From jari.arkko@lmf.ericsson.se Thu Apr 1 02:04:42 2004 Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA12063 for ; Thu, 1 Apr 2004 02:04:42 -0500 (EST) Received: from esealmw141.al.sw.ericsson.se ([153.88.254.120]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i3174gAh016003 for ; Thu, 1 Apr 2004 09:04:42 +0200 Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by esealmw141.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 09:04:41 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H81S8PNM; Thu, 1 Apr 2004 09:04:50 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i3174cwg001061; Thu, 1 Apr 2004 09:04:38 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3173mIt021212; Thu, 1 Apr 2004 09:03:48 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i3173mhd021210; Thu, 1 Apr 2004 09:03:48 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep01-app.kolumbus.fi (fep01-0.kolumbus.fi [193.229.0.41]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3173lIt021193 for ; Thu, 1 Apr 2004 09:03:47 +0200 (MET DST) Received: from mta.imail.kolumbus.fi ([193.229.5.108]) by fep01-app.kolumbus.fi with ESMTP id <20040401070346.YVUP4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi>; Thu, 1 Apr 2004 10:03:46 +0300 X-Mailer: Openwave WebEngine, version 2.8.10 (webedge20-101-191-20030113) From: To: CC: Subject: Re: Detailed text changes to the CGA draft to resolve CGA issue #12 Date: Thu, 1 Apr 2004 10:03:46 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20040401070346.YVUP4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 01 Apr 2004 07:04:41.0870 (UTC) FILETIME=[9AEA0AE0:01C417B7] Content-Transfer-Encoding: 7bit Tuomas, Your text looks good. A small nit below: > SEND > SHOULD use an RSA public/private key pair. When RSA is used, the > algorithm identifier MUST be rsaEncryption, which is > 1.2.840.113549.1.1.1, and the RSA public key MUST be formatted > using RSAPublicKey type as specified in Section 2.3.1 of RFC 3279 > [RFC3279]. The RSA key length SHOULD be at least 384 bits. Other > public key types or format SHOULD NOT be used for SEND to avoid > incompatibilities [I-D.ietf-send-ndopt] between implementations. > The length of the public key is determined by the ASN.1 encoding. I find the last SHOULD NOT a bit confusing. First, regarding public key types the earlier text already has a SHOULD for RSA, hence the SHOULD NOT for non-RSA seems implicit. Secondly, for format the text already has a MUST, so having just a SHOULD NOT for another format seems to weaken this. Finally, I'm not sure which part of NDOPT draft you are referring in the second last sentence. Perhaps the text would be simplier if you just omitted the keyword, as in: Other public key types or formats are undesirable in SEND, since they may result in incompatibilities between implementations. The length of the public key is determined by the ASN.1 encoding. --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 1 03:13:46 2004 Received: from albatross-ext.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA00821 for ; Thu, 1 Apr 2004 03:13:46 -0500 (EST) Received: from esealmw142.al.sw.ericsson.se ([153.88.254.119]) by albatross-ext.wise.edt.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i318DkqY021927 for ; Thu, 1 Apr 2004 10:13:46 +0200 (MEST) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw142.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 10:13:19 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FA7MCA; Thu, 1 Apr 2004 10:13:53 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i318DIXA017999; Thu, 1 Apr 2004 10:13:18 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i318ChIt005485; Thu, 1 Apr 2004 10:12:43 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i318Cgp0005484; Thu, 1 Apr 2004 10:12:42 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep19-app.kolumbus.fi (fep19-0.kolumbus.fi [193.229.0.45]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i318CfIt005479 for ; Thu, 1 Apr 2004 10:12:41 +0200 (MET DST) Received: from mta.imail.kolumbus.fi ([193.229.5.109]) by fep19-app.kolumbus.fi with ESMTP id <20040401081241.VROU23551.fep19-app.kolumbus.fi@mta.imail.kolumbus.fi> for ; Thu, 1 Apr 2004 11:12:41 +0300 X-Mailer: Openwave WebEngine, version 2.8.10 (webedge20-101-191-20030113) From: To: Subject: issue list updated for ndopts draft Date: Thu, 1 Apr 2004 11:12:41 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20040401081241.VROU23551.fep19-app.kolumbus.fi@mta.imail.kolumbus.fi> Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 01 Apr 2004 08:13:19.0154 (UTC) FILETIME=[3101B920:01C417C1] Content-Transfer-Encoding: 7bit I have updated the issue list for the ndopts draft. It contains four issues. I think we have a basic agreement for all of them, though at least one needs a text proposal (working on it). The issue web page is at: http://www.arkko.com/publications/send/issues/ --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 1 04:52:19 2004 Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA03774 for ; Thu, 1 Apr 2004 04:52:18 -0500 (EST) Received: from esealmw140.al.sw.ericsson.se ([153.88.254.121]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i319qJAh030198 for ; Thu, 1 Apr 2004 11:52:20 +0200 Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw140.