[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions (per user keying)



Jeff,

If the text :

>  
>  "IPv6 Security is intended to be able to provide Authentication,
>  Integrity and Confidentiality for application programs operating on
>  connected end-systems. Integrity and confidentiality can be
>  provided by the proper use of per-host keys. However authentication of
>  principals using applications on end-systems requires that processes
>  running such applications have the necessary facilities to set up their
>  own Security Parameters Indices. In this fashion applications can make
>  use of key distribution facilities which provide authentication."
>  

means that an IPv6 implementation must accept an SPI from an application
and use it, then I think there might be some problems. For example,

 o  If the security context associated with a particular SPI is retrieved
    from somewhere other than the requesting process, how would the
    IP implementation know the application has the right to use it? 

 o  If the security context is accepted from the process along with
    the SPI, how is this going to affect the programming interface? For
    example, how will the security context state be passed in a way that
    leaves existing interfaces reasonably unaffected (e.g., will new
    ioctl calls to specify the integrity and confidentiality algorithms,
    the keying information, and other security mechanism specific data
    be required? Will there be new informational ioctl calls to find
    out which algorithms the IP implementation supports?)?

IPv6 was agreed on after there was some implementation experience on which
to base the decision. As far as I can tell, there is no implementation
experience on which to base the decision for or against a mandatory requirement
for supporting application supplied SPIs.

So I still argue against making this a mandatory requirement. There seems to
be enough people interested in user-oriented keying that if it is recommended
that implementations support it, some will. From this we can determine whether
it is useful or not and whether it is implementable in a reasonable way.
If so, it can be made mandatory in the draft standard.

Dan


Follow-Ups: