[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: flow label demultiplexing

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: flow label demultiplexing
From: Pekka Savola <pekkas@netcore.fi>
Date: Mon, 18 Apr 2005 23:27:22 +0300 (EEST)
Cc: shim6@psg.com
In-reply-to: <8d6afc9a1b6622bb1073301f1a42c2bc@it.uc3m.es>
References: <Pine.LNX.4.61.0504180936340.31850@netcore.fi> <0b88df15432fcb2248d74698201929d4@it.uc3m.es> <Pine.LNX.4.61.0504181742570.7715@netcore.fi> <8d6afc9a1b6622bb1073301f1a42c2bc@it.uc3m.es>

On Mon, 18 Apr 2005, marcelo bagnulo braun wrote:

Note that HBA+CGA in one doesn't help (AFAICS) because otherwise you'd be trusting anyone you have a public key with to not hijack any of your sessions?
Well, i guess not.
In the CGA case, the address being used as the ULID for the communication is a CGA that contains a hash of the publich key in the iid. In this case, you will only trust a public key whose hash matches the iid of the ulid.


Sure.

So, when you use CGA capabilities of the address, the CGA parameter data structure is exchanged upfront and it contains the public key.

Next, the node can use a new address (that was not included in the CGA parameter data structure) because it can authorize it by signing it with the private key corresponding to the CGA. Moreover, such signature could even be included in a packet that contains the new address as source address (i think)

I mean, with CGA there is no need to know the addresses before hand.


OK, I guess you'll assume that:

1) the CGA implementations would check the prefix, i.e., that anyone who claims to be of prefix A::/64 has a certificate to use that prefix, and can present that? Otherwise you trusting me would allow me to say I'm in control of a third party's prefix, right?

2) delegation path discovery works across the internet so you can actually find a common trust anchor, and

3) you sign the whole [shim6 exchange, and in this case everything, if it's piggybacked] packet. But CGA is only defined for neighbor discovery options...

As such, embedding the public key in the CGA/HBA address protects against the third parties trying to spoof another person's identity, but does not protect against the responder lying. (This is really bad if one would use something like opportunistic encryption rather than real "he's my very good friend, he won't try tricks" trust.) We need to deal with that as well. The above three mitigate this to a great extent, I think, but to a significant cost..


--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- Re: flow label demultiplexing
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

References:
- flow label demultiplexing
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: flow label demultiplexing
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: flow label demultiplexing
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: flow label demultiplexing
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: flow label demultiplexing
Next by Date: Re: flow label demultiplexing
Previous by thread: Re: flow label demultiplexing
Next by thread: Re: flow label demultiplexing
Index(es):
- Date
- Thread