[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd: [Shim6-impl] LinShim6 0.7 released]



Hi,

For information, I forward here the announcement of the latest LinShim6 release. I think that it is of special interest, since AFAIK, it is the first package that has full support for HBAs and CGAs.

regards,

Sébastien.

-------- Originele bericht --------
Onderwerp: 	[Shim6-impl] LinShim6 0.7 released
Datum: 	Wed, 07 May 2008 18:07:30 +0200
Van: 	Sébastien Barré <Sebastien.Barre@uclouvain.be>
Aan: shim6-impl@lists.gforge.info.ucl.ac.be <shim6-impl@lists.gforge.info.ucl.ac.be>



Hi,

I am happy to announce that LinShim6 0.7 has been released today.

The major addition in 0.7 is HBA support. You can now very easily specify a set of prefixes that you regularly use for your host, and cgad (despite of its name, it also manages HBAs) will automatically build the HBA set, while shim6d will send and verify them.

An option (--disable-dropconfig) has also been added to the configure script to ask the install process not to update the config file. This can be useful if you want to install a new LinShim6 package with bug fixes for example, but don't want to overwrite your configuration.

You can now have any kind of address in your computer (normal, HBA or CGA), or a mix of them, LinShim6 will always try to send the maximum possible number of addresses to its peer. That is : 1) if the ULID is a normal address, LinShim6 will just announce that address (for security reasons); 2) if the ULID is a CGA, LinShim6 will announce all global unicast addresses available in the system, regardless of whether they are normal, CGA or HBA (because all are included in the CGA signature of the ULID anyway). 3) if the ULID is an HBA, all addresses that are both configured on the system and part of the same hba set as the ULID are announced to the peer (support for multiple hba sets is implemented). Note that this can be used as a way to separate addresses used for different purposes. This provides some kind of minimal "API" to the application, since the initial address choice of the application will trigger the selection by LinShim6 of a specific HBA set. 4) If the ULID is an hybrid HBA/CGA, then LinShim6 will proceed as in 2), except that the HBA addresses belonging to the same set as the ULID will be verified with HBA, while all the other addresses will be verified with CGA.

This is a major step forward in the evolution of this package, as it provides the HBA/CGA framework necessary to play with Shim6 without security loss. With that framework in place, we will be able to provide hopefully soon secure support for locator updates (using CGA).

I also want to thank the DoCoMo implementers of the SEcure Neighbor Discovery and Francis Dupont. I used the good DoCoMo SEND implementation as a basis for adding CGA support in LinShim6. Although I did not directly used Francis Dupont's implementation of HBAs (because the architecture was different), I did use it to verify the correctness of the HBA generation process, and included a part of his test suite in the LinShim6 package.

Enjoy,

Sébastien.

--
Sébastien Barré
Researcher,
CSE department, UCLouvain, Belgium
http://inl.info.ucl.ac.be/sbarre

_______________________________________________
Shim6-impl mailing list
Shim6-impl@lists.gforge.info.ucl.ac.be
http://lists.gforge.info.ucl.ac.be/mailman/listinfo/shim6-impl


--
Sébastien Barré
Researcher,
CSE department, UCLouvain, Belgium
http://inl.info.ucl.ac.be/sbarre