[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fwd: [Shim6-impl] LinShim6 0.7 released]
- To: shim6@psg.com
- Subject: [Fwd: [Shim6-impl] LinShim6 0.7 released]
- From: Sébastien Barré <sebastien.barre@uclouvain.be>
- Date: Wed, 07 May 2008 18:12:13 +0200
- User-agent: Thunderbird 2.0.0.12 (X11/20080227)
Hi,
For information, I forward here the announcement of the latest LinShim6
release.
I think that it is of special interest, since AFAIK, it is the first
package that has full support for HBAs and CGAs.
regards,
Sébastien.
-------- Originele bericht --------
Onderwerp: [Shim6-impl] LinShim6 0.7 released
Datum: Wed, 07 May 2008 18:07:30 +0200
Van: Sébastien Barré <Sebastien.Barre@uclouvain.be>
Aan: shim6-impl@lists.gforge.info.ucl.ac.be
<shim6-impl@lists.gforge.info.ucl.ac.be>
Hi,
I am happy to announce that LinShim6 0.7 has been released today.
The major addition in 0.7 is HBA support. You can now very easily
specify a set of prefixes that you regularly use for your host, and cgad
(despite of its name, it also manages HBAs) will automatically build the
HBA set, while shim6d will send and verify them.
An option (--disable-dropconfig) has also been added to the configure
script to ask the install process not to update the config file. This
can be useful if you want to install a new LinShim6 package with bug
fixes for example, but don't want to overwrite your configuration.
You can now have any kind of address in your computer (normal, HBA or
CGA), or a mix of them, LinShim6 will always try to send the maximum
possible number of addresses to its peer. That is :
1) if the ULID is a normal address, LinShim6 will just announce that
address (for security reasons);
2) if the ULID is a CGA, LinShim6 will announce all global unicast
addresses available in the system, regardless of whether they are
normal, CGA or HBA (because all are included in the CGA signature of the
ULID anyway).
3) if the ULID is an HBA, all addresses that are both configured on the
system and part of the same hba set as the ULID are announced to the
peer (support for multiple hba sets is implemented). Note that this can
be used as a way to separate addresses used for different purposes. This
provides some kind of minimal "API" to the application, since the
initial address choice of the application will trigger the selection by
LinShim6 of a specific HBA set.
4) If the ULID is an hybrid HBA/CGA, then LinShim6 will proceed as in
2), except that the HBA addresses belonging to the same set as the ULID
will be verified with HBA, while all the other addresses will be
verified with CGA.
This is a major step forward in the evolution of this package, as it
provides the HBA/CGA framework necessary to play with Shim6 without
security loss.
With that framework in place, we will be able to provide hopefully soon
secure support for locator updates (using CGA).
I also want to thank the DoCoMo implementers of the SEcure Neighbor
Discovery and Francis Dupont. I used the good DoCoMo SEND implementation
as a basis for adding CGA support in LinShim6. Although I did not
directly used Francis Dupont's implementation of HBAs (because the
architecture was different), I did use it to verify the correctness of
the HBA generation process, and included a part of his test suite in the
LinShim6 package.
Enjoy,
Sébastien.
--
Sébastien Barré
Researcher,
CSE department, UCLouvain, Belgium
http://inl.info.ucl.ac.be/sbarre
_______________________________________________
Shim6-impl mailing list
Shim6-impl@lists.gforge.info.ucl.ac.be
http://lists.gforge.info.ucl.ac.be/mailman/listinfo/shim6-impl
--
Sébastien Barré
Researcher,
CSE department, UCLouvain, Belgium
http://inl.info.ucl.ac.be/sbarre