[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?

To: masataka ohta <mohta@necom830.hpcl.titech.ac.jp>
Subject: Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?
From: Erik Nordmark <Erik.Nordmark@sun.com>
Date: Wed, 5 Nov 2003 12:45:31 +0100 (CET)
Cc: Erik Nordmark <Erik.Nordmark@sun.com>, multi6@ops.ietf.org
In-reply-to: "Your message with ID" <3FA7CF59.9080004@necom830.hpcl.titech.ac.jp>
Reply-to: Erik Nordmark <Erik.Nordmark@sun.com>

> So, let's assume that we were talking about an imaginary IP network
> where secure DNS were deployed and a pair of hosts were actually
> using it for their forward and reverse domains.
> 
> Then,  there is no reason to make some part of address of a host
> a hash of host's public key, as the host can simply put its full
> public key in DNS.
> 
> Then, the pair of hosts can and will exchange a session key with
> which the communication, including parts for multihoming control,
> is secured.

Yes, but this implies doing a full key exchange to form the session keys
for every pair of hosts that communicate.
That might be acceptable if those hosts want cryptographical strength
integrity and/or confidentiality, but feels like a lot of resources to
spend for the off-chance that during their communication one or both
of them will need to use different locators.

Your argument also assumes that all hosts will be in the DNS so that they
have a FQDN under which they can store their public key.
That isn't the case in IPv4 today and I haven't seen a strong driver for
this changing with IPv6. Thus I think it is important to enable multihoming
support when only one end of the communication has information in the DNS.
I haven't seen a proposal for how to do this using public keys stored
in the DNS. If you have one please explain it.

> Still, you may argue that DoS of telling wrong locators should be
> possible. But, you are wrong because MITM can issue as much DoS
> as he wants regardless of security mechanism used. DoS by MITM,
> agaist which cookies does not work, is fatally efficient, if
> public key (that is, *EXPENSIVE*) cryptography is used.

DoS from MiTM isn't the main DoS concern in the threats draft.
In fact it points out that such DoS attacks are possible in today's Internet.
One concern added by multihoming are around 3rd party DoS attacks,
where the redirection capability inherent in multihoming could potentially
be used to redirect large, sustained packet flows to a 3rd party.
See the draft for details.

The other DoS concern is about opportunities potentially created by
the multihoming mechanisms themselves; creating state or doing large amounts
of processing on an initial packet for instance.

> Finally, as a set of locators of a host can be securely obtained
> from secure DNS that there is no need to dynamically authenticate
> the set, which is the fundamental difference between MIPv6 and M6.

As the NOID draft discusses, if you want to use the DNS for verification,
one actually has to verify not only that the node/fdqn claims to use a locator,
but also that the locator points back at the fqdn. Otherwise, such a mechanism
could be used for 3rd party DoS.

  Erik

Follow-Ups:
- Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?
  - From: masataka ohta <mohta@necom830.hpcl.titech.ac.jp>

References:
- Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?
  - From: masataka ohta <mohta@necom830.hpcl.titech.ac.jp>

Prev by Date: Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?
Next by Date: RE: survivability, rewriting
Previous by thread: Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?
Next by thread: Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?
Index(es):
- Date
- Thread