[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: addition of TLV to locator ID or locator ID set




CGA simply ties a public key / certificate to an address. This key or certificate can then be used to authenticate further exchanges so an attacker can't successfully inject shim signalling.


That's the same thing you could achieve with anonymous IPSec. (Though, IPSec associates state with a 'security association' rather than address, which could be more fine-grained than CGA). It's an anonymous key either way, unless there is some other way to verify the authenticity of a key and what it may be used for / who it is issued for (who in terms of IP addresses). ,

This discussion is somewhat hard, because there are different
interpretations of what anonymous IPsec is. In some cases its
an anonymous encryption scheme which does nothing more than
prevent wholesale traffic interception. In some other cases its
a leap-of-faith scheme to establish a binding between an address
(or selectors) and a key. Or we could be talking about MOBIKE,
which enables the movement and multihoming of a tunnel
endpoint.

Nevertheless, as far as I know, there is no IPsec variant that
provides what CGA does, i.e., establish a secure relationship
from an address to a key. Or what HBA does, establish a secure
relationship between addresses. Anonymous IPsec can be made to
provide a secure relationship from a key to an address, but that's not
the same thing, because its not a bidirectional relationship. Anonymous
IPsec, as defined in draft-williams-btns-00.txt can be used to
lock keys and addresses together, but this can only be used in
a very limited manner as there's a DoS problem when someone
accidentally or maliciously locks an address that you would
need to use.

This is not to say that IPsec couldn't work for this. It can,
particularly in specific applications. For instance, MOBIKE
works because it deals only with VPN tunnel endpoints of an
established security association, and does not add any
means to grab someone else's traffic inside the moving
or multihoming tunnel.

--Jari