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 11:52:19 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FA8Y19; Thu, 1 Apr 2004 11:52:54 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i319qIwg018125; Thu, 1 Apr 2004 11:52:18 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i319pWIt026912; Thu, 1 Apr 2004 11:51:32 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i319pV4b026911; Thu, 1 Apr 2004 11:51:31 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep01-app.kolumbus.fi (fep01-0.kolumbus.fi [193.229.0.41]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i319pUIt026905 for ; Thu, 1 Apr 2004 11:51:30 +0200 (MET DST) Received: from mta.imail.kolumbus.fi ([193.229.5.114]) by fep01-app.kolumbus.fi with ESMTP id <20040401095130.BBNG4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> for ; Thu, 1 Apr 2004 12:51:30 +0300 X-Mailer: Openwave WebEngine, version 2.8.10 (webedge20-101-191-20030113) From: To: Subject: issue 68 -- pad length fields Date: Thu, 1 Apr 2004 12:51:30 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20040401095130.BBNG4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 01 Apr 2004 09:52:19.0960 (UTC) FILETIME=[0600C780:01C417CF] Content-Transfer-Encoding: 7bit I have edited the suggested issue resolution to the draft. Furthermore, I added the actual Padding fields explicitly to the pictures for the certificate and trust anchor options, as they had been missing. For the diffs and text, see http://www.arkko.com/publications/send/issues/issue68diff.html http://www.arkko.com/publications/send/drafts/draft-send-ndopt.txt --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 1 05:24:04 2004 Received: from albatross-ext.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA04823 for ; Thu, 1 Apr 2004 05:24:04 -0500 (EST) Received: from esealmw143.al.sw.ericsson.se ([153.88.254.118]) by albatross-ext.wise.edt.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i31AO5qY002840 for ; Thu, 1 Apr 2004 12:24:05 +0200 (MEST) Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by esealmw143.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 12:24:03 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H81S0Y0V; Thu, 1 Apr 2004 12:24:12 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i31AO2wg021952; Thu, 1 Apr 2004 12:24:02 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31ANNIt003543; Thu, 1 Apr 2004 12:23:23 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i31ANMHW003542; Thu, 1 Apr 2004 12:23:22 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep01-app.kolumbus.fi (fep01-0.kolumbus.fi [193.229.0.41]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31ANMIt003538 for ; Thu, 1 Apr 2004 12:23:22 +0200 (MET DST) Received: from mta.imail.kolumbus.fi ([193.229.5.114]) by fep01-app.kolumbus.fi with ESMTP id <20040401102321.BMXM4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> for ; Thu, 1 Apr 2004 13:23:21 +0300 X-Mailer: Openwave WebEngine, version 2.8.10 (webedge20-101-191-20030113) From: To: Subject: Re: SEND "triggers": passive vs active use? Date: Thu, 1 Apr 2004 13:23:21 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20040401102321.BMXM4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 01 Apr 2004 10:24:03.0364 (UTC) FILETIME=[74852E40:01C417D3] Content-Transfer-Encoding: 7bit The text agreed upon by Jim and Greg seems good to me (with small edits). See http://www.arkko.com/publications/send/issues/issue69diff.html Btw, I spent some time thinking about the proxy neighbor discovery limitation, and whether we should say something more about it in the current specification. Such as recommending that mobile nodes should not use SEND for their home address while on the home link. However, it seems that the rules on how to treat the proxy case are quite specific to the application, and there's a danger of starting to specify the proxy operation in the base SEND spec. So I finally came to the conclusion that the current text about the limitation is sufficient; lets deal with the rest in a future specification, and also take SEND into account in the ipv6 proxy draft. --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 1 05:44:44 2004 Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA05413 for ; Thu, 1 Apr 2004 05:44:44 -0500 (EST) Received: from esealmw140.al.sw.ericsson.se ([153.88.254.121]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i31AikAh011340 for ; Thu, 1 Apr 2004 12:44:46 +0200 Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw140.