[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]
From: Jari Arkko <jari.arkko@piuha.net>
Date: Wed, 09 Jun 2004 13:48:09 +0300
Cc: jari.arkko@piuha.net, Multi6 <multi6@ops.ietf.org>
In-reply-to: <59EFA604-B9FE-11D8-BDA1-000A95CD987A@muada.com>
Organization: None
References: <Roam.SIMC.2.0.6.1086650092.7834.nordmark@bebop.france> <817A19BD-B989-11D8-BDA1-000A95CD987A@muada.com> <40C6CFC4.4090708@zurich.ibm.com> <40C6DEA1.40202@piuha.net> <59EFA604-B9FE-11D8-BDA1-000A95CD987A@muada.com>
Reply-to: jari.arkko@piuha.net
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316

Iljitsch van Beijnum wrote:

I think there was some confusion about all of this on the SEND list, as this was never the approach I advocated, as this makes everything more complex which is never good in general and especially in the area of security.


Its possible that me (or others) did not fully understand
what you wanted. Please allow also for the possibility that
us SENDers have studied the security issues and have a
technical reason why the prefix is included. Or that we
have a different opinion than you have about the privacy
issues.

What I wanted was to allow the use of any on-link prefix in the CGA generation. So if a link has prefixes A and B, and a host generates a CGA interface identifier using prefix A, the host gets to use this same interface identifier to create an address with prefix B. I don't see how this hurts anyone who isn't interested in this, but it would allow switching prefixes and maintaining the lower 64 bits without breaking


Ah, this was indeed different from what I had understood.
Thanks for the clarification.

This proposal is better than the other one, because I think
we could provide a backwards compatible extension to SEND
that allows for this style, by using the CGA Parameters
extension to report the prefix A.

However, I am not convinced -- yet at least -- that the
proposal is secure. I feel uneasy with the thought that
someone (say, the NSA) could construct a precomputed table
of 2^62 CGA addresses for prefix A, and all that would
be needed to take over an address from B::<any IID> would
be to claim that A is "on-link". It does not immediately
follow that the scheme is broken, because we do have
security for prefix advertisements as well. But it is
an additional worry that I, at least, would rather spend
some time analysing rather than adopting it because it
might be needed if solution 7/32 is chosen in multi6 :-)

CGA. Still, we don't know if that's something that's required, so the whole thing may turn out to be moot anyway when we decide on a multi6 mechanism.


Yes. My suggestion is that you work it out in multi6 WG first, and
if you come up with a solution that needs an extension or a change
to the SEND specifications, we can talk about it at that time.

By the way, would DHCP work with the same-IID solution?

--Jari

References:
- Re: Comments on draft-nordmark-multi6-threats-01
  - From: Erik Nordmark <Erik.Nordmark@sun.com>
- Re: Comments on draft-nordmark-multi6-threats-01
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]
  - From: Jari Arkko <jari.arkko@piuha.net>
- Re: SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]
Next by Date: Sunday's multi6 bar BOF, and Monday's jabbering
Previous by thread: Re: SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]
Next by thread: Re: SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]
Index(es):
- Date
- Thread