Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Arkko, 57th IETF: SEND base protocol issue list Issues in the SEND base document draft-ietf-send-ipsec-01.txt

Published byBartholomew Rice Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Arkko, 57th IETF: SEND base protocol issue list Issues in the SEND base document draft-ietf-send-ipsec-01.txt"— Presentation transcript:

1 1 Arkko, 57th IETF: SEND base protocol issue list Issues in the SEND base document draft-ietf-send-ipsec-01.txt http://www.piuha.net/~jarkko/publications/send/issues 57th IETF, Vienna Jari Arkko, Ericsson Research NomadicLab

2 2 Arkko, 57th IETF: SEND base protocol issue list Issues for discussion here 07 - Cert-only ND protection not thought out 14 - Is CGA-only RD protection useful? 06 - Millisecond time granularity problematic 08 - Certificate details Only if AH is used: 03 - Co-existence scheme flawed due to multicast?

3 3 Arkko, 57th IETF: SEND base protocol issue list 07 - Certificate-only ND protection Complaint: certificate-only ND protection is “not thought out” –I think we generally agree, this part of the spec is not in as good status as the rest. (What are the specific problems?) Practical proposal: given the new IPR situation, perhaps we should remove certificate-based ND protection completely and rely on CGA only –This would simplify the specification –Can still be added as an extension later

4 4 Arkko, 57th IETF: SEND base protocol issue list 14 - Is CGA-only RD Protection Useful? Current draft allows CGA-only RD protection CGA tells nothing about your right to be a router Should it be removed? CGA allows to bind the selected default router to Redirects sent by it Other RD-protection might be possible to arrange via heuristics (e.g. the router appears to route) Practical proposal: simplify the draft and just keep the certificate-based RD protection

5 5 Arkko, 57th IETF: SEND base protocol issue list 06 - Millisecond granularity Current timestamp granularity is one millisecond Can not send two messages within one ms -- normally Ok, but can be problematic in some cases Solutions: –1) Not an issue –2) Allow reception within the same ms; note that getting the same ND message twice is not an issue –3) Increase allowed granularity to microsecond

6 6 Arkko, 57th IETF: SEND base protocol issue list 14 - Certificate details Use PKCs instead of ACs for routers and define new options for prefixes? –Pro: Infrastructure for PKCs exists but does not exist for ACs –Contra: New extensions are needed –Certificate chain can not mirror prefix delegation, but not sure how useful this would be Should DNs be used instead of FQDNs to identify trust roots?

7 7 Arkko, 57th IETF: SEND base protocol issue list 03 - Co-existence scheme & multicast Nodes may run multicast on the link, exchange link- local addresses Since multicast does not use ND, such addresses may traverse from the secure side to the non-secure side Violates addressing RFC Solutions: –1) In the ND-option approach, there are no “sides” and hence no problem –2) Something else, what?

Download ppt "1 Arkko, 57th IETF: SEND base protocol issue list Issues in the SEND base document draft-ietf-send-ipsec-01.txt"

Similar presentations

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
IP over ETH over IEEE802.16 draft-riegel-16ng-ip-over-eth-over-80216-01 Max Riegel

IP over ETH over IEEE draft-riegel-16ng-ip-over-eth-over Max Riegel
1 Address Selection, Failure Detection and Recovery in MULTI6 draft-arkko-multi6dt-failure-detection-00.txt Multi6 Design Team -- Jari Arkko, Marcelo Bagnulo,

1 Address Selection, Failure Detection and Recovery in MULTI6 draft-arkko-multi6dt-failure-detection-00.txt Multi6 Design Team -- Jari Arkko, Marcelo Bagnulo,
Network Localized Mobility Management using DHCP

Network Localized Mobility Management using DHCP
1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.

1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.
DAD Optimization Youn-Hee Han Samsung Advanced Institute of Technology 57 th IETF, Vienna, Austria July 13-18, 2003.

DAD Optimization Youn-Hee Han Samsung Advanced Institute of Technology 57 th IETF, Vienna, Austria July 13-18, 2003.
Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.

Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.
Asymmetric Extended Route Optimization (AERO)

Asymmetric Extended Route Optimization (AERO)
Security Association Establishment for Handover Protocols Jari Arkko Ericsson Research NomadicLab.

Security Association Establishment for Handover Protocols Jari Arkko Ericsson Research NomadicLab.
IPv6 Address autoconfiguration stateless & stateful.

IPv6 Address autoconfiguration stateless & stateful.
1 IPv4 – IPv6 Co-Existence Interim Meeting October 1 st – 2 nd, 2008 Montreal, Canada.

1 IPv4 – IPv6 Co-Existence Interim Meeting October 1 st – 2 nd, 2008 Montreal, Canada.
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and 802.11i IKEv2 EAP authentication.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
1 Design of the MOBIKE Protocol Editors: T. Kivinen H. Tschofenig.

1 Design of the MOBIKE Protocol Editors: T. Kivinen H. Tschofenig.
Concerns about designating the MAG as a Default Router James Kempf NETLMM Interim Sept. 27, 2006.

Concerns about designating the MAG as a Default Router James Kempf NETLMM Interim Sept. 27, 2006.
NETLMM Meeting IETF 67 James Kempf Phil Roberts

NETLMM Meeting IETF 67 James Kempf Phil Roberts
Draft-engelstad-manet- name-resolution-00.txt IETF 57, Vienna MANET WG meeting 16.07.2003 Paal Engelstad, Telenor R&D / UniK.

Draft-engelstad-manet- name-resolution-00.txt IETF 57, Vienna MANET WG meeting Paal Engelstad, Telenor R&D / UniK.
IPv6 Minimum Host Requirement for Small Devices Yokogawa Electric Corp. Nobuo Okabe

IPv6 Minimum Host Requirement for Small Devices Yokogawa Electric Corp. Nobuo Okabe
1 IPv6 Deployment Scenarios in 802.16(e) Networks draft-ietf-v6ops-802-16-deployment-scenarios-01 Myung-Ki Shin, ETRI Youn-Hee Han, KUT Sang-Eon Kim, KT.

1 IPv6 Deployment Scenarios in (e) Networks draft-ietf-v6ops deployment-scenarios-01 Myung-Ki Shin, ETRI Youn-Hee Han, KUT Sang-Eon Kim, KT.
Prefix Delegation Protocol Selection T.J. Kniveton MEXT Working Group IETF 70 - December ’07 - Vancouver.

Prefix Delegation Protocol Selection T.J. Kniveton MEXT Working Group IETF 70 - December ’07 - Vancouver.
IETF 51, IPv6 WG1 Multilink Subnets draft-thaler-ipngwg-multilink-subnets-01.txt Dave Thaler

IETF 51, IPv6 WG1 Multilink Subnets draft-thaler-ipngwg-multilink-subnets-01.txt Dave Thaler

Similar presentations

Ads by Google