IETF Logo Mail Archive

Re: [NSIS] Responder Cookie construction

"Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> Sat, 28 April 2007 08:35 UTC

Return-path: <nsis-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HhiP6-0000zJ-4S; Sat, 28 Apr 2007 04:35:40 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HhiP5-0000xT-1j for nsis@ietf.org; Sat, 28 Apr 2007 04:35:39 -0400
Received: from mail.gmx.net ([213.165.64.20]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1HhiP4-000163-AV for nsis@ietf.org; Sat, 28 Apr 2007 04:35:38 -0400
Received: (qmail 22589 invoked by uid 0); 28 Apr 2007 08:35:37 -0000
Received: from 195.3.113.74 by www096.gmx.net with HTTP; Sat, 28 Apr 2007 10:35:37 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
Date: Sat, 28 Apr 2007 10:35:37 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
In-Reply-To: <463262B7.7070803@roke.co.uk>
Message-ID: <20070428083537.70060@gmx.net>
MIME-Version: 1.0
References: <463262B7.7070803@roke.co.uk>
Subject: Re: [NSIS] Responder Cookie construction
To: Andrew McDonald <andrew.mcdonald@roke.co.uk>, nsis@ietf.org
X-Authenticated: #29516787
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX1/yHNZ8zLXy2PVMp0dIaDNwfSv6IDwtMNNkhXaCgc uEr6cSXEe7/g+W+vYA3OHb4uLe2UINZOWPXw==
Content-Transfer-Encoding: 7bit
X-GMX-UID: bjEAcjxTTXsuUIAHo2U5FstCRzdyMoMK
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 287c806b254c6353fcb09ee0e53bbc5e
Cc:
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
Errors-To: nsis-bounces@ietf.org

The aspect of Cookie construction in case of NAT traversal is addressed in 

http://tools.ietf.org/html/draft-pashalidis-nsis-gimps-nattraversal-04

-------- Original-Nachricht --------
Datum: Fri, 27 Apr 2007 21:53:11 +0100
Von: Andrew McDonald <andrew.mcdonald@roke.co.uk>
An: NSIS Working Group <nsis@ietf.org>
Betreff: [NSIS] Responder Cookie construction

> Hi,
> 
> In reviewing the draft and attempting to implement 'late state
> installation' (i.e. wait until you get a Confirm before installing
> routing state), I found some potential issues in the suggested
> (non-normative) construction for responder cookies in section 8.5.
> 
> (Part of this also relates to gist-aware nat-traversal.)
> 
> For reference, the construction there is:
>   R-Cookie = liveness data + hash (locally known secret,
>                                    Q-Node NLI, MRI, NSLPID,
>                                    reception interface,
>                                    liveness data)
> 
> There are four particular cases to consider:
> 1) install routing state when you get the Query
> 2) wait until you receive the Confirm before installing routing state
> 3) as case (1), but where there is a NAT-Traversal object in the Query
> 4) as case (2), but where there is a NAT-Traversal object in the Query
> 
> The current construction is sufficient for (1), although in that case an
> implementer may well choose just to generate random cookies and remember
> them in the responding node.
> 
> One issue, however, I'm not clear whether the whole "Q-Node NLI" element
> is relevant. The key parts of the NLI for routing state are the Peer ID
> and Interface Address. Are there any problems if Routing State Validity
> Time was to change between Query and Confirm?
> 
> For (2), it is necessary to store the reception interface in the cookie.
> The responding node can only discover this from a Q-mode encapsulated
> message. If not keeping routing state, then it needs to be able to
> recover this information from the cookie in the confirm. An version of
> the cookie construction to handle this would be:
>   R-Cookie = liveness data + reception interface +
>                              hash (locally known secret,
>                                    Q-Node NLI, MRI, NSLPID,
>                                    reception interface,
>                                    liveness data)
> 
> For (3) and (4) things get slightly more complicated. Section 7.2.3 says
>    Therefore, a Responding node that wishes to delay state installation
>    until receiving a Confirm must somehow reconstruct the translations
>    when the Confirm arrives.  How to do this is an implementation issue;
>    one approach is to carry the translated objects as part of the
>    Responder cookie which is echoed in the Confirm.  Indeed, for one of
>    the cookie constructions in Section 8.5 this is automatic.
> However, section 8.5 does not currently appear to cover this.
> 
> I'll discuss this from the point of view of case (4), case (3) is
> simpler since routing state data does not need to be recovered from the
> cookie.
> 
> If there is a NAT traversal object present, I think we need to take into
> account both the translated and untranslated MRIs, since the responding
> node is expected to construct its routing state based on the
> untranslated MRI, but the translated MRI is needed by NSLPs.
> 
> Also, the translated NLI needs to be recovered, since that is what
> should be used in the routing state (but only the untranslated NLI will
> be in the Confirm[*]).
> 
> So, the cookie construction we need for case (4) probably looks like:
>   R-Cookie = liveness data + reception interface +
>              translated MRI + translated NLI +
>                              hash (locally known secret,
>                                    translated Q-Node NLI,
>                                    untranslated MRI,
>                                    translated MRI,
>                                    NSLPID,
>                                    reception interface,
>                                    liveness data)
> 
> In case (3), we don't need the recoverable data outside the hash.
> 
> I did also wonder whether the SID ought to be incorporated into the
> hashed data. The SID is part of the routing state to avoid malicious
> (blind, off-path) modification of the state. Are there any security
> issues if it was to change between Query and Confirm? If it did, then in
> the current state of affairs different routing state would be installed
> in the last state installation case to if the state had been installed
> when the query was received. (Also, if state had been installed when the
> Query was received the Confirm would be rejected as not matching that
> routing state.)
> 
> The remaining question is, how much of this discussion (and which
> suggested constructions) needs to be included in 8.5?
> 
> [*] I've also just noticed that 7.2.2 says that opaque versions of the
> NLI may be carried in the NAT-Traversal object to aid topology hiding.
> If the untranslated version appears in the Confirm, how does this help?
> 
> regards,
> Andrew
> 
> _______________________________________________
> nsis mailing list
> nsis@ietf.org
> https://www1.ietf.org/mailman/listinfo/nsis

_______________________________________________
nsis mailing list
nsis@ietf.org
https://www1.ietf.org/mailman/listinfo/nsis

v2.23.0 | Report a Bug | By Email