1 Arkko, 57th IETF: SEND base protocol issue list Issues in the SEND base document draft-ietf-send-ipsec-01.txt

Slides:



Advertisements
Similar presentations
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Advertisements

IP over ETH over IEEE draft-riegel-16ng-ip-over-eth-over Max Riegel
1 Address Selection, Failure Detection and Recovery in MULTI6 draft-arkko-multi6dt-failure-detection-00.txt Multi6 Design Team -- Jari Arkko, Marcelo Bagnulo,
Network Localized Mobility Management using DHCP
1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.
DAD Optimization Youn-Hee Han Samsung Advanced Institute of Technology 57 th IETF, Vienna, Austria July 13-18, 2003.
Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.
Asymmetric Extended Route Optimization (AERO)
Security Association Establishment for Handover Protocols Jari Arkko Ericsson Research NomadicLab.
IPv6 Address autoconfiguration stateless & stateful.
1 IPv4 – IPv6 Co-Existence Interim Meeting October 1 st – 2 nd, 2008 Montreal, Canada.
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
1 Design of the MOBIKE Protocol Editors: T. Kivinen H. Tschofenig.
Concerns about designating the MAG as a Default Router James Kempf NETLMM Interim Sept. 27, 2006.
NETLMM Meeting IETF 67 James Kempf Phil Roberts
Draft-engelstad-manet- name-resolution-00.txt IETF 57, Vienna MANET WG meeting Paal Engelstad, Telenor R&D / UniK.
IPv6 Minimum Host Requirement for Small Devices Yokogawa Electric Corp. Nobuo Okabe
1 IPv6 Deployment Scenarios in (e) Networks draft-ietf-v6ops deployment-scenarios-01 Myung-Ki Shin, ETRI Youn-Hee Han, KUT Sang-Eon Kim, KT.
Prefix Delegation Protocol Selection T.J. Kniveton MEXT Working Group IETF 70 - December ’07 - Vancouver.
IETF 51, IPv6 WG1 Multilink Subnets draft-thaler-ipngwg-multilink-subnets-01.txt Dave Thaler
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
1 OSPFv3-Based Home Networking – Report Jari Arkko, Ericsson Markus Stenberg, TMS/Cisco Based on draft-ietf-ospf-ospfv3- autoconfig-00.txt and draft- arkko-homenet-prefix-
Interdomain multicast routing with IPv6 Stig Venaas University of Southampton Jerome Durand RENATER Mickael Hoerdt University Louis Pasteur - LSIIT.
Interdomain IPv6 multicast Stig Venaas UNINETT. PIM-SM and Rendezvous Points Interdomain multicast routing is usually done with a protocol called PIM-SM.
SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.
IPv6 WORKING GROUP March 2002 Minneapolis IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Thierry Ernst - MOTOROLA Labs / INRIA Ludovic Bellier - INRIA project PLANETE Claude Castelluccia - INRIA project PLANETE Hong-Yon Lach - MOTOROLA Labs.
1 Virtual Router Redundancy Protocol (VRRP) San Francisco IETF VRRP Working Group March 2003 San Francisco IETF Mukesh Gupta / Nokia Chair.
1 Evaluation of PMIPv6 Base Multicast Support Drafts Stig Venaas Behcet Sarikaya November 2009 Multimob WG IETF 76.
Secure Neighbor Discovery in IPv6 Jari Arkko Ericsson Research James Kempf DoCoMo US Labs.
6lowpan ND Optimization draft Update Samita Chakrabarti Erik Nordmark IETF 69, 2007 draft-chakrabarti-6lowpan-ipv6-nd-03.txt.
Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG
What do we need to standardise? Open discussion Led by Dave Thaler dnssd WG, IETF89, London, 3 rd March 2014.
V6OPS WG – IETF #85 IPv6 for 3GPP Cellular Hosts draft-korhonen-v6ops-rfc3316bis-00 Jouni Korhonen, Jari Arkko, Teemu Savolainen, Suresh Krishnan.
Kireeti Kompella draft-kompella-mpls-rmr-01
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.
1 ipv6-node-02.PPT/ 18 November 2002 / John Loughney IETF 55 IPv6 Working Group IPv6 Node Requirements draft-ietf-ipv6-node-requirements-02.txt John Loughney.
Mobile IPv6 for Windows XP (.NET Server) and Windows CE 4.0 Greg O’Shea, MSRC Joint with Lancaster University And Ericsson Research.
1 Alternative (Future) Proposals for MIPv6 Security MIP6 BOF/WG IETF-57 Jari Arkko, Ericsson Research NomadicLab Charlie Perkins, Nokia Research Center.
Lightweight Key Establishment & Management Protocol (KEMP) in Dynamic Sensor Networks Update draft-qiu-roll-kemp-01 Ying QIU, Jianying ZHOU, Feng BAO.
1 ipv6-node-02.PPT/ 18 November 2002 / John Loughney IETF 55 IPv6 Working Group IPv6 Node Requirements draft-ietf-ipv6-node-requirements-02.txt John Loughney.
OSPFv3 Auto-Config IETF 83, Paris Jari Arkko, Ericsson Acee Lindem, Ericsson.
NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.
2/25/2016CSI WG/IETF761 Open Source Project SEND & Extensions Beijing University of Posts & Telecommunications HUAWEI Yuhong LI (Speaker) Wendong WANG.
IETF-53-IPv6 WG- Cellular host draft 1 Minimum IPv6 Functionality for a Cellular Host Jari Arkko Peter Hedman Gerben Kuijpers Hesham Soliman John Loughney.
1 cellhost-ipv6-52.ppt/ December 13, 2001 / John A. Loughney Minimum IPv6 Functionality for a Cellular Host John Loughney, Pertti Suomela, Juha Wiljakka,
Issue EAPoL-Key message generation at WTP or AC Issue 199, summarized as:...the WTP maintains the KeyRSC while the AC requires this information to.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
Pseudo-Wire Protection Mustapha Aissaoui, Florin Balus, Matthew Bocci, Hamid Ould-Brahim, Ping Pan IETF 66, Montreal.
Globally Identifiable Number (GIN) Registration Adam Roach draft-martini-roach-gin-01 IETF 77 – Anaheim, CA, USA March 22, 2010.
82 nd Taipei Protection Mechanisms for LDP P2MP/MP2MP LSP draft-zhao-mpls-mldp-protections-00.txt Quintin Zhao, Emily Chen, Huawei.
83rd IETF – Paris, France IJ. Wijnands E. Rosen K. Raza J. Tantsura A. Atlas draft-wijnands-mpls-mldp-node-protection-00
IPv6 Working Group IETF55 Atlanta November URL for Thermometer
Thoughts on Bootstrapping Mobility Securely Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57 th IETF Vienna Wed. July 16, 2003.
SEND WG IETF 57, Vienna Monday, July 14, 9:00 am.
Booting up on the Home Link
Secure Proxy ND Support for SEND draft-krishnan-csi-proxy-send-00
CIS 116 IPv6 Fundamentals 2 – Primer Rick Graziani Cabrillo College
6LoWPAN Backbone Router
IETF 55 IPv6 Working Group IPv6 Node Requirements
Multi Topology Routing (MTR) for OSPF
Towards PubSub and Storage integration in ANIMA
Other Routing Protocols
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Presentation transcript:

