SEND WG Afternoon Session III
James Kempf
Pekka Nikander
chairs

James discusses agenda

draft status:
WG draft merged trust model and trheats drafts.
3 trust models
3 threat classifications

Open trust/threat issues in drafts
router spoofing attack signaling is not entirely clear
rfc2462 says 2hr min RA lifetime reduction
takes more then one spoofed w/ zero lifetime

additional trust model: semi-trust
Bogus addr configured-if a ddns update is done ...

finishing trust/threats drafts
need discussion on lists and others
WG Last Call end of Jan. latest
Please contribute.

IPSec for Secure ND Jari Arkko, Vesa-Matti Mantyla Ericsson
Starting point
Secure ND possible either on IP or ND layers
Technical issues:
can't run IKE
needs to deal w/ multicast messages

AH for SEND

auth alg
verify timestamp is recent enough
... senders IID=hash ....
..... signature against pub key
optionally verify certificate chain to own trusted root

Policy setup
outbound
inbound

SAD setup



summary of IPSec mods
new alg
timestamp instead of seq numbers

itojun:  how much time sync do you require?
Jari: not sure.

new format for mac field
no key in SA for ND
SPD entries ICMPv6-type specificiationSA destination made irrelevant in SA. SPD

Transition issues:

Before SEND is deployed, need to support both.
Possible solution, different prefixes for secure and insecure

greg daly: can't see how you can do this securely and insecurely because link-local resolution?

Erik: if there is an issue based sec/insec, you want sec to only speak w/ sec, only securing nd or only secing com between nodes.  Are the two related?


Further questions?

no further questions

Bill Sommerfeld
SEND design team statuses
no draft  yet

sub-problems
is legimite router?
Initial configuration?
Using CGA for ND

is legit router
add trust anchor to RS

CGA precomp
running out of bits for CGA

CGA precomp attacks on high value prefixes.
Erik: do we know what the issues are?  Linklocal vs global

bill: high value prefix to attack.

Depends on usage

recommend CGA for only threats draft.

Tech reason why higher bits in link lcoal won't be used?  62Bit vs 64bit
no.
sounds like a political reson
how tied are link locals to /64 is the v6 community?

Linklocal from /64 to /10?

will need to treat globals special.
Type indentification for site-local is a /10. 

bob hinden: latest draft in addr arch does not state that additional bits can not be used.

Jari:  DHCP-like scheme? 
Bill:  this is not fully fleshed out.

Hesham:  same chichen and Egg to setup SA w/ dhcp server
bill:  don't use DHCP per se, just something registation based.

Initial configuration
minimize size of preconfig

jari: leap of faith for initial trust rule?  Or at new network?
Bill: I don't want it as a possiblity, we are just talking design.

Jim: wants to get draft out by feb.  might find a redeign is needed.  
Design team is working on investigation.

Discussion:

none

people should subscribe to the list and contribute