[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security Module for shim6 or hip really
On 31-jul-2006, at 11:44, marcelo bagnulo braun wrote:
it's possible that an implementation supports a certain security
mechanism for authenticating its own stuff but not for checking
the authentication of the other side,
i am not following this...
a host don't need security to check its own locator set, we assume
that it has some local means to verify which its own locators
are... (but i guess this is not what you were thinking about...)
No, what I mean is: suppose only generating a HBA/CGA iid is covered
by the claimed Ericsson patent, but checking the HBA/CGA isn't. Or
the other way around. Then someone may want to implement only the
part that isn't covered by the patent. Obviously in this case that's
unlikely and not very useful because we need something that both ends
can handle, but in the case of PKI-derived security this is a normal
situation: if I don't have certificate for myself but I do have the
root certificates I can check someone else's certificate but I can't
protect my own locators with this security mechanism. So when we
exchange capabilities, for the security stuff we need to have
separate lists for what we support for outgoing locator sets and what
we support for incoming locator sets.
(the reception of packet is done solely based on the context tag,
so it doesn't matter which source locator is used).
I don't like this assumption...
why not?
Because then you can't get rid of the context tag.
Does it make sense to have different authentication mechanisms for
different locators?
well, i think so
suppose you have a CGA/HBA address
you can use the HBA mechanisms to move among a stable set of
locators and you can use the CGA method to add new locators that
were not present initially to the locator set
Ok.
But is it worth the trouble to support this? We could say that if you
want to add any locators outside your HBA set you must use CGA for
the whole set. This way all locators share the same security
mechanism which should make life a bit simpler. :-)
On the other hand the trouble with CGA is that you need to send a
challenge to make sure the other side really holds the secret key so
validating the HBA locators using HBA has the advantage that you can
use those while waiting for the response to your challenge to
validate the CGA-only locators.
Iljitsch