the node SHOULD ignore >>> the RST Ring Signature Option and treat the message like a standard >>> RFC 3791 SEND- >>> secured message. The node SHOULD use the standard RSA >>> signature verification algorithm and the key in the Public Key Field >>> of the CGA Parameters Option to verify the signature. >> >> Ignore? As in delete it from the contents of the CGA Parameters >> Option, or keep it there but not do anything special for it? >> > > RFC 3972 requires extensions to the CGA Parameters option to be > concatenated into the calculation for verification. So what I think > needs to be done is that, for the purposes of verification, it should > not be included in the calculation. > > This part of RFC 3972 may need some attention. I don't remember what > Tuomas and the WG had in mind with this, but the extensions field is > underspecified. If it is treated like a standard protocol extension > field, there will be TLV values for the extensions, and this is how > the multi-key CGA draft treats it. But the way it is incorporated into > the verification calculations implies that it is rather some bits that > don't have any specific field-like structure or any identifying > information as to what the extension is. Should such TLV bits be > included into the calculation? They aren't for the base key, 3792 > specifies specifically when the encoded public key is used (c.f. > Section 4, Step 2). This is what RFC 3972 says: Note that the hash values are computed over the entire CGA Parameters data structure, including any unrecognized extension fields. Now, the field itself is underspecified although its usage in the address calculation is clear (above). What we would probably need to do is to specify first a TLV structure for the extensions, and then one extension for the purposes of MCGA. But I don't think we need to touch the calculation rules. Btw, it seems that if the host's key is in the place where it should be according to RFC 3972, the other keys are in the extensions, you could easily use the RSA Signature, too, as long as you are not currently proxying -- just sign with the host's key. Of course you'd lose your privacy property. But I thought I'd mention this because it may affect whether you really want a new CGA type value or not. --Jari _______________________________________________ Mobopts mailing list Mobopts@irtf.org https://www1.ietf.org/mailman/listinfo/mobopts
- [Mobopts] Comments on draft-kempf-mobopts-ringsig… Jari Arkko
- [Mobopts] Re: Comments on draft-kempf-mobopts-rin… James Kempf
- [Mobopts] Re: Comments on draft-kempf-mobopts-rin… Jari Arkko
- [Mobopts] Re: Comments on draft-kempf-mobopts-rin… James Kempf
- Re: [Mobopts] Re: Comments on draft-kempf-mobopts… Jari Arkko