[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Son-of-IKE Selection Criteria?

To: "'Michael Thomas'" <mat@cisco.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: RE: Son-of-IKE Selection Criteria?
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Date: Fri, 7 Dec 2001 10:30:35 -0800
Cc: "'Derek Atkins'" <warlord@mit.edu>, "'Walker, Jesse'" <jesse.walker@intel.com>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Michael,

	Could you expand a bit more here? I do not follow IPv6 deployment is
much detail and I suspect many other do not.

What is the current staus of disposable addresses? Are they likely to be
widely deployed? How does the mechanism work, does it depend on security
properties in the key exchange?

I am not opposed to identity concealment, but I am opposed to a scheme that
cryptographically gives half a loaf. If we can push identity concealment out
of the key exchange into another area and by doing so do the job properly I
would be much happier.

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Michael Thomas [mailto:mat@cisco.com]
> Sent: Friday, December 07, 2001 12:52 PM
> To: Hallam-Baker, Phillip
> Cc: 'Derek Atkins'; 'Walker, Jesse'; ipsec@lists.tislabs.com
> Subject: RE: Son-of-IKE Selection Criteria?
> 
> 
> 
> I'm not sure whether this is applicable to this
> thread or not, but if we're talking about
> expectation of long lived IP addresses, I think
> that we better consider whether IP6's disposable
> addresses for privacy are an issue, not to mention
> renumbering.
> 
> 		Mike
> 
> Hallam-Baker, Phillip writes:
>  > First let us be clear about the different types of dynamic 
> address. In
>  > practice very few addresses are genuinely 'dynamic'.
>  > 
>  > Second, in this I will talk about 'certificates' since 
> they are what the
>  > group are familliar with. But remember that this is simply 
> a shorthand for
>  > 'binding of data to a private key' and there might be a 
> scheme such as XKMS
>  > supporting the use.
>  > 
>  > 1) The Address is actually static but is dynamically 
> reallocated for
>  > operational reasons.
>  > 	E.G. most cable modem addresses which rarely change 
> (unless excite
>  > goes bankrupt that week).
>  > 
>  > 	Can issue a certificate bound to the IP address
>  > 
>  > 	If the IP address changes, revoke & reissue (note, 
> probably want to
>  > use XKMS rather than CRLs!)
>  > 
>  > 2) The Address is dynamic being allocated each time from a 
> fixed pool.
>  > 	E.G. dial up access
>  > 
>  > Here we have a number of approaches,
>  > 
>  > A) Generate a key / cert for each address in the pool.
>  > 	When the initiator attempts to connect to the responder with the
>  > client credential, the request is intercepted at the POP. 
> The POP first
>  > performs a key agreement using the key bound to the IP 
> address, then once
>  > the tunnel is created forwards the client request through 
> the tunnel.
>  > 
>  > B) Use disposable key / cert pairs.
>  > 	The initiator applies for a pool of key/cert pairs 
> which are cached.
>  > These are discarded after a single use. The disposable 
> key/cert pair may not
>  > even be certified by a trusted third party, it may be self signed.
>  > 
>  > C) Issue a certificate that has a wild card in it
>  > 	E.G. 18.23.1.* (think binary mask)
>  > 
>  > 
>  > While the cost of such systems may appear high the 
> concealment of identity
>  > is inherently an expensive process IF DONE WELL. If the 
> concealment is poor
>  > then better not to bother at all.
>  > 
>  > 	Phill
>  > 
>  > 
>  > Phillip Hallam-Baker FBCS C.Eng.
>  > Principal Scientist
>  > VeriSign Inc.
>  > pbaker@verisign.com
>  > 781 245 6996 x227
>  > 
>  > 
>  > > -----Original Message-----
>  > > From: Derek Atkins [mailto:warlord@MIT.EDU]
>  > > Sent: Wednesday, December 05, 2001 3:33 PM
>  > > To: Hallam-Baker, Phillip
>  > > Cc: 'Walker, Jesse'; ipsec@lists.tislabs.com
>  > > Subject: Re: Son-of-IKE Selection Criteria?
>  > > 
>  > > 
>  > > Phill,
>  > > 
>  > > "Hallam-Baker, Phillip" <pbaker@verisign.com> writes:
>  > > 
>  > > > 1. Issue every device an IP identity credential bound to 
>  > > its IP address.
>  > > > 	This is the ONLY form of identity that can 
> provably prevent any 
>  > > > 	additional disclosure of identity in an IP environment 
>  > > since your
>  > > > 	IP address is known in any case.
>  > > > 
>  > > > 2. Perform two sequential key agreements, ]
>  > > > 	first an IP address based agreement
>  > > > 	second an identity based agreement encrypted under the 
>  > > key of (1).
>  > > > 
>  > > 
>  > > How would you cope with machines with dynamic IP address?
>  > > 
>  > > -derek
>  > > 
>  > > -- 
>  > >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>  > >        Member, MIT Student Information Processing Board  (SIPB)
>  > >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>  > >        warlord@MIT.EDU                        PGP key available
>  > > 
>  > 
>

Phillip

Follow-Ups:

RE: Son-of-IKE Selection Criteria?

From: Michael Thomas <mat@cisco.com>

Prev by Date: RE: Please kill preshared key.
Next by Date: RE: Please save the pre-shared key mode
Prev by thread: RE: Son-of-IKE Selection Criteria?
Next by thread: RE: Son-of-IKE Selection Criteria?
Index(es):
- Main
- Thread