IETF Logo Mail Archive

Re: [shara] Preliminary agenda for SHARA BOF

<teemu.savolainen@nokia.com> Wed, 11 March 2009 09:52 UTC

Return-Path: <teemu.savolainen@nokia.com>
X-Original-To: shara@core3.amsl.com
Delivered-To: shara@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 74EA028C1D4 for <shara@core3.amsl.com>; Wed, 11 Mar 2009 02:52:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.242
X-Spam-Level:
X-Spam-Status: No, score=-6.242 tagged_above=-999 required=5 tests=[AWL=0.357, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vq-Y-qhk3K2k for <shara@core3.amsl.com>; Wed, 11 Mar 2009 02:52:48 -0700 (PDT)
Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by core3.amsl.com (Postfix) with ESMTP id 2FB0228C18F for <shara@ietf.org>; Wed, 11 Mar 2009 02:52:47 -0700 (PDT)
Received: from vaebh105.NOE.Nokia.com (vaebh105.europe.nokia.com [10.160.244.31]) by mgw-mx06.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id n2B9qpFV019685; Wed, 11 Mar 2009 11:53:18 +0200
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by vaebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 11 Mar 2009 11:53:05 +0200
Received: from vaebh101.NOE.Nokia.com ([10.160.244.22]) by esebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 11 Mar 2009 11:53:05 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.5]) by vaebh101.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 11 Mar 2009 11:52:59 +0200
Received: from nok-am1mhub-08.mgdnok.nokia.com (65.54.30.15) by NOK-am1MHUB-01.mgdnok.nokia.com (65.54.30.5) with Microsoft SMTP Server (TLS) id 8.1.340.0; Wed, 11 Mar 2009 10:52:57 +0100
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-08.mgdnok.nokia.com ([65.54.30.15]) with mapi; Wed, 11 Mar 2009 10:52:57 +0100
From: teemu.savolainen@nokia.com
To: randy@psg.com, Gabor.Bajko@nokia.com
Date: Wed, 11 Mar 2009 10:52:22 +0100
Thread-Topic: [shara] Preliminary agenda for SHARA BOF
Thread-Index: Acmh4jRH/jIV6urrQW2CKrLutyx85wAS61uA
Message-ID: <18034D4D7FE9AE48BF19AB1B0EF2729F27F2515180@NOK-EUMSG-01.mgdnok.nokia.com>
References: <49B64942.1080401@it.uc3m.es> <6CF039C5B32037498B02251E11CDE6B007D4F799@ftrdmel3> <49B670C6.6080601@ericsson.com> <6CF039C5B32037498B02251E11CDE6B007D887AD@ftrdmel3> <49B6F187.5080600@it.uc3m.es> <A99B171D26E1564B92D36826128CD66127EDFB990C@NOK-EUMSG-01.mgdnok.nokia.com> <m2ljrclwkw.wl%randy@psg.com>
In-Reply-To: <m2ljrclwkw.wl%randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 11 Mar 2009 09:52:59.0811 (UTC) FILETIME=[29604F30:01C9A22F]
X-Nokia-AV: Clean
Cc: bernard_aboba@hotmail.com, shara@ietf.org
Subject: Re: [shara] Preliminary agenda for SHARA BOF
X-BeenThere: shara@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Sharing of an IPv4 Address discussion list <shara.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shara>
List-Post: <mailto:shara@ietf.org>
List-Help: <mailto:shara-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2009 09:52:49 -0000

Randy,

If you allocate the ports by cryptographically random means as described in draft-draft-bajko-pripaddrassign, it does not matter if a host is allocated just two ports - the attacker cannot possibly guess what the other allocated port is by just knowing the other port in use. 

I have verified the crypto pseudo-code described in the draft with quick implementation. In my test modified DHCP server sends the parameters (128-bit key and others) to a modified DHCP client, which from those parameters calculates the ports it is allowed to use and sends 5 TCP SYNs to show it calculated them correctly.

Best regards,

	Teemu

>-----Original Message-----
>From: shara-bounces@ietf.org [mailto:shara-bounces@ietf.org] 
>On Behalf Of ext Randy Bush
>Sent: 11 March, 2009 02:42
>To: Bajko Gabor (Nokia-CIC/MtView)
>Cc: bernard_aboba@hotmail.com; shara@ietf.org
>Subject: Re: [shara] Preliminary agenda for SHARA BOF
>
>> I think what Med was asking for is yet another ramification of the 
>> solution space, namely the port randomness preservation.
>
>i fear that this is a rock and a hard place.  if you steal 
>ports, you will have a smaller pool of ports from which to 
>pick pseudo-randomly.
>even i can figure that out. :)
>
>has anyone really explored dave ward's suggestion to look at 
>stealing from ip id?  i will admit not having done so.
>
>randy
>_______________________________________________
>shara mailing list
>shara@ietf.org
>https://www.ietf.org/mailman/listinfo/shara
>

v2.23.0 | Report a Bug | By Email