[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.txt]
> -----Original Message-----
> From: Erik Nordmark [mailto:erik.nordmark@sun.com]
> Sent: Wednesday, March 22, 2006 9:10 AM
> To: Henderson, Thomas R
> Cc: shim6
> Subject: Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.txt]
>
> Henderson, Thomas R wrote:
> > As I briefly mentioned today, there has been some
> complementary work in
> > the HIP RG that discusses the handling of non-routable
> identifiers in
> > legacy applications:
> >
> http://www.ietf.org/internet-drafts/draft-henderson-hip-applic
> ations-02.
> > txt,
> > the main differences being the use of KHI (now ORCHIDs) in
> HIP instead
> > of CGAs.
>
> Is there an orchid draft? (I'm curious what might have changed other
> than the name.)
http://www.ietf.org/internet-drafts/draft-laganier-ipv6-khi-01.txt
(see section 9.1 for changes)
>
> > Until recently, the HIP drafts defined a "Type 2" HIT with
> the property
> > that the upper 64 bits contained support for two levels of
> hierarchical
> > naming (enabling reverse resolution), with the lower bits
> being drawn
> > from a hash of the public key, but this HIT type was
> dropped due to lack
> > of interest last year:
> > http://www1.ietf.org/mail-archive/web/hipsec/current/msg01519.html
> > It was also felt by some that 64 bits of hash was insufficient to
> > protect the binding between HIT and public key.
>
> I can understand the 64 bit concern for HIP, since HIP is
> securing the
> payload. Hence the comparison is with the strength that IKE
> can provide.
>
> But shim6 is only preventing redirection attacks; if one cares about
> payload protection one would run IPsec, TLS, etc above shim6.
> For the redirection threats, 64 bits is probably plenty.
Also, there were concerns about possible collisions of long-lived
identifiers (HITs) and the birthday paradox; this is discussed in the
HIP architecture draft.
Tom