Re: [secdir] [saag] Interest in draft-dong-savi-cga-header-03.txt; possibility of a five minute slot at saag?

Robert Moskowitz <rgm-sec@htt-consult.com> Thu, 29 July 2010 12:04 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C112A3A69EB; Thu, 29 Jul 2010 05:04:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nEnrMh02xS5p; Thu, 29 Jul 2010 05:04:09 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 7E04E3A69A2; Thu, 29 Jul 2010 05:04:09 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 7FB4D68B25; Thu, 29 Jul 2010 11:55:22 +0000 (UTC)
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSaOg4VCZEas; Thu, 29 Jul 2010 07:55:12 -0400 (EDT)
Received: from nc2400.htt-consult.com (dhcp-60fb.meeting.ietf.org [130.129.96.251]) (Authenticated sender: rgm-sec@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 4BCBE68B24; Thu, 29 Jul 2010 07:55:11 -0400 (EDT)
Message-ID: <4C516E42.9080103@htt-consult.com>
Date: Thu, 29 Jul 2010 14:04:18 +0200
From: Robert Moskowitz <rgm-sec@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100430 Fedora/3.0.4-2.fc12 Thunderbird/3.0.4
MIME-Version: 1.0
To: "Richard L. Barnes" <rbarnes@bbn.com>
References: <tsl630fmwok.fsf@mit.edu> <p06240805c86a38f57df9@[128.89.89.72]> <BF345F63074F8040B58C00A186FCA57F1F66885082@NALASEXMB04.na.qualcomm.com> <p06240801c86d39d160ab@[192.168.9.234]> <BF345F63074F8040B58C00A186FCA57F1F6688540F@NALASEXMB04.na.qualcomm.com> <p06240807c876e0f794c1@[130.129.114.216]> <tslwrse66y2.fsf@live.c.hospitality.swisscom.com> <20C6D044-08B8-4956-910A-D22C70819933@bbn.com>
In-Reply-To: <20C6D044-08B8-4956-910A-D22C70819933@bbn.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Thu, 29 Jul 2010 05:48:16 -0700
Cc: Dong Zhang <zhangdong_rh@huawei.com>, "secdir@ietf.org" <secdir@ietf.org>, PaddyNallur <paddy@huaweisymantec.com>, "saag@ietf.org" <saag@ietf.org>, Margaret Wasserman <mrw@painless-security.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [secdir] [saag] Interest in draft-dong-savi-cga-header-03.txt; possibility of a five minute slot at saag?
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2010 12:04:10 -0000

On 07/29/2010 10:28 AM, Richard L. Barnes wrote:
> The thing I'm struggling with here is what value a CGA provides over a 
> bare public key.

My understanding MAY be incomplete, but...

It looks like CGA generation binds the prefix to the key, thus there is 
a trust that the prefix has not been altered.

I don't do that in HIT generation. Don't know if I should change HIT 
generation or not. I would need to look at the IPR around CGAs.

> The use of a CGA as a source address doesn't prove anything except 
> that the entity that generated it had access to a given public key, 
> which is nothing special. If you're going to get any security benefit, 
> you either need
>
> 1. Out-of-band knowledge that SEND was applied in the relevant subnet, or
> 2. Some interaction that proves ownership of the private key
>
> In the second case, you might as well just use existing protocols for 
> proving ownership of a key (IPsec, TLS); the first case is just a 
> special case of the second, where the entity applying access control 
> has a special relationship with the layer-2 network (kind of fragile).
>
> Either way, what you end up doing is validating that the entity holds 
> a given private key, at which point the source address has nothing to 
> do with the security of communications.
>
> tl;dr: CGAs don't have any security benefit without another protocol. 
> What's the use case?
>
> --Richard
>
>
>
>
> On Jul 29, 2010, at 10:14 AM, Sam Hartman wrote:
>
>>>>>>> "Stephen" == Stephen Kent <kent@bbn.com>; writes:
>>
>> Stephen> I agree that the primary motivation for CGAs arose in the
>> Stephen> SeND context, and that privacy is an independent
>> Stephen> feature. But, the context in which CGAs were intended to
>> Stephen> provide an ability to establish a binding to an IPv6
>> Stephen> address was local. When one moves beyond this local
>> Stephen> context, and one advocates having more distant nodes
>> Stephen> challenge a host, this creates privacy questions.
>>
>> I think we've been looking at CGAs that have non-local scope for a
>> while. Section 7.4 of RFC 3972 seems to anticipate CGAs used with other
>> protocols. It's my understanding that shim6 supports both HBAs and CGAs
>> for non-local contexts. I also believe the MIP6 context for CGA use is
>> non-local.
>>
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>