El 19/07/2006, a las 20:10, Bound, Jim escribió:
Global PKI is not required for certificates that can be done with pre-shared keys too or as we are doing with shim6 out-of-band signaling. If any here believe IPsec will not be used end-to-end think again please it will. Ipsec is totally possible and I will not repeat my mail on enclaves for end-to-end PKI as that is a deployment and systems integration implementation issue.
ok at this point it seems to me that we may start to repeating ourselves, so at least let's try to identify where do we disagree...
What i am saying is that:- In order to use IPSec to protect the shim6 protocol (in particular for providing a secure binding between identifier and locators), there are two options: a) we use certificates issued by a global PKI are needed in all shim6 peers or b) we have preshared keys in all shim6 nodes
do you disagree with this statement? I assume you doif you disagree could you explain to me how would you protect the shim6 protocol from the threats described in RFC4218?
in particular could you explain to me how would you protect from the following attack:
Suppose that Alice and Bob work in the same office and that Alice reads the local newspaper web page every morning at www.localpress.com Now, suppose that tomorrow is Alice birthday and since Bob has a crush on Alice, Bob wants to make Alice believe that tomorrow local newspaper headline is "Happy Birthday Alice".
In order to do that, Bob's plan is to hijack any future communication that Alice initiates from her machine to Bob's laptop, so Bob can substitute the local newspaper web page by his own fake happy birthday greetings home page.
So, in the DNS www.localpress.com has a single IP address IPlp.To launch the attack, the night before, Bob creates a shim6 state in alice machine. In order to do that, Bob initiates the shim6 context establishment exchange.
The created context, has IPlp as ULID and it has IPB (i.e. Bob's laptop IP) as preferred locator.
In order to keep the context alive, Bob sends periodic packets (e.g. ping or UDP) to Alice machine. Note that the goal of these packets is just to prevent the shim6 state at Alice machine to be garbage collected, so there is no need to have a actual application receiving those packets above the shim (i.e. these packets can be perfectly discarded once they passed above the shim, and they would still be fulfilling their goal from the attack p.o.v.)
The next morning (Alice birthday!!!) Alice arrives to the office and she tries to connect to the local newspaper as everyday. The only difference is that today, there is a shim6 state in Alice machine for IPlp. Alice browser asks the resolver for www.localpress.com. the resolver returns IPlp. The browser initiates a TCP connection with IPlp, but the SYN packet is intercepted by the shim layer (at Alice's machine) and the address is translated to IPB. the result, the communication is redirected to Bob's machine and Alice will be accessing Bob's web server while she thinks that she is reaching the local newspaper web page
Bob has managed to steal the local newspaper IP identity from Alice p.o.v.
This type of attack cannot be prevented by simply using IPSec, because it is launched before the keys have been exchanged.
In order to prevent these attacks, we need additional tools, like global certificates, pre shared keys or crypto identities.
reagrds, marcelo
thanks /jim-----Original Message----- From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es] Sent: Wednesday, July 19, 2006 11:32 AM To: Bound, Jim Cc: Francis Dupont; shim6@psg.com; Pekka Savola; Iljitsch van Beijnum Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006 El 19/07/2006, a las 16:55, Bound, Jim escribió:I was assuming the node regardless will use IPsec asrequired. Thusit really is not shime6 concern. But I do not believe noone will notdeploy IPsec because of PKI that is simply not true.i agree with this but the problem is that if you want to use IPSEc to secure the shim, you need to use certificates, if not the security is not acceptable. You need to provide a secure binding between the identifer and the locators. IPSec wihtout certificates does not provides this feature. If you want to use IPSec to secure the shim6 protocol, you need the certificates hence you need the global PKI. So in order to evaluate a solution based on IPSec for securing the shim6, you need to consider the fact that a global PKI is required for this. Hence, the alternative solution for securing the shim at this point would be IPSec+PKI, agree? regards, marceloIPsec is deployed today with PKI./jim-----Original Message----- From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es] Sent: Wednesday, July 19, 2006 8:04 AM To: Francis Dupont Cc: shim6@psg.com; Bound, Jim; Pekka Savola; Iljitsch van Beijnum Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006 El 19/07/2006, a las 14:38, Francis Dupont escribió:I can't see where Jim proposed to base the Shim6 securityon IPsec... in message http://ops.ietf.org/lists/shim6/msg01511.html it is stated that: Suggestion is to simply embed ULIDs within the datapayload with newoption and secure all communications at least for now for IP layer communcatiions with IPsec encryption based on locator pair. meaning to use IPSec as an alternative to HBA security(something which is known to require the impossible and even not desirable global PKI :-)exactly Regards, marceloRegards Francis.Dupont@point6.net