Re: [secdir] Interest in draft-dong-savi-cga-header-03.txt; possibility of a five minute slot at saag?
Margaret Wasserman <margaretw42@gmail.com> Thu, 22 July 2010 12:50 UTC
Return-Path: <margaretw42@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E72C63A6835; Thu, 22 Jul 2010 05:50:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BT43vhY3qtdZ; Thu, 22 Jul 2010 05:50:38 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by core3.amsl.com (Postfix) with ESMTP id DFF053A67B8; Thu, 22 Jul 2010 05:50:37 -0700 (PDT)
Received: by qwe5 with SMTP id 5so3229076qwe.31 for <multiple recipients>; Thu, 22 Jul 2010 05:50:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=4FJn+5kUVVjkXsZvPqF9SncU6OX6irUvr0Fx5Tw1J48=; b=NS5vHE5xadbj9XGGigQkwILxujitxFul5TDmbOSWZWKD5drJi/ppJlcD8dLJ8/TlXF kMsstSyY5gRdGWXnozauxWG/2Phd6EiFNJAt5NapYkDNy9XE9z1a1a5xaKmDEbZyZoOI Zkc3lQCvse6/ImKKLBgtACEgM1p8El4ECH+zk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=KCFg3KF7DsXgfkw0VxkI7zGxBa0BE/KAmRpo0kk/rZ7VfFZhAbK+zQ1wWQHok/tG3k a8RInJ7T7NxE4JydJiBqB6xrYnUNaQjG6zSn+S1xCoVg0YmjxeYBI1ZIiYtz2V2yIEoZ IgyM0BVq59yhZQ43+fxregc1DiSkp4endkoB0=
Received: by 10.224.73.102 with SMTP id p38mr1138388qaj.270.1279803054330; Thu, 22 Jul 2010 05:50:54 -0700 (PDT)
Received: from [172.17.172.250] ([65.174.54.2]) by mx.google.com with ESMTPS id h20sm30457839qcm.33.2010.07.22.05.50.35 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 22 Jul 2010 05:50:43 -0700 (PDT)
Message-Id: <438B2D37-5C58-4E1F-9E69-75E80D76C570@gmail.com>
From: Margaret Wasserman <margaretw42@gmail.com>
To: Stephen Kent <kent@bbn.com>
In-Reply-To: <p06240801c86d39d160ab@[192.168.9.234]>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 22 Jul 2010 08:50:16 -0400
References: <tsl630fmwok.fsf@mit.edu> <p06240805c86a38f57df9@[128.89.89.72]> <BF345F63074F8040B58C00A186FCA57F1F66885082@NALASEXMB04.na.qualcomm.com> <p06240801c86d39d160ab@[192.168.9.234]>
X-Mailer: Apple Mail (2.936)
X-Mailman-Approved-At: Thu, 22 Jul 2010 06:47:38 -0700
Cc: "Laganier, Julien" <julienl@qualcomm.com>, Dong Zhang <zhangdong_rh@huawei.com>, "secdir@ietf.org" <secdir@ietf.org>, PaddyNallur <paddy@huaweisymantec.com>, "saag@ietf.org" <saag@ietf.org>, Margaret Wasserman <mrw@painless-security.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [secdir] Interest in draft-dong-savi-cga-header-03.txt; possibility of a five minute slot at saag?
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2010 12:50:40 -0000
Hi Steve, Thanks for your feedback! On Jul 21, 2010, at 8:45 PM, Stephen Kent wrote: >> >> I agree that if CGAs were to be used in ACLs they would need to be >> static (or long-term), but this does not negate a privacy feature >> that CGA's do not have. > > yes, it does, because the privacy is afforded by the host generating > a sequence of CGAs for parallel or serial use is in conflict with > use of a static CGA as an address space identifier for access > control purposes. There may be an inherent incompatibility between access control and anonymity, but that does not mean that the use of CGAs for access control is mutually exclusive with their use for privacy by the same node. A node could have a CGA (or a set of CGAs) that it uses to access certain resources. Those address(es) could be used in access control lists, etc. However, the same node could still generate CGAs or IPv6 Privacy Addresses for temporary use when anonymity/privacy is desired. I would argue that the use of CGAs for privacy, as you have cited it, is under-specified. There is mention of the concept that hosts could use CGAs for privacy, but there is no explanation of how those addresses would be managed, how long they should live, how application- level programs should request them, etc. IPv6 Privacy Addresses (as defined in RFC 4941) are much better specified for this purpose. >> >> If there were to be only one intermediary on-path node going to >> verify that the packets were generated by the CGA owner, it would >> be possible to execute a key exchange protocol bound to the CGAs of >> the sending host and the verifying node, and use symmetric keying >> material derived from that exchange to afford integrity protection >> to every packet at a cost comparable to that of IPsec providing >> integrity protection. > > yes, one could do what you suggest above, but that would be > duplicating IPsec (ESP-NULL) functionality, which I hope would be > frowned upon :-). There is also a possibility that the use of CGAs and a CGA extension in the early packets of an exchange could be used to set-up an IPsec SA for the remainder of the flow. In cases where a flow will consist of more than a few packets, this would probably be a better approach than signing all of the packets in an exchange. >> > Conversely, if only an initial packet exchange, involves the signed >> > packet from the host, the secruity offered is much lower, making it >> > vulnerable to MITM attacks. >> >> As above, an initial packet exchange could be used to derive >> symmetric keys bound to the CGA's of the parties involved. > > and IPsec would be a good idea here too :-). I agree. :-) > Mostly, but not quite. if a host is challenged to provide a signed > sequence of packets by a purported intermediary, how does the host > know that the challenge is legitimate, and not just a DoS attack? As we discuss in the security considerations section, this is an open issue with the specification. There are some possibilities for how to deal with this issue -- perhaps we could require that the requester generate it's own CGA, sign the request and include an CGA extension header on the request? Or perhaps it would be better for the requester to do some other costly operation to make this attack as expensive for the attacker as it would be for the target? There may be other possibilities for how to address this issue... it is one of the things that we should work out in the IETF before publishing this document. Margaret
- [secdir] Interest in draft-dong-savi-cga-header-0… Sam Hartman
- Re: [secdir] Interest in draft-dong-savi-cga-head… Stephen Kent
- Re: [secdir] Interest in draft-dong-savi-cga-head… Laganier, Julien
- Re: [secdir] Interest in draft-dong-savi-cga-head… Stephen Kent
- Re: [secdir] Interest in draft-dong-savi-cga-head… Margaret Wasserman
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Stephen Kent
- Re: [secdir] Interest in draft-dong-savi-cga-head… Laganier, Julien
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Margaret Wasserman
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Stephen Kent
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Stephen Kent
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Sam Hartman
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Richard L. Barnes
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Robert Moskowitz
- Re: [secdir] [saag] Interest in draft-dong-savi-c… Stephen Kent