[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Identifiers

To: "Eliot Lear" <lear@cisco.com>
Subject: RE: Identifiers
From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>
Date: Sun, 28 Mar 2004 14:03:25 +0200
Cc: "Brian E Carpenter" <brc@zurich.ibm.com>, "Francis Dupont" <Francis.Dupont@enst-bretagne.fr>, "Iljitsch van Beijnum" <iljitsch@muada.com>, "Multi6 List" <multi6@ops.ietf.org>
In-reply-to: <4064A90D.90708@cisco.com>
Reply-to: <mbagnulo@ing.uc3m.es>

Hi Elliot,

> It sounds like Brian started pretty darn close to where I would be:
>
>  > My assumption is certainly that we can trust the first address pair,
>  > to exactly the extent that we can trust it in a non-multihomed case.
>  > Is that a wrong assumption?
>
> I think a good solution in this space would not weaken the authenticity
> of any existing identifiers.

I guess that i don't understand Brian statement, then.

I mean, suppose that you have host A that uses IPA to initiate a
communication with host B sending packets to IPB.
So, Host B receives packets coming from IPA and it sends replies to IPA.
So far so good, Host B doesn't have a strong confirmation that IPA is really
the genuine identifier of HostA, but Host B knows that Host A can receive
packets addressed to IPA. That is they way it works for fixed hosts and that
is the level of security we should preserve i guess.

Now the problem how do we translate this requirement to a multihomed
environment.

Suppose the same scenario where HostA initiates a communication with HostB
using IPA and IPB respectively. They exchange some packets, so Host B knows
that Host A is reachable at IPA.

Moreover, HostB is using as a ULP identifier IPA.

Now, using some kind of multihoming mechanism, Host A tells HostB that he is
also reachable at IPC. Moreover, Host A can strongly prove that he is the
same that initiated the communication using IPA (i.e. that the same entity
who was at IPA is also at IPC)

Finally, HostA start using IPC as source address in its packets, so HostB
starts preferring IPC over IPA to use as destination address to reach HostA
(instead of changing the IP address an alternative signaling mechanisms can
be used to switch addresses)

So my question now is: do you think that HostB, once that is sending packets
only to IPC and knowing that it is same entity that initiated the
communication using IPA, should still believe that he is communicating with
IPA?

Regards, marcelo




 And this is why I liked NOID.  You want
> strong security?  The claim is that it will work with DNSSEC for
> verification.
>
> Beyond that, if you have an existing line of communication between you
> and a host, wouldn't PBKs provide a secure means by which one could
> privately pass additional information?  If it does, it provides some
> really nice generality for the above.  For instance, if you use some
> very secure mechanism to establish connectivity then PBKs could provide
> continued assurance.  And if you were out in the open, PBKs provide less
> assurance (e.g., you still end up with potential MITM attacks).
>
> Regards,
>
> Eliot
>
>
>

Follow-Ups:
- Re: Identifiers
  - From: Eliot Lear <lear@cisco.com>
- Re: Identifiers
  - From: Brian E Carpenter <brc@zurich.ibm.com>

References:
- Re: Identifiers
  - From: Eliot Lear <lear@cisco.com>

Prev by Date: Weekly posting summary for multi6@ops.ietf.org
Next by Date: Re: Identifiers
Previous by thread: Re: Identifiers
Next by thread: Re: Identifiers
Index(es):
- Date
- Thread