Pekka Nikander wrote:
[Dropping IPv6 as this has nothing to do with IPv6 any more]
Jari and Erik,
My assumption is that anybody that cares about security of the
content being communicated applies some security to that content;
IPsec, TLS, whatever. And if folks care about www.example.com really
mapping to an IP address and the routes pointing in that direction,
we need DNSsec and some routing security.
AFAICT we need this even if HIP is used (even though HIP helps to
get IPsec end-to-end).
Yes. One of the reasons why this is needed is that
the specific issues in applications typically need specific
security support that is easier to provide in application
or transport layer. Secondly, historically, we have struggled
in providing meaningful and universal information from IP
layer security mechanisms to applications. I do not
see any reason why the world would change in this regard,
particularly given the already developed and deployed
mechanisms.
I think you may be missing one aspect of CGAs/KHIs/HITs/whatever, which
is implicit channel bindings and the ability to continue identifiers
for security purposes.
I suspect neither Jari or I have missed that.
I guess I don't understand what you are responding to; this particular
part was about the need for DNSsec and routing security.
I don't think you are arguing that we don't need those if we have HIP,
thus I don't understand what point you are making relative to what I and
Jari said.
Hence, the security I was referring to is the strength of the
cryptographic binding from the IPv6-look-alike identifier to the public
key. If the hash is short, the binding is weak. Even the
currently-proposed 120-bits hash will become vulnerable during the
lifetime of many of us, and using 128 bits doesn't help much there.
Consequently, in the long run, I think there is some incentive to move
using full public keys (or something similar) as host or end- point
identifiers.
The impact of the above was what I explicitly disclaimed in my email
yesterday.
But to understand the security of the system, one would presumably need
to start with a FQDN and take into account DNSsec and routing security,
and see what the different threats are.
For instance, how would HIP (with its binding by having the hash in the
HIT) compare with getting both AAAA and IPSECKEY RRs from (the secured) DNS?
I certainly don't understand all the tradeoffs to make such a comparison.
Erik
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
