[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [secdir]Comments on draft-ietf-shim6-hba-01

To: Geoff Huston <gih@apnic.net>
Subject: Re: [secdir]Comments on draft-ietf-shim6-hba-01
From: Pekka Savola <pekkas@netcore.fi>
Date: Tue, 25 Apr 2006 20:29:29 +0300 (EEST)
Cc: shim6@psg.com, marcelo bagnulo braun <marcelo@it.uc3m.es>, kurt Erik Lindqvist <kurtis@kurtis.pp.se>
In-reply-to: <6.2.0.14.2.20060426011010.02bee020@localhost>
References: <6.2.0.14.2.20060426011010.02bee020@localhost>

On Wed, 26 Apr 2006, Geoff Huston wrote:

We'd like to ask the working group at this stage if there are any furtherthoughts about the hash based address draft in the light of a securitydirectorate review of the draft. The message thread of that review isattached to this note. (The review was conducted in November and Decemberlast year)

I must wonder what has happened in the intervening 5 (or so) months..

But aside from that, EKR wrote:

"A single digital signature that's checked every time you re-homeseems quite eminently practical."

I may be a bit dense right now, but I'd like to see at least a sketchhow that would work. In particular, Im not sure how that is bound tothe address so that on-path moving off-path wouldn't cause atime-shifting attack.

That said, the HBA's "all addresses must change if one changes" israther onerous, so it could be beneficial if we could make do withjust CGA.

Note: CGA when used with shim6 doesn't have RF IPR license.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- [secdir]Comments on draft-ietf-shim6-hba-01
  - From: Geoff Huston <gih@apnic.net>

Prev by Date: [secdir]Comments on draft-ietf-shim6-hba-01
Next by Date: Re: [secdir]Comments on draft-ietf-shim6-hba-01
Previous by thread: [secdir]Comments on draft-ietf-shim6-hba-01
Next by thread: Re: [secdir]Comments on draft-ietf-shim6-hba-01
Index(es):
- Date
- Thread