From msec-admin@securemulticast.org Fri Feb 7 08:09:16 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA08979 for ; Fri, 7 Feb 2003 08:09:16 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id B05DD535F9; Fri, 7 Feb 2003 08:12:24 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 2B42F53592 for ; Fri, 7 Feb 2003 08:11:24 -0500 (EST) Received: (qmail 30656 invoked by uid 3269); 7 Feb 2003 13:11:24 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 30650 invoked from network); 7 Feb 2003 13:11:23 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 7 Feb 2003 13:11:23 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA08816; Fri, 7 Feb 2003 08:07:42 -0500 (EST) Message-Id: <200302071307.IAA08816@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-mikey-06.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Fri, 07 Feb 2003 08:07:42 -0500 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : MIKEY: Multimedia Internet KEYing Author(s) : J. Arkko et al. Filename : draft-ietf-msec-mikey-06.txt Pages : 53 Date : 2003-2-6 Security protocols for real-time multimedia applications have started to appear. This has brought forward the need for a key management solution to support these protocols. Such a solution has to be suitable to be used in the context of conversational multimedia in a heterogeneous environment. This document describes a key management scheme that can be used for real-time applications (both for peer-to-peer communication and group communication), and shows how it may work together with protocols such as SIP and RTSP. In particular, its use to support the Secure Real-time Transport Protocol, [SRTP], is described in detail. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-mikey-06.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-mikey-06.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-mikey-06.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-2-6152545.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-mikey-06.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-mikey-06.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-2-6152545.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Fri Feb 7 10:51:15 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA13974 for ; Fri, 7 Feb 2003 10:51:14 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id A314A536E6; Fri, 7 Feb 2003 10:54:22 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 9F9C2536D1 for ; Fri, 7 Feb 2003 10:53:12 -0500 (EST) Received: (qmail 63889 invoked by uid 3269); 7 Feb 2003 15:53:12 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 63886 invoked from network); 7 Feb 2003 15:53:12 -0000 Received: from goliath.siemens.de (192.35.17.28) by klesh.pair.com with SMTP; 7 Feb 2003 15:53:12 -0000 Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by goliath.siemens.de (8.11.6/8.11.6) with ESMTP id h17FrAU02671 for ; Fri, 7 Feb 2003 16:53:11 +0100 (MET) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail1.siemens.de (8.11.6/8.11.6) with ESMTP id h17FrAK15429 for ; Fri, 7 Feb 2003 16:53:10 +0100 (MET) Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mars.cert.siemens.de (8.12.7/8.12.7/$SiemensCERT: mail/cert.mc,v 1.41 2003/01/31 16:25:20 ust Exp $) with ESMTP id h17FrAVM026595 for ; Fri, 7 Feb 2003 16:53:10 +0100 (CET) Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id h17Frbg4016088 for ; Fri, 7 Feb 2003 16:53:37 +0100 (MET) From: "Steffen Fries" Organization: Siemens AG To: msec@securemulticast.org MIME-Version: 1.0 Subject: Re: [MSEC] I-D ACTION:draft-ietf-msec-mikey-06.txt Reply-To: steffen.fries@siemens.com Message-ID: <3E43E474.23790.18CF70@localhost> Priority: normal In-reply-to: <200302071307.IAA08816@ietf.org> X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Fri, 07 Feb 2003 16:53:08 +0100 Content-Transfer-Encoding: 7BIT Hi, by reading the MIKEY draft I noticed that from my point of view there is still a problem with the length encoding of the payload. In section 6.2.the key data transport payload is described. Here encrypted data may be transported with a maximum length of 2^16 bytes. The encrypted data itself is described in section 6.13 as key data sub payload. Here it is possible to include a key and salt data. Both may have a maximum length of 2^16 each. Considering this means, that someone who uses all avaialable space is not able to encode the correct length information (2^17) in the length field of the encrypted data container. I don't think that somebody will use 2^16 byte for key and salt data in the next weeks, but this may be a potential problem if somebody really does. A solution would be to shorten the maximum length in the key data sub payload. Or did I misinterpreted the sections? Steffen _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Fri Feb 7 11:07:16 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA14321 for ; Fri, 7 Feb 2003 11:07:15 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id BFAC353635; Fri, 7 Feb 2003 11:10:23 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id A72C653592 for ; Fri, 7 Feb 2003 11:09:25 -0500 (EST) Received: (qmail 66083 invoked by uid 3269); 7 Feb 2003 16:09:25 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 66077 invoked from network); 7 Feb 2003 16:09:25 -0000 Received: from albatross-ext.wise.edt.ericsson.se (HELO albatross.wise.edt.ericsson.se) (193.180.251.49) by klesh.pair.com with SMTP; 7 Feb 2003 16:09:25 -0000 Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id h17G9MKV013044; Fri, 7 Feb 2003 17:09:22 +0100 (MET) Received: by esealnt610.al.sw.ericsson.se with Internet Mail Service (5.5.2655.55) id ; Fri, 7 Feb 2003 17:09:22 +0100 Message-ID: <1F55F6582266314A85A55F6241509B670575B1A2@Esealnt863.al.sw.ericsson.se> From: "Fredrik Lindholm (EAB)" To: "'steffen.fries@siemens.com'" Cc: msec@securemulticast.org Subject: RE: [MSEC] I-D ACTION:draft-ietf-msec-mikey-06.txt MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="ISO-8859-1" Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Fri, 7 Feb 2003 17:05:58 +0100 Hi Steffen, and sorry that we didn't include it into this update. We will include a clarification next time we update the draft. Best, Fredrik > -----Original Message----- > From: Steffen Fries [mailto:steffen.fries@siemens.com] > Sent: den 7 februari 2003 16:53 > To: msec@securemulticast.org > Subject: Re: [MSEC] I-D ACTION:draft-ietf-msec-mikey-06.txt > > > Hi, > > by reading the MIKEY draft I noticed that from my point of view > there is still a problem with the length encoding of the > payload. > > In section 6.2.the key data transport payload is described. > Here encrypted data may be transported with a maximum length of > 2^16 bytes. The encrypted data itself is described in section > 6.13 as key data sub payload. Here it is possible to include a > key and salt data. Both may have a maximum length of 2^16 each. > > Considering this means, that someone who uses all avaialable > space is not able to encode the correct length information > (2^17) in the length field of the encrypted data container. > > I don't think that somebody will use 2^16 byte for key and salt > data in the next weeks, but this may be a potential problem if > somebody really does. > > A solution would be to shorten the maximum length in the key > data sub payload. > > Or did I misinterpreted the sections? > > Steffen > > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Feb 12 13:01:23 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10331 for ; Wed, 12 Feb 2003 13:01:23 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 2CA5553843; Wed, 12 Feb 2003 13:04:37 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 313A053837 for ; Wed, 12 Feb 2003 13:03:16 -0500 (EST) Received: (qmail 77431 invoked by uid 3269); 12 Feb 2003 18:03:16 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 77428 invoked from network); 12 Feb 2003 18:03:15 -0000 Received: from pigeon.verisign.com (65.205.251.71) by klesh.pair.com with SMTP; 12 Feb 2003 18:03:15 -0000 Received: from vhqpostal-gw1.verisign.com (verisign.com [65.205.251.55]) by pigeon.verisign.com (8.12.1/) with ESMTP id h1CI1Hiq013535; Wed, 12 Feb 2003 10:01:17 -0800 (PST) Received: from THARDJONO-LAP.verisign.com (10.26.128.60 [10.26.128.60]) by vhqpostal-gw1.verisign.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2656.59) id 13NX8L2A; Wed, 12 Feb 2003 10:03:13 -0800 Message-Id: <5.0.0.25.2.20030212125850.02971398@pop.mail.yahoo.com> X-Sender: thardjono@vhqpostal3.verisign.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 To: msec@securemulticast.org From: Thomas Hardjono Cc: canetti@watson.ibm.com Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [MSEC] Call for MSEC agenda items for IETF-56 Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 12 Feb 2003 13:03:03 -0500 Folks, In the upcoming IETF-56, MSEC is going to meet on 1930-2200, Monday 3/17. Please send proposals for agenda items to Ran and myself. Best, Ran/Thomas ---------- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Fri Feb 14 12:04:46 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA27422 for ; Fri, 14 Feb 2003 12:04:45 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id ACC135356E; Fri, 14 Feb 2003 12:06:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 699EF5356E for ; Fri, 14 Feb 2003 12:04:35 -0500 (EST) Received: (qmail 9592 invoked by uid 3269); 14 Feb 2003 17:04:35 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 9589 invoked from network); 14 Feb 2003 17:04:35 -0000 Received: from pigeon.verisign.com (65.205.251.71) by klesh.pair.com with SMTP; 14 Feb 2003 17:04:35 -0000 Received: from vhqpostal-gw1.verisign.com (verisign.com [65.205.251.55]) by pigeon.verisign.com (8.12.1/) with ESMTP id h1EH2Xiq013046; Fri, 14 Feb 2003 09:02:33 -0800 (PST) Received: from THARDJONO-LAP.verisign.com (10.26.128.102 [10.26.128.102]) by vhqpostal-gw1.verisign.