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 12:44:46 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FA9HKQ; Thu, 1 Apr 2004 12:45:20 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i31Aiewg022854; Thu, 1 Apr 2004 12:44:40 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31AiGIt007567; Thu, 1 Apr 2004 12:44:16 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i31AiFEJ007566; Thu, 1 Apr 2004 12:44:15 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from neon.tcs.hut.fi (neon.tcs.hut.fi [130.233.215.20]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31AiEIt007562 for ; Thu, 1 Apr 2004 12:44:14 +0200 (MET DST) Received: from rhea.tcs.hut.fi (rhea.tcs.hut.fi [130.233.215.147]) by neon.tcs.hut.fi (Postfix) with ESMTP id 938258001D0; Thu, 1 Apr 2004 13:44:14 +0300 (EEST) Received: from rhea.tcs.hut.fi (localhost [127.0.0.1]) by rhea.tcs.hut.fi (8.12.3/8.12.3/Debian-6.6) with ESMTP id i31AiE0w004164; Thu, 1 Apr 2004 13:44:14 +0300 Received: from localhost (vnuorval@localhost) by rhea.tcs.hut.fi (8.12.3/8.12.3/Debian-6.6) with ESMTP id i31AiDxn004160; Thu, 1 Apr 2004 13:44:13 +0300 Date: Thu, 1 Apr 2004 13:44:13 +0300 (EEST) From: Ville Nuorvala To: jari.arkko@kolumbus.fi, ietf-send@standards.ericsson.net Subject: SEND: Incorrect Modifier length in section 5.1.2 In-Reply-To: <20040401095130.BBNG4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> Message-ID: References: <20040401095130.BBNG4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 01 Apr 2004 10:44:46.0156 (UTC) FILETIME=[594830C0:01C417D6] Hello, reading draft-ietf-send-ndopt-04 i noticed a small error that hasn't been fixed yet. In section 5.1.2, in the first paragraph of page 14, the line data: the contents of the 8-octet Modifier field, the 8-octet should read data: the contents of the 16-octet Modifier field, the 8-octet Thanks, Ville -- Ville Nuorvala Research Assistant, Institute of Digital Communications, Helsinki University of Technology email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257 -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 1 06:07:14 2004 Received: from albatross-ext.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06160 for ; Thu, 1 Apr 2004 06:07:14 -0500 (EST) Received: from esealmw141.al.sw.ericsson.se ([153.88.254.120]) by albatross-ext.wise.edt.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i31B7FqY014702 for ; Thu, 1 Apr 2004 13:07:16 +0200 (MEST) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw141.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 13:07:14 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FA93LP; Thu, 1 Apr 2004 13:07:49 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i31B74wg023919; Thu, 1 Apr 2004 13:07:04 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31B6TIt012733; Thu, 1 Apr 2004 13:06:29 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i31B6TuN012732; Thu, 1 Apr 2004 13:06:29 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep01-app.kolumbus.fi (fep01-0.kolumbus.fi [193.229.0.41]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31B6SIt012728 for ; Thu, 1 Apr 2004 13:06:28 +0200 (MET DST) Received: from mta.imail.kolumbus.fi ([193.229.5.114]) by fep01-app.kolumbus.fi with ESMTP id <20040401110628.CBYF4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi>; Thu, 1 Apr 2004 14:06:28 +0300 X-Mailer: Openwave WebEngine, version 2.8.10 (webedge20-101-191-20030113) From: To: CC: Subject: Re: SEND: Incorrect Modifier length in section 5.1.2 Date: Thu, 1 Apr 2004 14:06:28 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20040401110628.CBYF4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 01 Apr 2004 11:07:14.0724 (UTC) FILETIME=[7D175640:01C417D9] Content-Transfer-Encoding: 7bit > In section 5.1.2, in the first paragraph of page 14, > the line > data: the contents of the 8-octet Modifier field, the 8-octet > should read > data: the contents of the 16-octet Modifier field, the 8-octet You are right. (OTOH, I think this part of the text will be removed to make it opaque block of parameters, as Tuomas Aura has suggested...) --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 1 06:41:54 2004 Received: from penguin-ext.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA07172 for ; Thu, 1 Apr 2004 06:41:54 -0500 (EST) Received: from esealmw141.al.sw.ericsson.se ([153.88.254.120]) by penguin-ext.wise.edt.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i31BfsYG021904 for ; Thu, 1 Apr 2004 13:41:55 +0200 (MEST) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw141.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 13:41:54 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FA9Y5N; Thu, 1 Apr 2004 13:42:28 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i31BfrXA007981; Thu, 1 Apr 2004 13:41:53 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31BfHIt019834; Thu, 1 Apr 2004 13:41:17 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i31BfHeQ019833; Thu, 1 Apr 2004 13:41:17 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep01-app.kolumbus.fi (fep01-0.kolumbus.fi [193.229.0.41]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31BfGIt019828 for ; Thu, 1 Apr 2004 13:41:16 +0200 (MET DST) Received: from mta.imail.kolumbus.fi ([193.229.5.114]) by fep01-app.kolumbus.fi with ESMTP id <20040401114116.CMYZ4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi>; Thu, 1 Apr 2004 14:41:16 +0300 X-Mailer: Openwave WebEngine, version 2.8.10 (webedge20-101-191-20030113) From: To: CC: Subject: issue 70 -- upgrade path for algorithms Date: Thu, 1 Apr 2004 14:41:16 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20040401114116.CMYZ4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 01 Apr 2004 11:41:54.0126 (UTC) FILETIME=[5482E6E0:01C417DE] Content-Transfer-Encoding: 7bit I have now made a tentative edit for the ndopt draft in order to make the CGA Parameters block opaque. The diff and text is available here: http://www.arkko.com/publications/send/issues/issue70diff.html http://www.arkko.com/publications/send/drafts/draft-send-ndopt.txt One potential question mark surfaced during the editing. Remember the other issue we had about pad length fields vs. implicit padding. Given your definition in the preliminary CGA draft 06, the last field, Extension Fields, is of variable size and there's no defined ASN.1 for it. As a result, I've put a Pad Length field to the CGA Option in order to know when your field ends and the padding starts. If people are unhappy with this approach, we can also make the CGA draft have some kind of length determination, and then we can skip the Pad Length field. Comments? Other issues? --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 1 11:20:05 2004 Received: from penguin-ext.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18893 for ; Thu, 1 Apr 2004 11:20:05 -0500 (EST) Received: from esealmw140.al.sw.ericsson.se ([153.88.254.121]) by penguin-ext.wise.edt.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i31GK6YG003666 for ; Thu, 1 Apr 2004 18:20:06 +0200 (MEST) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw140.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 18:20:06 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FBBL3P; Thu, 1 Apr 2004 18:20:41 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i31GJvwg014159; Thu, 1 Apr 2004 18:19:57 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31GJJIt020626; Thu, 1 Apr 2004 18:19:19 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i31GJJmF020625; Thu, 1 Apr 2004 18:19:19 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31GJHIt020620 for ; Thu, 1 Apr 2004 18:19:17 +0200 (MET DST) Message-ID: <009801c41805$28bdb180$6e6115ac@dcml.docomolabsusa.com> From: "James Kempf" To: , References: <20040401102321.BMXM4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> Subject: Re: SEND "triggers": passive vs active use? Date: Thu, 1 Apr 2004 08:19:50 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 01 Apr 2004 16:20:06.0671 (UTC) FILETIME=[320B21F0:01C41805] Content-Transfer-Encoding: 7bit Sounds good. jak ----- Original Message ----- From: To: Sent: Thursday, April 01, 2004 2:23 AM Subject: Re: SEND "triggers": passive vs active use? > > The text agreed upon by Jim and Greg seems > good to me (with small edits). See > > http://www.arkko.com/publications/send/issues/issue69diff.html > > Btw, I spent some time thinking about the proxy > neighbor discovery limitation, and whether we should > say something more about it in the current specification. > Such as recommending that mobile nodes should not use > SEND for their home address while on the home link. > However, it seems that the rules on how to treat the > proxy case are quite specific to the application, and > there's a danger of starting to specify the proxy > operation in the base SEND spec. So I finally came > to the conclusion that the current text about the > limitation is sufficient; lets deal with the rest in > a future specification, and also take SEND into account > in the ipv6 proxy draft. > > --Jari > > > -------------------------------------------------------------------- > To unsubscribe from this list, send email with "UNSUBSCRIBE" in the > body to . > Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html > -------------------------------------------------------------------- -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 1 11:21:18 2004 Received: from penguin-ext.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19194 for ; Thu, 1 Apr 2004 11:21:17 -0500 (EST) Received: from esealmw140.al.sw.ericsson.se ([153.88.254.121]) by penguin-ext.wise.edt.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i31GLJYG004067 for ; Thu, 1 Apr 2004 18:21:19 +0200 (MEST) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw140.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 18:21:17 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FBBLWC; Thu, 1 Apr 2004 18:21:52 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i31GLGXA018060; Thu, 1 Apr 2004 18:21:16 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31GL8It020979; Thu, 1 Apr 2004 18:21:08 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i31GL7Xx020978; Thu, 1 Apr 2004 18:21:07 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i31GL6It020974 for ; Thu, 1 Apr 2004 18:21:06 +0200 (MET DST) Message-ID: <00af01c41805$6a0349c0$6e6115ac@dcml.docomolabsusa.com> From: "James Kempf" To: , Cc: References: <20040401114116.CMYZ4029.fep01-app.kolumbus.fi@mta.imail.kolumbus.fi> Subject: Re: issue 70 -- upgrade path for algorithms Date: Thu, 1 Apr 2004 08:21:40 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 01 Apr 2004 16:21:17.0516 (UTC) FILETIME=[5C4538C0:01C41805] Content-Transfer-Encoding: 7bit This sounds fine, and consistent with the use of padding for the trust root field. jak ----- Original Message ----- From: To: Cc: Sent: Thursday, April 01, 2004 3:41 AM Subject: issue 70 -- upgrade path for algorithms > > I have now made a tentative edit for the ndopt > draft in order to make the CGA Parameters block > opaque. > > The diff and text is available here: > http://www.arkko.com/publications/send/issues/issue70diff.html > http://www.arkko.com/publications/send/drafts/draft-send-ndopt.txt > > One potential question mark surfaced during the > editing. Remember the other issue we had about > pad length fields vs. implicit padding. Given your > definition in the preliminary CGA draft 06, > the last field, Extension Fields, is of variable > size and there's no defined ASN.1 for it. As a > result, I've put a Pad Length field to the CGA Option > in order to know when your field ends and the padding > starts. If people are unhappy with this approach, we > can also make the CGA draft have some kind of length > determination, and then we can skip the Pad Length > field. > > Comments? Other issues? > > --Jari > > > -------------------------------------------------------------------- > To unsubscribe from this list, send email with "UNSUBSCRIBE" in the > body to . > Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html > -------------------------------------------------------------------- -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 6 03:03:40 2004 Received: from penguin.ericsson.se (penguin.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA11957 for ; Tue, 6 Apr 2004 03:03:39 -0400 (EDT) Received: from esealmw140.al.sw.ericsson.se ([153.88.254.121]) by penguin.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i3673dPA014539 for ; Tue, 6 Apr 2004 09:03:39 +0200 (MEST) Received: from esealnt612.al.sw.ericsson.se ([153.88.254.118]) by esealmw140.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 09:03:38 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 212ZAG3N; Tue, 6 Apr 2004 09:03:38 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i3673Kwg014837; Tue, 6 Apr 2004 09:03:20 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36727It027340; Tue, 6 Apr 2004 09:02:07 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i36727Kp027339; Tue, 6 Apr 2004 09:02:07 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36725It027335 for ; Tue, 6 Apr 2004 09:02:05 +0200 (MET DST) Received: from inet-vrs-01.redmond.corp.microsoft.com ([157.54.8.27]) by mail1.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 00:02:05 -0700 Received: from 157.54.6.150 by inet-vrs-01.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 06 Apr 2004 00:02:03 -0700 Received: from RED-MSG-43.redmond.corp.microsoft.com ([157.54.12.203]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 00:02:01 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7195.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Detailed text changes to the CGA draft to resolve CGA issue #12 Date: Mon, 5 Apr 2004 23:59:10 -0700 Message-ID: <64A531765B7C8342BFA260497BE0045701C54C4D@RED-MSG-43.redmond.corp.microsoft.com> Thread-Topic: Detailed text changes to the CGA draft to resolve CGA issue #12 Thread-Index: AcQXt4GzjJDWr9YzRm+vx7ofpctzWAD7PYvg From: "Tuomas Aura" To: "SEND WG" X-OriginalArrivalTime: 06 Apr 2004 07:02:01.0654 (UTC) FILETIME=[0F7BC560:01C41BA5] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by sw.ericsson.se id i36726It027336 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit Jari Arkko wrote: > Perhaps the text would be simplier if you just omitted the > keyword, as in: > > Other public key types or formats are undesirable in SEND, > since they may result in incompatibilities between > implementations. The length of the public key is determined > by the ASN.1 encoding. Ok. This is a better wording. Tuomas -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 6 04:11:44 2004 Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA18232 for ; Tue, 6 Apr 2004 04:11:44 -0400 (EDT) Received: from esealmw141.al.sw.ericsson.se ([153.88.254.120]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i368BiAh028527 for ; Tue, 6 Apr 2004 10:11:45 +0200 Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw141.