Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-kk-mpvd-ndp-support-01 MIF WG – IETF88 Jouni Korhonen Suresh Krishnan Sri Gundavelli.

Published byJoan Jordan Modified over 9 years ago

Similar presentations

Presentation on theme: "Draft-kk-mpvd-ndp-support-01 MIF WG – IETF88 Jouni Korhonen Suresh Krishnan Sri Gundavelli."— Presentation transcript:

1 draft-kk-mpvd-ndp-support-01 MIF WG – IETF88 Jouni Korhonen Suresh Krishnan Sri Gundavelli

2 Background A protocol solution proposal for draft-ietf-mif- mpvd-arch using IPv6 NDP. Complimentary work to draft-kkb-mpvd-dhcp- support-01 We assume you read the drafts..

3 Design choices in -01 A generic “PVD container/range” NDP option: – PVD_CO marks the start of a PVD – PVD_ID marks the end of a PVD. – Can carry existing NDP options. – Carries the PVD Identity, optional security information etc.. An RA/RS may contain zero or more PVD containers: – Multiple PVDs may be in one RA/RS.. – An RS may contain zero or more PVD containers to solicit information from a specific PVD:

4 Design choices in -01 cont’d Reuse selected parts of existing security mechanisms: SEND RFC6494/6495/3971 – Does not mandate implementation of SEND, though! – Mostly reuse the SEND Subject Key Identifier way of finding public keys. Defines the security principles: – PVD container content may be signed to prove the authenticity of the advertised information and to provide integrity protection. – Replay protection left for the “carrier protocol” to solve.

5 Changes from -00 Change of PVD_CO option not to contain sub- options but mark the start of options belonging to the PVD. Replacing the PVD Identity encodings defined in -00 to a common PVD-ID “blob” defined in draft-kkbg-mpvd-id-00. Minor tweaks..

6 PVD Container Option Marks the starts of ND options belonging to a specific PVD; options follow as-is. PVD unaware clients just skip the option and process the subsequent NDP options as any NDP options.. Option follows the normal ND option padding requirements.

7 PVD Identifier Option Marks the end of NDP options belonging to a PVD identified by the “Identity”. PVD unaware clients just skip the option.. “Identity” is a binary blob, whose encoding is defined in draft-kkbg-mpvd-id.

8 Issues to think more.. PVD_CO handling in case of PVD unaware host implementations: – Just skip the option and handle “PVD encapsulated” NDP options as any NDP options or.. (now in -01) – Craft PVD_CO in a way that an unaware host implementation would skip all “PVD encapsulated” NDP options (doable with PVD_CO Length tweaking).. (was in -00) Replay protection as part of the PVD container or left for the “carrier protocol” to deal with? Clarifying the case where a router advertises multiple PVDs – how to do signing of options. Trust anchors, certificate chains or something else..

9 Questions ?

Download ppt "Draft-kk-mpvd-ndp-support-01 MIF WG – IETF88 Jouni Korhonen Suresh Krishnan Sri Gundavelli."

Similar presentations

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.
Multicast Reconfiguration Protocol for Stateless DHCPv6 DHC 61 st IETF S. Daniel Park

Multicast Reconfiguration Protocol for Stateless DHCPv6 DHC 61 st IETF S. Daniel Park
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Access control for IP multicast T-110.557 Petri Jokela

Access control for IP multicast T Petri Jokela
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF.

Draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF.
Draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia.

Draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia.
Controlling Traffic Offloading Using Neighbor Discovery Protocol IETF#80 Mif WG, 28-March-2011 draft-korhonen-mif-ra-offload-01 Jouni Korhonen Teemu Savolainen.

Controlling Traffic Offloading Using Neighbor Discovery Protocol IETF#80 Mif WG, 28-March-2011 draft-korhonen-mif-ra-offload-01 Jouni Korhonen Teemu Savolainen.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.

Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
CSIS 4823 Data Communications Networking – IPv6

CSIS 4823 Data Communications Networking – IPv6
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?

1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.
IP Security: Security Across the Protocol Stack

IP Security: Security Across the Protocol Stack
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Multiple Provisioning Domain (MPVD) Architecture status & next steps Dmitry Anipko (architecture document editor) IETF 89 MIF WG London, March 6 th 2014.

Multiple Provisioning Domain (MPVD) Architecture status & next steps Dmitry Anipko (architecture document editor) IETF 89 MIF WG London, March 6 th 2014.
1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt
DHCPv6 Redundancy Considerations Redundancy Proposals in RFC 6853.

DHCPv6 Redundancy Considerations Redundancy Proposals in RFC 6853.
1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses
IETF 51, IPv6 WG1 Multilink Subnets draft-thaler-ipngwg-multilink-subnets-01.txt Dave Thaler

IETF 51, IPv6 WG1 Multilink Subnets draft-thaler-ipngwg-multilink-subnets-01.txt Dave Thaler
Michael Myers VeriSign, Inc.

Michael Myers VeriSign, Inc.

Similar presentations

Ads by Google