Re: [secdir] [saag] Interest in draft-dong-savi-cga-header-03.txt; possibility of a five minute slot at saag?
Stephen Kent <kent@bbn.com> Mon, 09 August 2010 20:54 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC9BD3A69B8; Mon, 9 Aug 2010 13:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.229
X-Spam-Level:
X-Spam-Status: No, score=-101.229 tagged_above=-999 required=5 tests=[AWL=-1.045, BAYES_40=-0.185, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w2NStG+BcTK5; Mon, 9 Aug 2010 13:54:09 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id D1D003A6969; Mon, 9 Aug 2010 13:54:09 -0700 (PDT)
Received: from dhcp89-089-110.bbn.com ([128.89.89.110]:49206) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1OiZMk-000IME-2r; Mon, 09 Aug 2010 16:54:38 -0400
Mime-Version: 1.0
Message-Id: <p0624081ac8861a5e0cb4@[128.89.89.110]>
In-Reply-To: <tslwrse66y2.fsf@live.c.hospitality.swisscom.com>
References: <tsl630fmwok.fsf@mit.edu> <p06240805c86a38f57df9@[128.89.89.72]> <BF345F63074F8040B58C00A186FCA57F1F66885082@NALASEXMB04.na.qualcomm.com> <p06240801c86d39d160ab@[192.168.9.234]> <BF345F63074F8040B58C00A186FCA57F1F6688540F@NALASEXMB04.na.qualcomm.com> <p06240807c876e0f794c1@[130.129.114.216]> <tslwrse66y2.fsf@live.c.hospitality.swisscom.com>
Date: Mon, 09 Aug 2010 16:54:31 -0400
To: Sam Hartman <hartmans-ietf@mit.edu>
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-930735219==_ma============"
Cc: "Laganier, Julien" <julienl@qualcomm.com>, Dong Zhang <zhangdong_rh@huawei.com>, "secdir@ietf.org" <secdir@ietf.org>, PaddyNallur <paddy@huaweisymantec.com>, "saag@ietf.org" <saag@ietf.org>, Margaret Wasserman <mrw@painless-security.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [secdir] [saag] Interest in draft-dong-savi-cga-header-03.txt; possibility of a five minute slot at saag?
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2010 20:54:11 -0000
At 4:14 AM -0400 7/29/10, Sam Hartman wrote: > >>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes: > > Stephen> I agree that the primary motivation for CGAs arose in the > Stephen> SeND context, and that privacy is an independent > Stephen> feature. But, the context in which CGAs were intended to > Stephen> provide an ability to establish a binding to an IPv6 > Stephen> address was local. When one moves beyond this local > Stephen> context, and one advocates having more distant nodes > Stephen> challenge a host, this creates privacy questions. > >I think we've been looking at CGAs that have non-local scope for a >while. Section 7.4 of RFC 3972 seems to anticipate CGAs used with other >protocols. It's my understanding that shim6 supports both HBAs and CGAs >for non-local contexts. I also believe the MIP6 context for CGA use is >non-local. I don't know about MIP6, but when I read the second paragraph of section 7.4 in the CGA RFC, I get a different impression. The fact that the paragraph begins with "Finally, a strong cautionary note has to be made about using CGA signatures for purposes other than SEND." suggests to me that the authors anticipated that others might want to use CGAs elsewhere. They provided a list of comments about why CGAs were designed for and well-suited to the SeND context (which is local), and warnings about the limitations that arise if one tries to use CGAs elsewhere. Steve
- [secdir] Interest in draft-dong-savi-cga-header-0… Sam Hartman
- Re: [secdir] Interest in draft-dong-savi-cga-head… Stephen Kent
- Re: [secdir] Interest in draft-dong-savi-cga-head… Laganier, Julien
- Re: [secdir] Interest in draft-dong-savi-cga-head… Stephen Kent
- Re: [secdir] Interest in draft-dong-savi-cga-head… Margaret Wasserman
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Stephen Kent
- Re: [secdir] Interest in draft-dong-savi-cga-head… Laganier, Julien
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Margaret Wasserman
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Stephen Kent
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Stephen Kent
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Sam Hartman
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Richard L. Barnes
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Robert Moskowitz
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Stephen Kent