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 10:11:40 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FCLXT1; Tue, 6 Apr 2004 10:12:20 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i368BNXA019840; Tue, 6 Apr 2004 10:11:23 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3689BIt010899; Tue, 6 Apr 2004 10:09:11 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i3689B3i010898; Tue, 6 Apr 2004 10:09:11 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36894It010844 for ; Tue, 6 Apr 2004 10:09:10 +0200 (MET DST) Received: from mail6.microsoft.com ([157.54.6.196]) by mail4.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 01:08:40 -0700 Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.181]) by mail6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Tue, 6 Apr 2004 01:08:48 -0700 Received: from 157.54.6.197 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 06 Apr 2004 01:08:48 -0700 Received: from RED-MSG-43.redmond.corp.microsoft.com ([157.54.12.203]) by INET-HUB-06.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 01:08:49 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7195.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: CGA Issue #7: Strengthening Section 7.4 (Ted Hardie) Date: Tue, 6 Apr 2004 01:05:55 -0700 Message-ID: <64A531765B7C8342BFA260497BE0045701C54C51@RED-MSG-43.redmond.corp.microsoft.com> Thread-Topic: CGA Issue #7: Strengthening Section 7.4 (Ted Hardie) Thread-Index: AcQXUj38BYSsOIpSQie6P2DAkC9B6QEVVAJw From: "Tuomas Aura" To: "SEND WG" X-OriginalArrivalTime: 06 Apr 2004 08:08:49.0727 (UTC) FILETIME=[647B2CF0:01C41BAE] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by sw.ericsson.se id i3689BIt010895 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit Personally, I think that there is some merit to using the word "authentication" for CGA-signed messages sent from the CGA. However, there is absolutely no need to use the controversial word in the draft. Here is my simplified version of the text: In any protocol that uses other identifiers, such as DNS names, CGA signatures alone are not a sufficient security mechanism. There must also be a secure way of mapping the other identifiers to IPv6 addresses. If the goal is not to verify claims about IPv6 addresses, CGA signatures are probably not the right solution. Elsewhere in the paper, I've make the following edits: "CGA-based authentication" --> "CGA-based security" "CGA-based authentication" --> "CGA signatures" "authenticated SEND messages" --> "signed SEND messages" Tuomas James Kempf wrote: > I agree, with the provision that CGAs don't provide authentication, they > prove authorization. Hence I'd suggest the following rewording: > > In any protocol that aims to use other identifiers, > CGA-based authorization alone is not sufficient to protect > the application. There must also be a secure mechanism for > mapping higher-layer identifiers, such as DNS names, to > IP addresses. If the primary goal is not to deterimine the > authorization to make claims about an IPv6 address, CGA-based > authorization is probably not the right solution. > > and changing "authentication" to "authorization" in the rest of the > paragraph. -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 6 06:57:27 2004 Received: from penguin.ericsson.se (penguin.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA01820 for ; Tue, 6 Apr 2004 06:57:26 -0400 (EDT) Received: from esealmw141.al.sw.ericsson.se ([153.88.254.120]) by penguin.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i36AvSPA010896 for ; Tue, 6 Apr 2004 12:57:28 +0200 (MEST) Received: from esealnt612.al.sw.ericsson.se ([153.88.254.118]) by esealmw141.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 12:57:28 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 212ZCL2N; Tue, 6 Apr 2004 12:57:27 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i36AvQXA024107; Tue, 6 Apr 2004 12:57:27 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36AuYIt016619; Tue, 6 Apr 2004 12:56:34 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i36AuYoY016618; Tue, 6 Apr 2004 12:56:34 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36AuWIt016596 for ; Tue, 6 Apr 2004 12:56:33 +0200 (MET DST) Received: from mail5.microsoft.com ([157.54.6.156]) by mail1.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 03:56:33 -0700 Received: from inet-vrs-05.redmond.corp.microsoft.com ([157.54.6.157]) by mail5.microsoft.com with Microsoft SMTPSVC(6.0.3790.1039); Tue, 6 Apr 2004 03:56:34 -0700 Received: from 157.54.8.155 by inet-vrs-05.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 06 Apr 2004 03:56:30 -0700 Received: from RED-MSG-43.redmond.corp.microsoft.com ([157.54.12.203]) by inet-hub-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 03:56:24 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7195.