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2656.59) id 13NYB1Q5; Fri, 14 Feb 2003 09:04:31 -0800 Message-Id: <5.0.0.25.2.20030214115735.02968b80@pop.mail.yahoo.com> X-Sender: thardjono@vhqpostal3.verisign.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.0 To: msec@securemulticast.org From: Thomas Hardjono Cc: canetti@watson.ibm.com Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [MSEC] Agenda so far + Call for MSEC agenda items for IETF-56 Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Fri, 14 Feb 2003 12:04:22 -0500 Folks, Here is the tentative Agenda as of today for the MSEC WG meeting at IETF56 in San Francisco in March 2003. Please email Ran/Thomas for corrections/additions. MSEC WG Agenda: --------------- - Review of WG status (T. Hardjono/R. Canetti) - TESLA Update (A. Perrig) - Feedback channel protection (L. Dondeti/T. Hardjono) - GKMA (L. Dondeti/B. Weis) - - Note that at the moment MSEC will meet on: MONDAY, March 17, 2003 1930-2200 Evening Sessions Regards Ran/Thomas ---------- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Feb 18 12:00:04 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01898 for ; Tue, 18 Feb 2003 12:00:03 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 0ED5E536E7; Tue, 18 Feb 2003 12:02:12 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 190FF535B2 for ; Tue, 18 Feb 2003 12:00:56 -0500 (EST) Received: (qmail 37285 invoked by uid 3269); 18 Feb 2003 17:00:56 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 37281 invoked from network); 18 Feb 2003 17:00:55 -0000 Received: from pigeon.verisign.com (65.205.251.71) by klesh.pair.com with SMTP; 18 Feb 2003 17:00:55 -0000 Received: from vhqpostal-gw1.verisign.com (verisign.com [65.205.251.55]) by pigeon.verisign.com (8.12.1/) with ESMTP id h1IGwniq003820 for ; Tue, 18 Feb 2003 08:58:54 -0800 (PST) Received: from THARDJONO-LAP.verisign.com (10.26.128.136 [10.26.128.136]) by vhqpostal-gw1.verisign.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2656.59) id 13NY2BNW; Tue, 18 Feb 2003 09:00:47 -0800 Message-Id: <5.0.0.25.2.20030218115744.029f1218@pop.mail.yahoo.com> X-Sender: thardjono@vhqpostal3.verisign.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 To: msec@securemulticast.org From: Thomas Hardjono Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [MSEC] Agenda so far for MSEC at IETF56 Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 18 Feb 2003 12:00:28 -0500 Folks, Here is the tentative Agenda as of today for the MSEC WG meeting at IETF56 in San Francisco in March 2003. Please email Ran/Thomas for corrections/additions. MSEC WG Agenda: --------------- - Review of WG status (T. Hardjono/R. Canetti) - TESLA Update (A. Perrig) - Feedback channel protection (L. Dondeti/T. Hardjono) - GKMA (L. Dondeti/B. Weis) - MESP (R.Canetti/M.Baugher) - DHHMAC for MIKEY Update (M. Euchner) - - Note that according to the IETF56 agenda, MSEC will meet on: MONDAY, March 17, 2003 1930-2200 Evening Sessions Regards Ran/Thomas ---------- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Fri Feb 21 10:04:45 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA02497 for ; Fri, 21 Feb 2003 10:04:44 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 966D45366C; Fri, 21 Feb 2003 10:08:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 694255369A for ; Fri, 21 Feb 2003 10:06:05 -0500 (EST) Received: (qmail 86670 invoked by uid 3269); 21 Feb 2003 15:06:05 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 86667 invoked from network); 21 Feb 2003 15:06:05 -0000 Received: from m5.sparta.com (157.185.61.1) by klesh.pair.com with SMTP; 21 Feb 2003 15:06:05 -0000 Received: from charlie.columbia.sparta.com (charlie.columbia.sparta.com [157.185.80.121]) by M5.sparta.com (8.12.3/8.12.3) with ESMTP id h1LF5xjj021009 for ; Fri, 21 Feb 2003 09:06:04 -0600 Received: (from umeth@localhost) by charlie.columbia.sparta.com (8.11.6/8.11.6) id h1LF5s707283 for msec@securemulticast.org; Fri, 21 Feb 2003 10:05:54 -0500 From: Uri Meth To: msec@securemulticast.org Message-ID: <20030221100554.B7226@charlie.columbia.sparta.com> Reply-To: umeth@sparta.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Organization: SPARTA Inc. (Secure Systems Engineering Division) USMail: 9861 Broken Land Parkway, Suite 300, Columbia MD 21046 Phone: (410) 381-9400 x233 Fax: (410) 381-5559 Subject: [MSEC] Signature Payload - update wording Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Fri, 21 Feb 2003 10:05:54 -0500 Oops, forgot a few words in the rework. See corrected text below. The words that were added were "but not including". New Signature Payload Text: The Signature Payload contains data generated by the digital signature function. The digital signature covers the Signature Payload Span and the Signature Payload up to but not including the Signature Data Length. Any and all comments are always welcome. UM -- Uri Meth (410) 872 - 1515 x233 (voice) SPARTA, Inc. (410) 872 - 8079 (fax) 7075 Samuel Morse Drive umeth@sparta.com Columbia, MD 21046 _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Fri Feb 21 10:10:42 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA02801 for ; Fri, 21 Feb 2003 10:10:41 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 354A85366C; Fri, 21 Feb 2003 10:14:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id C9DE953796 for ; Fri, 21 Feb 2003 10:12:39 -0500 (EST) Received: (qmail 88136 invoked by uid 3269); 21 Feb 2003 15:12:39 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 88127 invoked from network); 21 Feb 2003 15:12:38 -0000 Received: from m5.sparta.com (157.185.61.1) by klesh.pair.com with SMTP; 21 Feb 2003 15:12:38 -0000 Received: from charlie.columbia.sparta.com (charlie.columbia.sparta.com [157.185.80.121]) by M5.sparta.com (8.12.3/8.12.3) with ESMTP id h1LFCXjj021343 for ; Fri, 21 Feb 2003 09:12:35 -0600 Received: (from umeth@localhost) by charlie.columbia.sparta.com (8.11.6/8.11.6) id h1LF0tO07247 for msec@securemulticast.org; Fri, 21 Feb 2003 10:00:55 -0500 From: Uri Meth To: msec@securemulticast.org Message-ID: <20030221100055.A7226@charlie.columbia.sparta.com> Reply-To: umeth@sparta.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Organization: SPARTA Inc. (Secure Systems Engineering Division) USMail: 9861 Broken Land Parkway, Suite 300, Columbia MD 21046 Phone: (410) 381-9400 x233 Fax: (410) 381-5559 Subject: [MSEC] Signature Payload Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Fri, 21 Feb 2003 10:00:55 -0500 In the modified GSAKMP specification which is set to be released soon there is a modification in the definition of the Signature Payload. Here I will present the old text and the new text and then define the reason for this modification. Old Signature Payload Text: The Signature Payload contains data generated by the digital signature function. The digital signature covers the Signature Payload Span and the Signature Payload up to the Signature Data. The exception to this is if the signature algorithm used is DSS with ASN.1/DER encoding. Due to the variable length of a DER encoding, the signature span across the signature payload itself only extends up to the signature data length field, not the signature data. New Signature Payload Text: The Signature Payload contains data generated by the digital signature function. The digital signature covers the Signature Payload Span and the Signature Payload up to the Signature Data Length. Rational: There really is no extra benefit to signing over the signature data length field, therefore there is no reason to make an exception case. By not signing over this field, we do not open ourselves to any attacks. If this value is modified, the signature will not verify because you would then have a incorrect length for the signature value received and would never be able to generate a correct signature for comparison purposes. Any and all comments are always welcome. UM -- Uri Meth (410) 872 - 1515 x233 (voice) SPARTA, Inc. (410) 872 - 8079 (fax) 7075 Samuel Morse Drive umeth@sparta.com Columbia, MD 21046 _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Sun Feb 23 03:40:39 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA04215 for ; Sun, 23 Feb 2003 03:40:39 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 5DE1C535CA; Sun, 23 Feb 2003 03:44:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id 999C9535BF for ; Sun, 23 Feb 2003 03:43:09 -0500 (EST) Received: (qmail 46719 invoked by uid 3269); 23 Feb 2003 08:43:09 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 46712 invoked from network); 23 Feb 2003 08:43:05 -0000 Received: from unknown (HELO itsky.com.cn) (211.153.20.96) by klesh.pair.com with SMTP; 23 Feb 2003 08:43:05 -0000 Received: (smail 17350 invoked by uid 511); 23 Feb 2003 07:49:01 -0000 Received: from unknown (HELO lion) (free@61.48.10.87) by 0 with SMTP; 23 Feb 2003 07:49:01 -0000 From: "zen" To: "gsec@lists.tislabs.com" , "msec@securemulticast.org" X-mailer: Foxmail 4.2 [cn] Mime-Version: 1.0 Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: 7bit Message-Id: <20030223084309.999C9535BF@pairlist.net> Subject: [MSEC] source authenticate in multicast Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Sun, 23 Feb 2003 16:46:21 +0800 Content-Transfer-Encoding: 7bit Folks, About multicast authenticate,i want to ask you give some advices. There is a method:base on TESLA,add one or two hash values of multiple future packets to every packet,so it will not only provides delayed authentication,but also provides authenticate the packet received at once after a key disclosure delay.And it also has a better dynamic sending rate and robustness to packet loss,or to DOS. Is it enough or it should has other improvement? I hope advices from you!Thanks a lot! B&R, Zen _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Sun Feb 23 05:10:52 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA05186 for ; Sun, 23 Feb 2003 05:10:52 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 59129536F4; Sun, 23 Feb 2003 05:14:14 -0500 (EST) Delivered-To: msec@pairlist.net Received: from netmedia.kjist.ac.kr (netmedia.kjist.ac.kr [203.237.53.16]) by pairlist.net (Postfix) with ESMTP id B35205360B for ; Sun, 23 Feb 2003 05:13:55 -0500 (EST) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="ks_c_5601-1987" X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Message-ID: <0ECD92AD3DC97C4686C7C172D347FA1A0EF536@nml.netmedia.kjist.ac.kr> Thread-Topic: What is the relation between IKE and MIKEY? Thread-Index: AcLbIdLbKBDw7TA0REOrcqY8IYCpMg== From: "Deuk-Whee Kwak" To: Subject: [MSEC] What is the relation between IKE and MIKEY? Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Sun, 23 Feb 2003 18:56:11 +0900 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id FAA05186 Hi What is the relation between IKE and MIKEY? As far as I understand, IKE is mainly used for network-level peer-to-peer key exchange protocol, and MIKEY is mainly used for application-level multicast key exchange protocol. Then, is it impossible to use IKE for application-level multicast key exchange protocol? Thanks _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Mon Feb 24 03:13:51 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA04433 for ; Mon, 24 Feb 2003 03:13:50 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 65F3853658; Mon, 24 Feb 2003 03:16:02 -0500 (EST) Delivered-To: msec@pairlist.net Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by pairlist.net (Postfix) with ESMTP id 67B2D535C5 for ; Mon, 24 Feb 2003 03:14:34 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id h1O8EVKV028655; Mon, 24 Feb 2003 09:14:32 +0100 (MET) Received: by esealnt610.al.sw.ericsson.se with Internet Mail Service (5.5.2655.55) id ; Mon, 24 Feb 2003 09:14:31 +0100 Message-ID: <1F55F6582266314A85A55F6241509B670575B1F8@Esealnt863.al.sw.ericsson.se> From: "Fredrik Lindholm (EAB)" To: "'Deuk-Whee Kwak'" , msec@lists.securemulticast.org Subject: RE: [MSEC] What is the relation between IKE and MIKEY? MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="KS_C_5601-1987" Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Mon, 24 Feb 2003 09:13:32 +0100 Hi, (see comments inline) > From: Deuk-Whee Kwak [mailto:dwkwak@kjist.ac.kr] > Sent: den 23 februari 2003 10:56 > To: msec@lists.securemulticast.org > Subject: [MSEC] What is the relation between IKE and MIKEY? > > > Hi > What is the relation between IKE and MIKEY? > As far as I understand, IKE is mainly used for network-level > peer-to-peer key exchange protocol, and MIKEY is mainly used > for application-level multicast key exchange protocol. MIKEY was designed to be a "low latency" group key distribution protocol that could work in e.g., small size interactive groups. This put completely different requirements on MIKEY compared to IKE (e.g., the one round-trip requirement, the group key distribution functionality requirement etc). > Then, is it impossible to use IKE for application-level > multicast key exchange protocol? Correct (there exist no functionality in IKE to distribute a group key for a multicast groups). Best, Fredrik > Thanks > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Mon Feb 24 10:17:35 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA16364 for ; Mon, 24 Feb 2003 10:17:34 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 146145373D; Mon, 24 Feb 2003 10:20:55 -0500 (EST) Delivered-To: msec@pairlist.net Received: from zcars04f.nortelnetworks.com (zcars04f.nortelnetworks.com [47.129.242.57]) by pairlist.net (Postfix) with ESMTP id E80A3535C2 for ; Mon, 24 Feb 2003 10:19:25 -0500 (EST) Received: from zbl6c012.us.nortel.com (zbl6c012.corpeast.baynetworks.com [132.245.205.62]) by zcars04f.