Re: [v6ops] [EXTERNAL] Re: Improving ND security

[Vasilenko Eduard <vasilenko.eduard@huawei.com>]

Hi Fred,
SEND assumes RSA "RSASSA-PKCS1-v1_5  algorithm and SHA-1 hash" that is good enough for majority of purposes.
Currently Elliptic-curve cryptography is more popular, but it is not mandatory - RSA is good enough.

Teredo specification assumes that "authentication algorithm, shared with the server", "agreed-upon authentication algorithm".
Hence, it is not possible to tell exactly how secure it is.
But because by default "To maximize interoperability, this specification defines a default algorithm in which the authentication value is computed according the HMAC specification [RFC2104] and the SHA1 function [FIPS-180]."
We could say that it is much weaker then SEND, because HMAC in principle is much weaker then open key cryptography (RSA).

And we are comparing orange to apple here, because
- SEND is used for neighbor authentication
- Teredo is the tunnel
They have different purpose in networking.

Eduard
-----Original Message-----
From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Templin (US), Fred L
Sent: 3 августа 2020 г. 20:20
To: Christian Huitema <huitema@huitema.net>; Fernando Gont <fernando@gont.com.ar>
Cc: 6man <ipv6@ietf.org>; v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] [EXTERNAL] Re: Improving ND security

Christian,

> -----Original Message-----
> From: Christian Huitema [mailto:huitema@huitema.net]
> Sent: Monday, August 03, 2020 10:02 AM
> To: Fernando Gont <fernando@gont.com.ar>
> Cc: Templin (US), Fred L <Fred.L.Templin@boeing.com>; Pascal Thubert 
> (pthubert) <pthubert@cisco.com>; v6ops list <v6ops@ietf.org>; 6man 
> <ipv6@ietf.org>
> Subject: Re: [v6ops] [EXTERNAL] Re: Improving ND security
> 
> This message was sent from outside of Boeing. Please do not click 
> links or open attachments unless you recognize the sender and know that the content is safe.
> 
> > On Aug 3, 2020, at 9:35 AM, Fernando Gont <fernando@gont.com.ar> wrote:
> >
> > On 3/8/20 11:22, Templin (US), Fred L wrote:
> >> ...
> >
> >
> >
> >> But then, RFC4380 offers a “poor-man’s” alternative to SEND/CGA. It 
> >> places a message authentication code in the encapsulation
> headers of IPv6 ND messages so that the messages can pass a rudimentary authentication check.
> >
> > You mean the Teredo spec? If so, I don't think it includes any sort of poor-man's SEND-CGA.
> 
> Configuration mistakes were a big concern during the design of Teredo, 
> and that's a reason why Teredo embeds continuity tests. But these tests will not resist an on-path attacker, let alone an on-link attacker.



What has been the experience with RFC4380 security in-the-wild? Is it considered "secure enough" out of the box? Or, if you had to do it again would you incorporate something "more secure" like SEND/CGA?

Thanks - Fred


> -- Christian Huitema

_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops