Cryptographically Generated Addresses (CGA)
draft-ietf-send-cga-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Russ Housley |
2004-10-07
|
(System) | Posted related IPR disclosure: Ericsson's Statement about IPR claimed in draft-ietf-send-cga-06.txt and draft-ietf-send-ndopt-06.txt | |
2004-05-18
|
06 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2004-05-17
|
06 | Amy Vezza | IESG state changed to Approved-announcement sent |
2004-05-17
|
06 | Amy Vezza | IESG has approved the document |
2004-05-17
|
06 | Amy Vezza | Closed "Approve" ballot |
2004-05-03
|
06 | Margaret Cullen | State Changes to Approved-announcement to be sent from IESG Evaluation::Revised ID Needed by Margaret Wasserman |
2004-05-03
|
06 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley |
2004-04-27
|
06 | (System) | New version available: draft-ietf-send-cga-06.txt |
2004-02-20
|
06 | (System) | Removed from agenda for telechat - 2004-02-19 |
2004-02-19
|
06 | Amy Vezza | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza |
2004-02-19
|
06 | Harald Alvestrand | [Ballot Position Update] New position, No Objection, has been recorded for Harald Alvestrand by Harald Alvestrand |
2004-02-19
|
06 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen |
2004-02-19
|
06 | Allison Mankin | [Ballot Position Update] New position, No Objection, has been recorded for Allison Mankin by Allison Mankin |
2004-02-19
|
06 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded for Jon Peterson by Jon Peterson |
2004-02-19
|
06 | Ned Freed | [Ballot Position Update] New position, No Objection, has been recorded for Ned Freed by Ned Freed |
2004-02-18
|
06 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner |
2004-02-18
|
06 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens |
2004-02-18
|
06 | Steven Bellovin | [Ballot Position Update] New position, Yes, has been recorded for Steve Bellovin by Steve Bellovin |
2004-02-18
|
06 | Thomas Narten | [Ballot Position Update] Position for Thomas Narten has been changed to Yes from Undefined by Thomas Narten |
2004-02-18
|
06 | Thomas Narten | [Ballot comment] > SubjectPublicKeyInfo data structure. Future versions of this > specification may add new fields to the end of the CGA Parameters … [Ballot comment] > SubjectPublicKeyInfo data structure. Future versions of this > specification may add new fields to the end of the CGA Parameters and > the verifier SHOULD ignore any unrecognized data that follows the > encoded public key. I don't understand what this is trying to say. This document defines what gets compared, used, etc. No reading of this spec should be taken to mean that "extra stuff after the end of the defined fields" should somehow be used as part of the SEND computations. Thus, the above would be a MUST (rather than a SHOULD), but I'd really like to understand why this needs mentioning at all? What problem/concern is the above trying to warn about? |
2004-02-18
|
06 | Thomas Narten | [Ballot Position Update] New position, Undefined, has been recorded for Thomas Narten by Thomas Narten |
2004-02-18
|
06 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin |
2004-02-17
|
06 | Ted Hardie | [Ballot comment] The following text is fundamentally good: Finally, some cautionary notes should be made about using CGA-based authentication for other purposes than SEND. … [Ballot comment] The following text is fundamentally good: Finally, some cautionary notes should be made about using CGA-based authentication for other purposes than SEND. First, the other protocols should include type tags and the sender address in all signed messages in the same way as SEND does. Because of the possibility of related-protocol attacks, it is advisable to use the public key only for signing and not for encryption. Second, CGA-based authentication is particularly suitable for securing neighbor discovery [RFC2461] and duplicate address detection [RFC2462] because these are network-layer signaling protocols where IPv6 addresses are natural endpoint identifiers. In any protocol that aims to protect higher-layer data, CGA-based authentication alone is not sufficient and there must also be a secure mechanism for mapping higher-layer identifiers, such as DNS names, to IP addresses. In that it discourages folks from using CGA-based authentication alone. I'd suggest strengthing it even further, though. Would something like the following text be acceptable? CGA-based authentication should not be considered for purposes other than SEND and closely related mechanisms. CGA-based authentication is particularly suitable for securing neighbor discovery [RFC2461] and duplicate address detection [RFC2462] because these are network-layer signaling protocols where IPv6 addresses are natural endpoint identifiers. In any protocol that aims to protect higher-layer data, CGA-based authentication alone is not sufficient as there must also be a secure mechanism for mapping higher-layer identifiers, such as DNS names, to IP addresses. Further, using CGA-based authentication for other purposes may weaken the effectiveness of this mechanism for SEND, because of the possibility of related-protocol attacks. If another mechanism needs to re-use CGA-based authentication, it must take care that it include type tags and the sender address in all signed messages in the same way as SEND does and it must use the public key only for signing and not for encryption. |
2004-02-17
|
06 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Undefined by Ted Hardie |
2004-02-17
|
06 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to Undefined from Discuss by Ted Hardie |
2004-02-17
|
