[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Module for shim6 or hip really

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: Security Module for shim6 or hip really
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Mon, 31 Jul 2006 12:11:11 +0200
Cc: Jari Arkko <jari.arkko@piuha.net>, shim6-wg <shim6@psg.com>
In-reply-to: <649f2d86cde48e979542b02fcea828d2@it.uc3m.es>
References: <816DD9299957E547B5D758D7F977D6DC338047@tayexc14.americas.cpqcorp.net> <55D0ED5D-20B0-4456-AC74-6B998A054EA9@muada.com> <44CD1D70.4050202@piuha.net> <8ae35d23ababce16164312dea8d2e50c@it.uc3m.es> <E1F1044B-39EF-4F65-8914-41AADE245DDA@muada.com> <649f2d86cde48e979542b02fcea828d2@it.uc3m.es>

On 31-jul-2006, at 11:44, marcelo bagnulo braun wrote:

it's possible that an implementation supports a certain securitymechanism for authenticating its own stuff but not for checkingthe authentication of the other side,

i am not following this...

a host don't need security to check its own locator set, we assumethat it has some local means to verify which its own locatorsare... (but i guess this is not what you were thinking about...)

No, what I mean is: suppose only generating a HBA/CGA iid is coveredby the claimed Ericsson patent, but checking the HBA/CGA isn't. Orthe other way around. Then someone may want to implement only thepart that isn't covered by the patent. Obviously in this case that'sunlikely and not very useful because we need something that both endscan handle, but in the case of PKI-derived security this is a normalsituation: if I don't have certificate for myself but I do have theroot certificates I can check someone else's certificate but I can'tprotect my own locators with this security mechanism. So when weexchange capabilities, for the security stuff we need to haveseparate lists for what we support for outgoing locator sets and whatwe support for incoming locator sets.

(the reception of packet is done solely based on the context tag,so it doesn't matter which source locator is used).

I don't like this assumption...

why not?

Because then you can't get rid of the context tag.

Does it make sense to have different authentication mechanisms fordifferent locators?

well, i think so

suppose you have a CGA/HBA address

you can use the HBA mechanisms to move among a stable set oflocators and you can use the CGA method to add new locators thatwere not present initially to the locator set

Ok.

But is it worth the trouble to support this? We could say that if youwant to add any locators outside your HBA set you must use CGA forthe whole set. This way all locators share the same securitymechanism which should make life a bit simpler. :-)

On the other hand the trouble with CGA is that you need to send achallenge to make sure the other side really holds the secret key sovalidating the HBA locators using HBA has the advantage that you canuse those while waiting for the response to your challenge tovalidate the CGA-only locators.

Iljitsch

Follow-Ups:
- Re: Security Module for shim6 or hip really
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

References:
- Security Module for shim6 or hip really
  - From: "Bound, Jim" <Jim.Bound@hp.com>
- Re: Security Module for shim6 or hip really
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Security Module for shim6 or hip really
  - From: Jari Arkko <jari.arkko@piuha.net>
- Re: Security Module for shim6 or hip really
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: Security Module for shim6 or hip really
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Security Module for shim6 or hip really
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: Security Module for shim6 or hip really
Next by Date: Re: Security Module for shim6 or hip really
Previous by thread: Re: Security Module for shim6 or hip really
Next by thread: Re: Security Module for shim6 or hip really
Index(es):
- Date
- Thread