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: CGA Issue #11: Key lifetimes (Russ Housley) Date: Tue, 6 Apr 2004 03:53:37 -0700 Message-ID: <64A531765B7C8342BFA260497BE0045701C54C61@RED-MSG-43.redmond.corp.microsoft.com> Thread-Topic: CGA Issue #11: Key lifetimes (Russ Housley) Thread-Index: AcQXSL684l9AMp/5T4OG5GSxwKMoWwEeU0qQ From: "Tuomas Aura" To: "SEND WG" Cc: "Jari Arkko" X-OriginalArrivalTime: 06 Apr 2004 10:56:24.0567 (UTC) FILETIME=[CDA20070:01C41BC5] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by sw.ericsson.se id i36AuXIt016615 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit Jari wrote about the changes to Section 7.1: > I agree with the text you have provided, but what about > brute force attacks on RSA keys? I seem to remember that > the mandated key length is small, so perhaps with some > time on their hands, an attacker could discover the private > key without compromising the node. Maybe you should add > something about not keeping the keys longer than you > believe the keys are cryptographically safe? Or am I > missing something obvious? This is a valid point. However, the right reaction to factoring attacks is not to set a maximum lifetime for the keys but to increase key length. The reason is that increasing the key refresh rate has only a linear effect on the security while increasing the key length has a near-exponential effect. Here is a new proposal for the end of Section 7.1: The minimum RSA key length required for SEND is only 384 bits. So short keys are vulnerable to integer-factoring attacks and cannot be used for strong authentication or secrecy. On the other hand, the cost of factoring 384-bit keys is currently high enough to prevent most denial-of-service attacks. Implementations that initially use short RSA keys SHOULD be prepared switch to longer keys when denial-of-service attacks arising from integer factoring become a problem. The impact of a key compromise on CGAs depends on the application for which they are used. In SEND, it is not a major concern. If the private signature key is compromised because the SEND node itself has been compromised, the attacker does not need to spoof SEND messages from the node. When it is discovered that a node has been compromised, a new signature key and a new CGA SHOULD be generated. On the other hand, if the RSA key is compromised because integer-factoring attacks for the chosen key length have become practical, the key needs to be replaced with a longer one, as explained above. In either case, the address change effectively revokes the old public key. It is not necessary to have any additional key revocation mechanism or to limit the lifetimes of the signature keys. I would also add the following sentence to the cautionary notes in Section 7.4 Related Protocols: Second, the minimum RSA key length of 384 bits may be too short for many applications and the impact of key compromise on the particular protocol needs to be evaluated. Tuomas > -----Original Message----- > From: Jari Arkko [mailto:jari.arkko@kolumbus.fi] > Sent: 31 March 2004 19:40 > To: Tuomas Aura > Cc: SEND WG > Subject: Re: CGA Issue #11: Key lifetimes (Russ Housley) > > Tuomas, > > I agree with the text you have provided, but what about > brute force attacks on RSA keys? I seem to remember that > the mandated key length is small, so perhaps with some > time on their hands, an attacker could discover the private > key without compromising the node. Maybe you should add > something about not keeping the keys longer than you > believe the keys are cryptographically safe? Or am I > missing something obvious? > > --Jari > > Tuomas Aura wrote: > > Russ Housley: > > > > The security considerations ought to say something about the lifetime > > of the public/private key pair. The one brief statement in section > > 7.3 > > is not sufficient for an implementor to know how often the key pair > > needs to be changed. > > > > --- > > > > Tuomas Aura: > > > > There isn't any reason for changing the keys, except if the > > host is compromised and its private keys may have leaked. > > > > I suggest adding the following to Section 7.1: > > > > The impact of key compromise depends on the > > application of the CGA-based signatures. In SEND, it is not a > > major concern. The private signature key is typically stored > > in the physical node that uses the CGA generated from the > > corresponding public key. If the private key is compromised, it > > is likely that the node itself has been compromised. If that is > > the case, the attacker does not need to spoof SEND messages > > from the node. When it is discovered that a node has > > been compromised, a new signature key and a new CGA SHOULD be > > generated. The address change effectively revokes the > > old public key. It is not necessary to have any additional > > key revocation mechanism or to limit the lifetimes of the > > signature keys. > > -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 6 08:24:08 2004 Received: from albatross.ericsson.se (albatross.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA10123 for ; Tue, 6 Apr 2004 08:24:08 -0400 (EDT) Received: from esealmw140.al.sw.ericsson.se ([153.88.254.121]) by albatross.