Re: [secdir] [saag] Interest in draft-dong-savi-cga-header-03.txt; possibility of a five minute slot at saag?

"Richard L. Barnes" <> Thu, 29 July 2010 08:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5893E28C1C5; Thu, 29 Jul 2010 01:28:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.426
X-Spam-Status: No, score=-2.426 tagged_above=-999 required=5 tests=[AWL=0.173, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pi6eI-9GfBFS; Thu, 29 Jul 2010 01:28:19 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 5C1D93A63C9; Thu, 29 Jul 2010 01:28:17 -0700 (PDT)
Received: from [] (port=49262 by with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <>) id 1OeOTj-0004iB-Le; Thu, 29 Jul 2010 04:28:35 -0400
Message-Id: <>
From: "Richard L. Barnes" <>
To: Sam Hartman <>
In-Reply-To: <>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 29 Jul 2010 10:28:34 +0200
References: <> <p06240805c86a38f57df9@[]> <> <p06240801c86d39d160ab@[]> <> <p06240807c876e0f794c1@[]> <>
X-Mailer: Apple Mail (2.936)
Cc: Dong Zhang <>, "" <>, PaddyNallur <>, "" <>, Margaret Wasserman <>
Subject: Re: [secdir] [saag] Interest in draft-dong-savi-cga-header-03.txt; possibility of a five minute slot at saag?
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 Jul 2010 08:28:20 -0000

The thing I'm struggling with here is what value a CGA provides over a  
bare public key.  The use of a CGA as a source address doesn't prove  
anything except that the entity that generated it had access to a  
given public key, which is nothing special.  If you're going to get  
any security benefit, you either need

1. Out-of-band knowledge that SEND was applied in the relevant subnet,  
2. Some interaction that proves ownership of the private key

In the second case, you might as well just use existing protocols for  
proving ownership of a key (IPsec, TLS); the first case is just a  
special case of the second, where the entity applying access control  
has a special relationship with the layer-2 network (kind of fragile).

Either way, what you end up doing is validating that the entity holds  
a given private key, at which point the source address has nothing to  
do with the security of communications.

tl;dr: CGAs don't have any security benefit without another protocol.   
What's the use case?


On Jul 29, 2010, at 10:14 AM, Sam Hartman wrote:

>>>>>> "Stephen" == Stephen Kent <> writes:
>    Stephen> I agree that the primary motivation for CGAs arose in the
>    Stephen> SeND context, and that privacy is an independent
>    Stephen> feature. But, the context in which CGAs were intended to
>    Stephen> provide an ability to establish a binding to an IPv6
>    Stephen> address was local. When one moves beyond this local
>    Stephen> context, and one advocates having more distant nodes
>    Stephen> challenge a host, this creates privacy questions.
> I think we've been looking at CGAs that have non-local scope for a
> while.  Section 7.4 of RFC 3972 seems to anticipate CGAs used with  
> other
> protocols.  It's my understanding that shim6 supports both HBAs and  
> CGAs
> for non-local contexts.  I also believe the MIP6 context for CGA use  
> is
> non-local.
> _______________________________________________
> saag mailing list