1 Arkko, 57th IETF: SEND base protocol issue list Issues in the SEND base document draft-ietf-send-ipsec-01.txt 57th IETF, Vienna Jari Arkko, Ericsson Research NomadicLab

2 Arkko, 57th IETF: SEND base protocol issue list Issues for discussion here 07 - Cert-only ND protection not thought out 14 - Is CGA-only RD protection useful? 06 - Millisecond time granularity problematic 08 - Certificate details Only if AH is used: 03 - Co-existence scheme flawed due to multicast?

3 Arkko, 57th IETF: SEND base protocol issue list 07 - Certificate-only ND protection Complaint: certificate-only ND protection is “not thought out” –I think we generally agree, this part of the spec is not in as good status as the rest. (What are the specific problems?) Practical proposal: given the new IPR situation, perhaps we should remove certificate-based ND protection completely and rely on CGA only –This would simplify the specification –Can still be added as an extension later

4 Arkko, 57th IETF: SEND base protocol issue list 14 - Is CGA-only RD Protection Useful? Current draft allows CGA-only RD protection CGA tells nothing about your right to be a router Should it be removed? CGA allows to bind the selected default router to Redirects sent by it Other RD-protection might be possible to arrange via heuristics (e.g. the router appears to route) Practical proposal: simplify the draft and just keep the certificate-based RD protection

5 Arkko, 57th IETF: SEND base protocol issue list 06 - Millisecond granularity Current timestamp granularity is one millisecond Can not send two messages within one ms -- normally Ok, but can be problematic in some cases Solutions: –1) Not an issue –2) Allow reception within the same ms; note that getting the same ND message twice is not an issue –3) Increase allowed granularity to microsecond

6 Arkko, 57th IETF: SEND base protocol issue list 14 - Certificate details Use PKCs instead of ACs for routers and define new options for prefixes? –Pro: Infrastructure for PKCs exists but does not exist for ACs –Contra: New extensions are needed –Certificate chain can not mirror prefix delegation, but not sure how useful this would be Should DNs be used instead of FQDNs to identify trust roots?

7 Arkko, 57th IETF: SEND base protocol issue list 03 - Co-existence scheme & multicast Nodes may run multicast on the link, exchange link- local addresses Since multicast does not use ND, such addresses may traverse from the secure side to the non-secure side Violates addressing RFC Solutions: –1) In the ND-option approach, there are no “sides” and hence no problem –2) Something else, what?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.