[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New multi6 draft: WIMP

To: "Jukka Ylitalo" <jukka.ylitalo@nomadiclab.com>, <multi6@ops.ietf.org>
Subject: RE: New multi6 draft: WIMP
From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>
Date: Tue, 3 Feb 2004 16:07:21 +0100
In-reply-to: <401F8BD5.3050506@nomadiclab.com>
Reply-to: <mbagnulo@ing.uc3m.es>

> Unfortunately it works :-) thanks! We can fix the problem in a couple of
> ways.
>
> 1) the initiator must verify that the existing context has at least one
> verified IP addresses that corresponds the IP addresses in the DNS.

I don't know about this...
some random thoughts:
- if you use the DNS to validate addresses, i think you loose much of the
beauty of your solution. Actually, you could only use the DNS and you end-up
in NOID. The only benefit AFAICS would be to support a more dynamic prefix
change, for instance to support faster renumbering, but i am not really sure
if this is worth it. I mean, probably DNS times and renumbering times are
quite compatible

- besides, i am not sure that this would be really enough becuase you will
have to consider time-shifted attacks. Requiring a valid IP address only
means that this IP address was checked once when the REA message was sent.
This is not good enough to prevent a time shifted variation of the described
attack

- the only way i can figure out is to verify the reachability of the address
contained in the DNS again when the responder wants to initate the new
communication (this is starting to seem a lot to the second solution, i
guess)

>
> or
>
> 2) The initiating party must not re-use a context if it is initiated by
> other party.
> As a consequence, p2p applications will have two contexts. One per
> direction.

Yes, this may wotk...
I can see how would you this for TCP and even for connected UDP socket, but
is don't know how would you recognize who has initiated the communication in
the case of non-connected UDP though (but i have little knowledge about how
this work)

I would recomend to verify the time shifted attacks in this case either

regards, marcelo

>
> Br, Jukka
>
> >Thanks, marcelo
> >
> >
> >
> >
> >>Br, Jukka
> >>
> >>
> >>
> >>>Thanks, marcelo
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>>
> >>>
> >>>
> >>>>-----Mensaje original-----
> >>>>De: owner-multi6@ops.ietf.org [mailto:owner-multi6@ops.ietf.org]En
> >>>>nombre de Jukka Ylitalo
> >>>>Enviado el: jueves, 29 de enero de 2004 10:09
> >>>>Para: multi6@ops.ietf.org
> >>>>Asunto: New multi6 draft: WIMP
> >>>>
> >>>>
> >>>>(uh oh, the previous email was incorrectly aligned)
> >>>>
> >>>>Hi,
> >>>>
> >>>>We have submitted a new multi6 draft to I-D directory. The draft
> >>>>defines a Weak Identifier Multihoming Protocol (WIMP), and we
> >>>>wrote it in order to see how opportunistic/weak authentication
> >>>>methods could
> >>>>be used to solve the multi6 problem.
> >>>>
> >>>>WIMP is one of those protocols that introduce a new protocol layer
> >>>>between IP and upper layers. Our approach uses some very basic
> >>>>cryptograpahic funtions (reverse hash chains and secret splitting) in
> >>>>order to have light and (hopefully) simple solution. The protocol
> >>>>is not buller broof from security point of view, however, it intends
> >>>>to be secure enough and easy to implement.
> >>>>
> >>>>We hope it will stimulate discussion on various solution to
> >>>>multi6 problem.
> >>>>
> >>>>See more details from the draft itself, available in:
> >>>>
> >>>>http://www.hip4inter.net/multi6/draft-ylitalo-multi6-wimp-00.txt
> >>>>
> >>>>Thanks, Jukka Ylitalo
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> >
> >
> >
> >
>
>

Follow-Ups:
- RE: New multi6 draft: WIMP
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

References:
- Re: New multi6 draft: WIMP
  - From: Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>

Prev by Date: new draft available
Next by Date: RE: New multi6 draft: WIMP
Previous by thread: Re: New multi6 draft: WIMP
Next by thread: RE: New multi6 draft: WIMP
Index(es):
- Date
- Thread