RE: [NSIS] ntlp drafts differences
Tschofenig Hannes <hannes.tschofenig@siemens.com> Thu, 31 July 2003 11:20 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA20805 for <nsis-archive@odin.ietf.org>; Thu, 31 Jul 2003 07:20:29 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19iBTV-0003Jq-0B for nsis-archive@odin.ietf.org; Thu, 31 Jul 2003 07:20:01 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h6VBK06V012752 for nsis-archive@odin.ietf.org; Thu, 31 Jul 2003 07:20:00 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19iBTU-0003JY-K4; Thu, 31 Jul 2003 07:20:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19iBSb-0003GA-Be for nsis@optimus.ietf.org; Thu, 31 Jul 2003 07:19:05 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA20756 for <nsis@ietf.org>; Thu, 31 Jul 2003 07:19:02 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19iBSa-0002Oh-00 for nsis@ietf.org; Thu, 31 Jul 2003 07:19:04 -0400
Received: from goliath.siemens.de ([192.35.17.28]) by ietf-mx with esmtp (Exim 4.12) id 19iBSa-0002Oc-00 for nsis@ietf.org; Thu, 31 Jul 2003 07:19:04 -0400
Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by goliath.siemens.de (8.11.7/8.11.7) with ESMTP id h6VBJ2E09020; Thu, 31 Jul 2003 13:19:02 +0200 (MEST)
Received: from mchp9daa.mch.sbs.de (mchp9daa.mch.sbs.de [139.25.137.99]) by mail2.siemens.de (8.11.7/8.11.7) with ESMTP id h6VBJ2s03061; Thu, 31 Jul 2003 13:19:02 +0200 (MEST)
Received: by mchp9daa.mch.sbs.de with Internet Mail Service (5.5.2653.19) id <PN24T8B7>; Thu, 31 Jul 2003 13:19:00 +0200
Message-ID: <2A8DB02E3018D411901B009027FD3A3F03BC001B@mchp905a.mch.sbs.de>
From: Tschofenig Hannes <hannes.tschofenig@siemens.com>
To: "'Hancock, Robert'" <robert.hancock@roke.co.uk>, 'Thanh Tra LUU' <luu@enst.fr>, Kappler Cornelia <cornelia.kappler@siemens.com>
Cc: nsis@ietf.org
Subject: RE: [NSIS] ntlp drafts differences
Date: Thu, 31 Jul 2003 13:18:57 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: nsis-admin@ietf.org
Errors-To: nsis-admin@ietf.org
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
hi robert, thanks for pointing to this issue. i think that it is important to differentiate between a) how rsvp handles it today and b) would are possible ways todo it. ad a) as described in the rsvp security properties draft, an rsvp message gets DROPPED when cryptographic verification fails. hence there is no error message which would allow the previous node to discover the next hop. ad b) it is certainly true that you can modify the path message to achieve the desired behavior. with regard to standard security mechanisms it is clear that ipsec cannot be used to protect this message. but even there you can reuse existing security mechanisms (to some extend) to support exising authentication and key exchange mechanisms (as described in draft-tschofenig-rsvp-doi-00.txt). there are other implications with regard to addressing which are not immediately relevant for security (hence i do not describe them). ciao hannes > -----Original Message----- > From: Hancock, Robert [mailto:robert.hancock@roke.co.uk] > Sent: Thursday, July 31, 2003 11:38 AM > To: Tschofenig Hannes; 'Thanh Tra LUU'; Kappler Cornelia > Cc: nsis@ietf.org > Subject: RE: [NSIS] ntlp drafts differences > > > hi all, > > On this security front, there seems to be a choice between > a) Find out (insecurely) who your downstream peer is, then send > them a (secured) signalling message directly. > b) Send a (secured) signalling message which only the right > downstream peer can receive correctly, and get an error message > if it ended up at the wrong place. > > Are there fundamental differences in what security can be > achieved between these two methods? > They seem to me to provide > equal opportunities for securing the signalling data (and for > getting this wrong), and equal opportunities for preventing > DoS attacks (and getting this wrong). The threats are the same, > they just apply at different stages in the message flow. > Or, is there something subtle I am missing? > > (The main difference is in when in the message sequence the > reaction to a route change takes place, but I don't see this as > a security issue. Indeed, some people think it is a non-issue.) > > cheers, > > r. > > > -----Original Message----- > > From: Tschofenig Hannes [mailto:hannes.tschofenig@siemens.com] > > Sent: Tuesday, July 29, 2003 10:24 > > To: 'Thanh Tra LUU'; Kappler Cornelia > > Cc: nsis@ietf.org > > Subject: RE: [NSIS] ntlp drafts differences > > > > > > hi, > > > > ~snip~ > > > > > > > - Whether a NE know its next hop peer. > > > > In Melindas NTLP, the NE just knows its previous peer. > The next NE > > > peer is discovered by a PATH-like message and > subsequently addressed > > > implicitly. > > > > In Hennings NTPL, the NE may request to be informed of > the next NE > > > peer's address. > > > > To my knowledge, knowing the address of the next NE peer is > > > necessary for channel security which we require to at least be > > > possible (Requirements ID 5.7.5). So to me this looks like > > a necessary > > > feature. > > > > > > > > And that's it...!? > > > > > > It is possible that a NE does not know the next node to send a > > > message. By examining the RSVP-HOP (previous hop) object > > and INTEGRITY > > > object, a NE can know which NE has sent this message and > > which key is > > > used (following the security association between them). > > Maybe I don't > > > understand clearly what you mean " next NE peer is necessary for > > > channel security ". > > > > > > the problem occurs with rsvp path-alike messages. you send a > > message and do > > not really know which node is actually going to intercept it. > > > > if you know it by some means - e.g. routing table (which is > already a > > discovery mechanism - assuming you additionally know that the > > next node will > > be nsis aware) then you can select the proper security > > association (and > > key). still something can go wrong and the message ends up at > > the wrong node > > which will drop the incorrectly protected signaling message > > and you will not > > receive an error message. > > > > > > i guess everyone will tell you that securing discovery > > messages is hard. > > > > ~snip~ > > > > > > ciao > > hannes > > > > _______________________________________________ > > nsis mailing list > > nsis@ietf.org > > https://www1.ietf.org/mailman/listinfo/nsis > > > > -- > Registered Office: Roke Manor Research Ltd, Siemens House, > Oldbury, Bracknell, > Berkshire. RG12 8FZ > > The information contained in this e-mail and any attachments > is confidential to > Roke Manor Research Ltd and must not be passed to any third > party without > permission. This communication is for information only and > shall not create or > change any contractual relationship. > _______________________________________________ nsis mailing list nsis@ietf.org https://www1.ietf.org/mailman/listinfo/nsis
- [NSIS] ntlp drafts differences Kappler Cornelia
- Re: [NSIS] ntlp drafts differences Thanh Tra LUU
- RE: [NSIS] ntlp drafts differences Tschofenig Hannes
- RE: [NSIS] ntlp drafts differences Hancock, Robert
- RE: [NSIS] ntlp drafts differences Tschofenig Hannes
- RE: [NSIS] ntlp drafts differences Geib, Ruediger
- RE: [NSIS] ntlp drafts differences Hancock, Robert