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id h1OFJHG11341; Mon, 24 Feb 2003 10:19:18 -0500 (EST) Received: from zbl6c002.us.nortel.com (zbl6c002.corpeast.baynetworks.com [132.245.205.52]) by zbl6c012.us.nortel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id F1NM9XKX; Mon, 24 Feb 2003 10:19:17 -0500 Received: from nortelnetworks.com (artpt64r.us.nortel.com [47.140.54.96]) by zbl6c002.us.nortel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id FSJVXSW2; Mon, 24 Feb 2003 10:19:16 -0500 Message-ID: <3E5A3455.4090400@nortelnetworks.com> X-Sybari-Space: 00000000 00000000 00000000 From: Lakshminath Dondeti User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Deuk-Whee Kwak'" Cc: msec@lists.securemulticast.org Subject: Re: [MSEC] What is the relation between IKE and MIKEY? References: <1F55F6582266314A85A55F6241509B670575B1F8@Esealnt863.al.sw.ericsson.se> Content-Type: text/plain; charset=x-windows-949 Content-Transfer-Encoding: 7bit Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Mon, 24 Feb 2003 10:03:49 -0500 Content-Transfer-Encoding: 7bit GDOI (similar to IKE) and GSAKMP may be of interest to you. cheers, Lakshminath Fredrik Lindholm (EAB) wrote: > >>Then, is it impossible to use IKE for application-level >>multicast key exchange protocol? > > > Correct (there exist no functionality in IKE to distribute a group key > for a multicast groups). > > Best, > Fredrik > > >>Thanks >> >>_______________________________________________ >>msec mailing list >>msec@securemulticast.org >>http://www.pairlist.net/mailman/listinfo/msec >> > > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Feb 25 06:47:24 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA25093 for ; Tue, 25 Feb 2003 06:47:23 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id C0CCA53602; Tue, 25 Feb 2003 06:50:35 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id EFED4535DE for ; Tue, 25 Feb 2003 06:49:59 -0500 (EST) Received: (qmail 88570 invoked by uid 3269); 25 Feb 2003 11:50:00 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 88567 invoked from network); 25 Feb 2003 11:49:59 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 25 Feb 2003 11:49:59 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA24921; Tue, 25 Feb 2003 06:46:05 -0500 (EST) Message-Id: <200302251146.GAA24921@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-gsakmp-sec-01.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Feb 2003 06:46:05 -0500 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : GSAKMP Author(s) : H. Harney et al. Filename : draft-ietf-msec-gsakmp-sec-01.txt Pages : 44 Date : 2003-2-24 This document specifies the Group Secure Association Key Management Protocol (GSAKMP). The GSAKMP provides a security framework for creating and managing cryptographic groups on a network. The GSAKMP provides mechanisms to disseminate group security policy, authenticate users, rules to perform access control, generate group keys, and recover from compromise. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-gsakmp-sec-01.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-gsakmp-sec-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-gsakmp-sec-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-2-24142515.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-gsakmp-sec-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-gsakmp-sec-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-2-24142515.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Tue Feb 25 06:48:54 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA25191 for ; Tue, 25 Feb 2003 06:48:54 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 78A4A53630; Tue, 25 Feb 2003 06:52:17 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id E0C0A535DE for ; Tue, 25 Feb 2003 06:50:04 -0500 (EST) Received: (qmail 88587 invoked by uid 3269); 25 Feb 2003 11:50:04 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 88584 invoked from network); 25 Feb 2003 11:50:04 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 25 Feb 2003 11:50:04 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA24945; Tue, 25 Feb 2003 06:46:10 -0500 (EST) Message-Id: <200302251146.GAA24945@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: msec@securemulticast.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-tokenspec-sec-00.txt Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Tue, 25 Feb 2003 06:46:09 -0500 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : GSAKMP Token Specification Author(s) : H. Harney et al. Filename : draft-ietf-msec-tokenspec-sec-00.txt Pages : 39 Date : 2003-2-24 This document specifies the Group Secure Association Key Management Protocol (GSAKMP) Policy Token. The Token provides a format to specify a complete group security policy, necessary for formation of a group secure association. The GSAKMP Token maintains procedures for key dissemination, group membership, authorization and rekey. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-tokenspec-sec-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-tokenspec-sec-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-tokenspec-sec-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-2-24142524.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-tokenspec-sec-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-tokenspec-sec-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-2-24142524.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Feb 26 07:53:01 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA02828 for ; Wed, 26 Feb 2003 07:53:00 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id B44E053581; Wed, 26 Feb 2003 07:56:23 -0500 (EST) Delivered-To: msec@pairlist.net Received: from netmedia.kjist.ac.kr (netmedia.kjist.ac.kr [203.237.53.16]) by pairlist.net (Postfix) with ESMTP id 21BBF53533 for ; Wed, 26 Feb 2003 07:54:23 -0500 (EST) Subject: RE: [MSEC] What is the relation between IKE and MIKEY? Message-ID: <0ECD92AD3DC97C4686C7C172D347FA1A0EF544@nml.netmedia.kjist.ac.kr> MIME-Version: 1.0 Content-Type: text/plain; charset="ks_c_5601-1987" X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Thread-Topic: [MSEC] What is the relation between IKE and MIKEY? content-class: urn:content-classes:message Thread-Index: AcLdlCkZBIMhOE7hRb2LnfPVFqt40A== From: "Deuk-Whee Kwak" To: "Fredrik Lindholm (EAB)" Cc: Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 26 Feb 2003 21:39:54 +0900 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id HAA02828 Thank you for your kind answer -----Original Message----- From: msec-admin@securemulticast.org [mailto:msec-admin@securemulticast. org]On Behalf Of Fredrik Lindholm (EAB) Sent: Monday, February 24, 2003 5:14 PM To: 'Deuk-Whee Kwak'; msec@lists.securemulticast.org Subject: RE: [MSEC] What is the relation between IKE and MIKEY? > What is the relation between IKE and MIKEY? > As far as I understand, IKE is mainly used for network-level > peer-to-peer key exchange protocol, and MIKEY is mainly used > for application-level multicast key exchange protocol. MIKEY was designed to be a "low latency" group key distribution protocol that could work in e.g., small size interactive groups. This put completely different requirements on MIKEY compared to IKE (e.g., the one round-trip requirement, the group key distribution functionality requirement etc). > Then, is it impossible to use IKE for application-level > multicast key exchange protocol? Correct (there exist no functionality in IKE to distribute a group key for a multicast groups). I think it would have some advantages If it is possible to chanage or extend IKE at minor level for group key management protocol Is that possible If possible, Will it be a big job? thank you. > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://www.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Feb 26 08:06:47 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA03101 for ; Wed, 26 Feb 2003 08:06:47 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id A6BA253581; Wed, 26 Feb 2003 08:09:58 -0500 (EST) Delivered-To: msec@pairlist.net Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by pairlist.net (Postfix) with ESMTP id A99045353A for ; Wed, 26 Feb 2003 08:06:20 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id h1QD6JnS019229; Wed, 26 Feb 2003 14:06:19 +0100 (MET) Received: by esealnt610.al.sw.ericsson.se with Internet Mail Service (5.5.2655.55) id ; Wed, 26 Feb 2003 14:06:19 +0100 Message-ID: <1F55F6582266314A85A55F6241509B670575B210@Esealnt863.al.sw.ericsson.se> From: "Fredrik Lindholm (EAB)" To: "'Deuk-Whee Kwak'" Cc: msec@lists.securemulticast.org Subject: RE: [MSEC] What is the relation between IKE and MIKEY? MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="KS_C_5601-1987" Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 26 Feb 2003 13:53:43 +0100 Hi, > I think it would have some advantages If it is possible to > chanage or extend IKE at minor level for group key management protocol > Is that possible > If possible, Will it be a big job? As Lakshminath pointed out, you have two other group key distribution protocols in the msec wg, GSAKMP and GDOI. I think that GDOI (Group Domain of Interpretation) is more or less what you are asking for, i.e., a modification/extension of ISAKMP/IKE to support group key distribution. http://www.ietf.org/internet-drafts/draft-ietf-msec-gdoi-07.txt Cheers, Fredrik _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Wed Feb 26 09:16:49 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA05987 for ; Wed, 26 Feb 2003 09:16:48 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id B62BF535B6; Wed, 26 Feb 2003 09:20:12 -0500 (EST) Delivered-To: