[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: about Wedgelayer 3.5 / Fat IP approaches

To: Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>
Subject: Re: about Wedgelayer 3.5 / Fat IP approaches
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Mon, 28 Jun 2004 16:02:54 +0200
Cc: Multi6 List <multi6@ops.ietf.org>, Erik Nordmark <Erik.Nordmark@sun.com>
In-reply-to: <40DFF563.5020809@nomadiclab.com>
References: <Roam.SIMC.2.0.6.1088380306.12204.nordmark@bebop.france> <40DFD22A.8080705@nomadiclab.com> <19CD73A6-C8EC-11D8-97AE-000D93ACD0FE@it.uc3m.es> <40DFF563.5020809@nomadiclab.com>

Next, I try to replace the current WIMP identifiers with NOID kind of AIDs for both end-points; in the next WIMP I-D. The ephemeral context identifiers together with hash chains would then be used only to identify the context. Basically, they would serve the same purpose as the purpose built-keys for initiators. That is, epheral context identifiers could be used to prevent attackers from stealing a context. (I'm trying to figure out how to bind a specific application identifier to a specific context.)

I guess that we should see the details before commenting but in abstract terms, my concern would be:

In its current form WIMP uses: - A hash of the FQDN as id of the receiver, and it uses the DNS to provide the required security. I mean, the mapping between the id and the FQDN is direct (id=hash(FQDN)). Next, the map between the FQDN and the locator set is provided by the DNS system (so you trust a third party to obtain such information) and so you know that if you send packets to those locators you are reaching the desired id. - for the initiator, you use an ephemeral id. In this case, you don't need to worry about all the threats, since the ephemeral id won't be valid for following communications. Basically, the only thing you need to worry about is that the endpoint that is communicating remains the same. You don't worry about id hijacking since the id is ephemeral (so it will become meaningless in a short while)

Now, you are proposing to use long lived ids for the initiator as well. In this case, you solve the refferal problem, but the price is that you now have to consider all the threats that you were not considering when using ephemeral ids. So you need a mechanism to prove the initiator'r id ownership. In other words, imho hash chains are not enough in this case, and you need something else. NOID uses the DNS, HIP uses the crypto nature of its ids, what would be the mechanisms here for this?

(snip)

what about cgas? They are locators, so you can use them for refferals to non multi6 apps and hosts, they allow to map from id to locators using reverse dns, and they are crypto in nature seems a good candidate to me :-)
That is one alternative. However, there are some IPR issues that must be probably solved before applying cgas with multi6.

Yes, but those issues are being worked out in other wg, as in SeND, and imho we could be optimistics about this... (but my opinion on this matter is even more meaningless than in other topics, so...)

regards, marcelo

regards, marcelo
br, Jukka

Follow-Ups:
- Re: about Wedgelayer 3.5 / Fat IP approaches
  - From: Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>
- Re: about Wedgelayer 3.5 / Fat IP approaches
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

References:
- Re: about Wedgelayer 3.5 / Fat IP approaches
  - From: Erik Nordmark <Erik.Nordmark@sun.com>
- Re: about Wedgelayer 3.5 / Fat IP approaches
  - From: Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>
- Re: about Wedgelayer 3.5 / Fat IP approaches
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: about Wedgelayer 3.5 / Fat IP approaches
  - From: Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>

Prev by Date: Re: identity persistence and comparison issues
Next by Date: Re: identity persistence and comparison issues
Previous by thread: Re: about Wedgelayer 3.5 / Fat IP approaches
Next by thread: Re: about Wedgelayer 3.5 / Fat IP approaches
Index(es):
- Date
- Thread