[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changes in version 8 resulting from comments in: Re: questions about draft-ietf-shim6-proto-06.txt

To: Matthijs Mekking <matthijs@NLnetLabs.nl>
Subject: Re: Changes in version 8 resulting from comments in: Re: questions about draft-ietf-shim6-proto-06.txt
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Thu, 8 Mar 2007 10:53:44 +0100
Cc: shim6@psg.com
In-reply-to: <45EFD7C2.4000105@NLnetLabs.nl>
References: <45757A1D.1060406@NLnetLabs.nl> <a2654035aa42592a957cb7f6dec8059a@it.uc3m.es> <45EFD7C2.4000105@NLnetLabs.nl>


El 08/03/2007, a las 10:30, Matthijs Mekking escribió:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First of all, thanks for processing these comments.

1. Wat is exactly meant with VALIDATOR_MIN_LIFETIME? According to the

draft, "the peer might reject Responder Validator options that areolder

than VALIDATOR_MIN_LIFETIME to avoid replay attacks" and "Nonces that
are no older than VALIDATOR_MIN_LIFETIME SHOULD be considered recent".
Does this value apply to both nonces and responder validator options?

Is this value solely used by a host acting as responder?

If so, do you agree that this value should be used outside SHIM6?

Because a responder may not store state (yet) and thus can not verifyif

a nonce in an I2 or I2bis message may be considered recent. If you
agree, can't this value be omitted from the document (since it is
independent of the correct working of SHIM6, but merely a security
consideration of the host)?

The version 7 of the document seemed unclear of how the ResponderNonce
lifetime was determined since no per context state was sotred. I have
updated the draft, to make clear that the Responder nonce is obtained
from a counter that is increased in fixed periods (indepedently ofany
shim6 proto event) which allows to determine the age of a Responder
Nonce just by comparing it with the current value of the counter.


This clarifies how the responder nonce is obtained. However, it raises
some questions about the predictability of the nonce. If the nonce is
related to the time (the system's clock), the responder nonce might be
easy to guess.

agree, but there is also the secret S, which would prevent guessing thevalidator even if the responder nonce can be guessed, would that beenough?


Regards, marcelo

Thanks again for this review, hope you find these changes ok

Let me know of further comments


The other changes are ok. Thanks!

regards,

Matthijs Mekking
matthijs@NLnetLabs.nl
NLnetLabs/Radboud University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF79fCNiaStnTWEtYRAviCAJ90i3T59hNOq04nlHnjrmPsRuu0eQCePD77
BS6zaJQG2CoHLaLm2ztK8b8=
=xRpk
-----END PGP SIGNATURE-----

References:
- questions about draft-ietf-shim6-proto-06.txt
  - From: Matthijs Mekking <matthijs@NLnetLabs.nl>
- Changes in version 8 resulting from comments in: Re: questions about draft-ietf-shim6-proto-06.txt
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: Changes in version 8 resulting from comments in: Re: questions about draft-ietf-shim6-proto-06.txt
  - From: Matthijs Mekking <matthijs@NLnetLabs.nl>

Prev by Date: Re: Changes in version 8 resulting from comments in: Re: Retransmission of I2 messages
Next by Date: Re: Changes in version 8 resulting from comments in: Re: Retransmission of I2 messages
Previous by thread: Re: Changes in version 8 resulting from comments in: Re: questions about draft-ietf-shim6-proto-06.txt
Next by thread: I-D ACTION:draft-ietf-shim6-proto-07.txt
Index(es):
- Date
- Thread