06 | Ted Hardie | [Ballot Position Update] New position, Discuss, has been recorded for Ted Hardie by Ted Hardie |
2004-02-17
|
06 | Russ Housley | [Ballot discuss] The first paragraph of section 3 says: > > ... For SEND, the public > key SHOULD be an RSA … [Ballot discuss] The first paragraph of section 3 says: > > ... For SEND, the public > key SHOULD be an RSA encryption key with the object identifier > rsaEncryption (i.e., "1.2.840.113549.1.1.1") and the subject public > key field SHOULD be formatted as an ASN.1 data structure of the type > RSAEncryptionKey defined in [PKCS.1.2002]. ... > PKCS #1 v2.1 (14 June 2002) does not specify a type of RSAEncryptionKey. I suspect that a type of RSAPublicKey is intended. This type and the associated object identifier can be found in RFC 3279 (as well as in PKCS #1 v2.1). The community will be able to easily locate RFC 3279. Please refer to section 2.3.1 of RFC 3279. Further, the use of SHOULD bothers me. The use of RSA can be SHOULD, but the format of fields when RSA is selected ought to be a MUST. I suggest: SEND SHOULD use an RSA public/private key pair. When RSA is used, the algorithm identifier must be rsaEncryption, which is 1.2.840.113549.1.1.1, and the RSA public key MUST be formatted using RSAPublicKey type as specified in section 2.3.1 of RFC 3279. In the 1st full paragraph on page 9, Section 4 says: > > ... The quality of the random number generator does not affect the > strength of the binding between the address and the public key. ... > This kind of statement will encourage implementors to use a constant, which is a problem. A SHA-1 hash of the time of day would be okay. Section 7.3 ought to reference RFC 1750. The security considerations ought to say something about the lifetime of the public/private key pair. The one brief statement in section 7.3 is not sufficient for an implementor to know how often the key pair needs to be changed. |
2004-02-17
|
06 | Russ Housley | [Ballot discuss] The first paragraph of section 3 says: > > ... For SEND, the public > key SHOULD be an RSA … [Ballot discuss] The first paragraph of section 3 says: > > ... For SEND, the public > key SHOULD be an RSA encryption key with the object identifier > rsaEncryption (i.e., "1.2.840.113549.1.1.1") and the subject public > key field SHOULD be formatted as an ASN.1 data structure of the type > RSAEncryptionKey defined in [PKCS.1.2002]. ... > PKCS #1 v2.1 (14 June 2002) does not specify a type of RSAEncryptionKey. I suspect that a type of RSAPublicKey is intended. This type and the associated object identifier can be found in RFC 3279 (as well as in PKCS #1 v2.1. The community will be able to locate RFC 3279 much more easily. Please refer to section 2.3.1 of RFC 3279. Further, the use of SHOULD bothers me. The use of RSA can be SHOULD, but the format of fields when RSA is selected ought to be a MUST. I suggest: SEND SHOULD use an RSA public/private key pair. When RSA is used, the algorithm identifier must be rsaEncryption, which is 1.2.840.113549.1.1.1, and the RSA public key MUST be formatted using RSAPublicKey type as specified in section 2.3.1 of RFC 3279. In the 1st full paragraph on page 9, Section 4 says: > > ... The quality of the random number generator does not affect the > strength of the binding between the address and the public key. ... > This kind of statement will encourage implementors to use a constant, which is a problem. A SHA-1 hash of the time of day would be okay. Section 7.3 ought to reference RFC 1750. The security considerations ought to say something about the lifetime of the public/private key pair. The one brief statement in section 7.3 is not sufficient for an implementor to know how often the key pair needs to be changed. |
2004-02-17
|
06 | Russ Housley | [Ballot Position Update] New position, Discuss, has been recorded for Russ Housley by Russ Housley |
2004-02-12
|
06 | Margaret Cullen | [Ballot Position Update] New position, Yes, has been recorded for Margaret Wasserman |
2004-02-12
|
06 | Margaret Cullen | Ballot has been issued by Margaret Wasserman |
2004-02-12
|
06 | Margaret Cullen | Created "Approve" ballot |
2004-02-12
|
06 | Margaret Cullen | State Changes to IESG Evaluation from Waiting for Writeup by Margaret Wasserman |
2004-02-12
|
06 | Margaret Cullen | Placed on agenda for telechat - 2004-02-19 by Margaret Wasserman |
2004-02-06
|
05 | (System) | New version available: draft-ietf-send-cga-05.txt |
2004-02-02
|
06 | (System) | State has been changed to Waiting for Writeup from In Last Call by system |
2004-01-19
|
06 | Amy Vezza | Last call sent |
2004-01-19
|
06 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2004-01-19
|
06 | Margaret Cullen | Last Call was requested by Margaret Wasserman |
2004-01-19
|
06 | (System) | Ballot writeup text was added |
2004-01-19
|
06 | (System) | Last call text was added |
2004-01-19
|
06 | (System) | Ballot approval text was added |
2004-01-19
|
06 | Margaret Cullen | State Changes to Last Call Requested from Publication Requested by Margaret Wasserman |
2003-12-22
|
06 | Dinara Suleymanova | Shepherding AD has been changed to Margaret Wasserman from Harald Alvestrand |
2003-12-22
|
06 | Dinara Suleymanova | Draft Added by Dinara Suleymanova |
2003-12-18
|
04 | (System) | New version available: draft-ietf-send-cga-04.txt |
2003-12-02
|
03 | (System) | New version available: draft-ietf-send-cga-03.txt |
2003-10-21
|
02 | (System) | New version available: draft-ietf-send-cga-02.txt |
2003-08-04
|
01 | (System) | New version available: draft-ietf-send-cga-01.txt |
2003-07-02
|
(System) | Posted related IPR disclosure: Cryptographically Generated Addresses (CGA) | |
2003-06-16
|
00 | (System) | New version available: draft-ietf-send-cga-00.txt |