msec@pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by pairlist.net (Postfix) with SMTP id B23F753581 for ; Wed, 26 Feb 2003 09:18:54 -0500 (EST) Received: (qmail 53991 invoked by uid 3269); 26 Feb 2003 14:18:54 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 53988 invoked from network); 26 Feb 2003 14:18:54 -0000 Received: from pigeon.verisign.com (65.205.251.71) by klesh.pair.com with SMTP; 26 Feb 2003 14:18:54 -0000 Received: from vhqpostal-gw1.verisign.com (verisign.com [65.205.251.55]) by pigeon.verisign.com (8.12.1/) with ESMTP id h1QEGlDm010119 for ; Wed, 26 Feb 2003 06:16:47 -0800 (PST) Received: from THARDJONO-LAP.verisign.com (10.26.128.64 [10.26.128.64]) by vhqpostal-gw1.verisign.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2656.59) id FT5HDSVB; Wed, 26 Feb 2003 06:18:49 -0800 Message-Id: <5.0.0.25.2.20030226091628.02cea4f0@pop.mail.yahoo.com> X-Sender: thardjono@vhqpostal3.verisign.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 To: msec@securemulticast.org From: Thomas Hardjono Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [MSEC] MSEC Agenda for IETF-56 in San Francisco Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Wed, 26 Feb 2003 09:18:42 -0500 Folks, Here is the tentative Agenda as of today for the MSEC WG meeting at IETF56 in San Francisco in March 2003. Please email Ran/Thomas for corrections/additions. MSEC WG Agenda: --------------- - Review of WG status (T. Hardjono/R. Canetti) - TESLA Update (A. Perrig) - Feedback channel protection (L. Dondeti/T. Hardjono) - GKMA (L. Dondeti/B. Weis) - MESP (R.Canetti/M.Baugher) - DHHMAC for MIKEY Update (M. Euchner) - GSAKMP Policy Token (H. Harney) - Note that according to the IETF56 agenda, MSEC will meet on: MONDAY, March 17, 2003 1930-2200 Evening Sessions Regards Ran/Thomas ---------- _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec From msec-admin@securemulticast.org Thu Feb 27 12:27:04 2003 Received: from pairlist.net (pairlist.net [216.92.1.92]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA12776 for ; Thu, 27 Feb 2003 12:27:03 -0500 (EST) Received: from pairlist.net (localhost.pair.com [127.0.0.1]) by pairlist.net (Postfix) with ESMTP id 1AB20537B8; Thu, 27 Feb 2003 12:25:44 -0500 (EST) Delivered-To: msec@pairlist.net Received: from zcars04f.nortelnetworks.com (zcars04f.nortelnetworks.com [47.129.242.57]) by pairlist.net (Postfix) with ESMTP id 86C4F535B9 for ; Thu, 27 Feb 2003 11:38:41 -0500 (EST) Received: from zbl6c012.us.nortel.com (zbl6c012.corpeast.baynetworks.com [132.245.205.62]) by zcars04f.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id h1RGccb27817; Thu, 27 Feb 2003 11:38:38 -0500 (EST) Received: from zbl6c002.us.nortel.com (zbl6c002.corpeast.baynetworks.com [132.245.205.52]) by zbl6c012.us.nortel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id F1NM0VVB; Thu, 27 Feb 2003 11:38:37 -0500 Received: from nortelnetworks.com (artpt5mp.us.nortel.com [47.140.52.41]) by zbl6c002.us.nortel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id FSJVXXCX; Thu, 27 Feb 2003 11:38:37 -0500 Message-ID: <3E5E3F48.3000604@nortelnetworks.com> X-Sybari-Space: 00000000 00000000 00000000 From: Lakshminath Dondeti User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 To: msec , gsec@lists.tislabs.com Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: [MSEC] Securing Feedback Messages Sender: msec-admin@securemulticast.org Errors-To: msec-admin@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.0 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: Date: Thu, 27 Feb 2003 11:39:36 -0500 Content-Transfer-Encoding: 7bit All, We submitted a new draft on secure transmission of feedback messages for NACK transport, SA synchronization etc. Please note that due to time constraints the draft is really sketchy. We welcome discussion, both on whether such a feature is required, as well on the details of the solution. best regards, Lakshminath Title: Securing Feedback Messages: Secure and Scalable Many-to-one Communication Authors: L. Dondeti and T. Hardjono Abstract Members in a secure group may need to communicate to the GCKS to Deregister from the group, for SA resynchronization, and to request retransmission of a Rekey message. A simple solution is to keep the registration SA around, but that comes at the expense of O(n) SA maintenance, and storage at the GCKS. Each member is also responsible for maintaining an extra SA. We propose an efficient method for mem- bers to securely send messages to the GCKS, using the Rekey SA. http://www.ietf.org/internet-drafts/draft-dondeti-ietf-msec-secure-feedback-00.txt _______________________________________________ msec mailing list msec@securemulticast.org http://www.pairlist.net/mailman/listinfo/msec