IETF Logo Mail Archive

Re: [rrg] Some concerns about ILNP

Fred Baker <fred@cisco.com> Mon, 03 August 2009 10:58 UTC

Return-Path: <fred@cisco.com>
X-Original-To: rrg@core3.amsl.com
Delivered-To: rrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 50F1D28C101 for <rrg@core3.amsl.com>; Mon, 3 Aug 2009 03:58:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.799
X-Spam-Level:
X-Spam-Status: No, score=-105.799 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EIvEm4Epm+sr for <rrg@core3.amsl.com>; Mon, 3 Aug 2009 03:58:11 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id 033E13A6D09 for <rrg@irtf.org>; Mon, 3 Aug 2009 03:58:09 -0700 (PDT)
X-Files: nat66-gse.html : 85731
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqEFAA5gdkpAZnmf/2dsb2JhbACCJi+2Q4gpKQwJjWEFAoIwAQUFAwyBTIFPiFc
X-IronPort-AV: E=Sophos; i="4.43,314,1246838400"; d="html'217?scan'217,208,217"; a="52669282"
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-1.cisco.com with ESMTP; 03 Aug 2009 10:58:10 +0000
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id n73AwARg007947; Mon, 3 Aug 2009 06:58:10 -0400
Received: from [10.149.2.240] (rtp-vpn3-982.cisco.com [10.82.219.218]) by rtp-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n73Aw8Us022943; Mon, 3 Aug 2009 10:58:08 GMT
Message-Id: <F81CFC7A-010C-4078-8AF7-5FCA915D8684@cisco.com>
From: Fred Baker <fred@cisco.com>
To: Xu Xiaohu <xuxh@huawei.com>
In-Reply-To: <004201ca11b7$e8f30b10$5e0c6f0a@china.huawei.com>
Content-Type: multipart/mixed; boundary="Apple-Mail-53-406948902"
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Mon, 03 Aug 2009 06:58:08 -0400
References: <004201ca11b7$e8f30b10$5e0c6f0a@china.huawei.com>
X-Mailer: Apple Mail (2.935.3)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=89735; t=1249297090; x=1250161090; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fred@cisco.com; z=From:=20Fred=20Baker=20<fred@cisco.com> |Subject:=20Re=3A=20[rrg]=20Some=20concerns=20about=20ILNP |Sender:=20 |To:=20Xu=20Xiaohu=20<xuxh@huawei.com>; bh=w2EKWaCmBRr2zTfKppw14hN7AqV7dxvaNNNy6hNsn7M=; b=gBhAx592zQvNwNdIbTbTjAkX9w0vbVmhkfhNk7uXcvR4itOPXT7/utZR0k 8FlIOOFbMjtUhJWtMjf/o6vufg1AksPmxU2ZLYlSy/21RDuVA4ocg0c9TuGb 9nIhn8SnvQ;
Authentication-Results: rtp-dkim-2; header.From=fred@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
Cc: rja@extremenetworks.com, 'IRTF RRG' <rrg@irtf.org>
Subject: Re: [rrg] Some concerns about ILNP
X-BeenThere: rrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IRTF Routing Research Group <rrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/rrg>
List-Post: <mailto:rrg@irtf.org>
List-Help: <mailto:rrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2009 10:58:40 -0000

FYI - I had some students at Beijing University of Post and Telegraph  
(BUPT) do an implementation of GSE using several approaches to this  
problem, one of which was ILNP. The key thing to the study was an  
agreed-to-be-weird routing scenario that forced a session to oscillate  
among the available address pairs on every exchange; see section 1.4.1  
of the attached for the scenario. They tried kind of "all of the  
above" in terms of endpoint identifier approaches, and they all failed  
with two exceptions, GSE as described by Mike and ILNP. HIP couldn't  
set up the association as it depends on the first few messages getting  
across without the address changing until the HIT is established, and  
this changed them there.

I would support RJA's contentions here; ILNP gets the job done, even  
in the presence of EID duplication in the network.

The BUPT kids will be publishing a paper out of this, assuming they  
can get interest from an appropriate journal.


On Jul 31, 2009, at 4:21 AM, Xu Xiaohu wrote:

> Hi Ran,
>
> If I understand your ILNP correctly, it is much silimar with the  
> GSE.  If so, I'm wondering whether the issues with the GSE described  
> in draft-ietf-ipngwg-esd-analysis  have been successfully solved by  
> the ILNP, e.g., identifier authentication issue. It seems that  the  
> answers to these hard issues have not been mentioned in your slides.
>
> I noticed the following statement in your slides, do you believe  
> that 62-bit field is long enough to prevent the security of the  
> binding of the 62-bit hash value and the public key from being  
> easily compromised once you use the HIP/CGA like ideas to deal with  
> the identifier authentication issue?
>
> *********************************
> If scope bit is local, have 62 bits that can be anything:
> ‣ Cryptographically Generated Identifier (a la CGA proposals)
> ‣ Hash of a public-key (a la HIP)
> ‣ Pseudo-randomly generated (a la IPv6 Privacy AutoConf)
> **********************************
>
> Best regard,
>
> Xiaohu
>
> _______________________________________________
> rrg mailing list
> rrg@irtf.org
> http://www.irtf.org/mailman/listinfo/rrg

v2.23.0 | Report a Bug | By Email