[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changes in version 8 resulting from comments in: Re: questions about draft-ietf-shim6-proto-06.txt




El 08/03/2007, a las 10:30, Matthijs Mekking escribió:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First of all, thanks for processing these comments.

1. Wat is exactly meant with VALIDATOR_MIN_LIFETIME? According to the
draft, "the peer might reject Responder Validator options that are older
than VALIDATOR_MIN_LIFETIME to avoid replay attacks" and "Nonces that
are no older than VALIDATOR_MIN_LIFETIME SHOULD be considered recent".
Does this value apply to both nonces and responder validator options?

Is this value solely used by a host acting as responder?

If so, do you agree that this value should be used outside SHIM6?
Because a responder may not store state (yet) and thus can not verify if
a nonce in an I2 or I2bis message may be considered recent. If you
agree, can't this value be omitted from the document (since it is
independent of the correct working of SHIM6, but merely a security
consideration of the host)?

The version 7 of the document seemed unclear of how the Responder Nonce
lifetime was determined since no per context state was sotred. I have
updated the draft, to make clear that the Responder nonce is obtained
from a counter that is increased in fixed periods (indepedently of any
shim6 proto event) which allows to determine the age of a Responder
Nonce just by comparing it with the current value of the counter.

This clarifies how the responder nonce is obtained. However, it raises
some questions about the predictability of the nonce. If the nonce is
related to the time (the system's clock), the responder nonce might be
easy to guess.


agree, but there is also the secret S, which would prevent guessing the validator even if the responder nonce can be guessed, would that be enough?

Regards, marcelo


Thanks again for this review, hope you find these changes ok

Let me know of further comments

The other changes are ok. Thanks!

regards,

Matthijs Mekking
matthijs@NLnetLabs.nl
NLnetLabs/Radboud University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF79fCNiaStnTWEtYRAviCAJ90i3T59hNOq04nlHnjrmPsRuu0eQCePD77
BS6zaJQG2CoHLaLm2ztK8b8=
=xRpk
-----END PGP SIGNATURE-----