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i36CO7WR018070 for ; Tue, 6 Apr 2004 14:24:08 +0200 (MEST) Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by esealmw140.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 14:24:07 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 2CQB7WTQ; Tue, 6 Apr 2004 14:24:34 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i36CNtwg026879; Tue, 6 Apr 2004 14:23:55 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36CN4It005650; Tue, 6 Apr 2004 14:23:04 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i36CN4Ge005649; Tue, 6 Apr 2004 14:23:04 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36CN2It005645 for ; Tue, 6 Apr 2004 14:23:03 +0200 (MET DST) Received: from mail5.microsoft.com ([157.54.6.156]) by mail2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1041); Tue, 6 Apr 2004 05:23:09 -0700 Received: from inet-vrs-05.redmond.corp.microsoft.com ([157.54.6.157]) by mail5.microsoft.com with Microsoft SMTPSVC(6.0.3790.1039); Tue, 6 Apr 2004 05:23:05 -0700 Received: from 157.54.5.25 by inet-vrs-05.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 06 Apr 2004 05:23:00 -0700 Received: from RED-MSG-43.redmond.corp.microsoft.com ([157.54.12.203]) by inet-hub-03.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 05:22:47 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7195.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: issue 70 -- upgrade path for algorithms Date: Tue, 6 Apr 2004 05:20:07 -0700 Message-ID: <64A531765B7C8342BFA260497BE0045701C54C82@RED-MSG-43.redmond.corp.microsoft.com> Thread-Topic: issue 70 -- upgrade path for algorithms Thread-Index: AcQX3kl4GZYL9XvrTrOo0GJXNZP8jwD7vt/A From: "Tuomas Aura" To: Cc: X-OriginalArrivalTime: 06 Apr 2004 12:22:47.0269 (UTC) FILETIME=[DEC39150:01C41BD1] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by sw.ericsson.se id i36CN3It005646 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit There is one inconsistency in NDOPT created by the latest round of changes, and another paragraph that could be improved. Otherwise, the changes made by Jari look ok to me. In NDOPT Section 5.2: The SHA-1 hash is taken over the presentation used in the Key Information field of the CGA option. This should be something like: The SHA-1 hash is taken over the presentation used in the Public Key field of the CGA Parameters data structure that is carried in the CGA option. In NDOPT Section 7.1: Nodes that use stateless address autoconfiguration SHOULD generate a new CGA as specified in Section 4 of [13] each time they run the autoconfiguration procedure. The nodes MAY continue to use the same public key and modifier, and start the process from Step 4 of the generation algorithm. This could be changed to: Nodes that use stateless address autoconfiguration SHOULD generate a new CGA and a CGA Parameters data structure as specified in Section 4 of [13] each time they run the autoconfiguration procedure. (I think the last sentence is now unnecessary in NDOPT and can be deleted.) Tuomas > -----Original Message----- > From: jari.arkko@kolumbus.fi [mailto:jari.arkko@kolumbus.fi] > Sent: 01 April 2004 13:41 > To: Tuomas Aura > Cc: ietf-send@standards.ericsson.net > Subject: issue 70 -- upgrade path for algorithms > > > I have now made a tentative edit for the ndopt > draft in order to make the CGA Parameters block > opaque. > > The diff and text is available here: > http://www.arkko.com/publications/send/issues/issue70diff.html > http://www.arkko.com/publications/send/drafts/draft-send-ndopt.txt > > One potential question mark surfaced during the > editing. Remember the other issue we had about > pad length fields vs. implicit padding. Given your > definition in the preliminary CGA draft 06, > the last field, Extension Fields, is of variable > size and there's no defined ASN.1 for it. As a > result, I've put a Pad Length field to the CGA Option > in order to know when your field ends and the padding > starts. If people are unhappy with this approach, we > can also make the CGA draft have some kind of length > determination, and then we can skip the Pad Length > field. > > Comments? Other issues? > > --Jari > -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 6 12:05:49 2004 Received: from albatross.ericsson.se (albatross.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01006 for ; Tue, 6 Apr 2004 12:05:48 -0400 (EDT) Received: from esealmw140.al.sw.ericsson.se ([153.88.254.121]) by albatross.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i36G5kWR012171 for ; Tue, 6 Apr 2004 18:05:49 +0200 (MEST) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw140.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 18:05:45 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FCQFN9; Tue, 6 Apr 2004 18:06:35 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i36G5dwg010263; Tue, 6 Apr 2004 18:05:39 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36G4lIt023353; Tue, 6 Apr 2004 18:04:47 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i36G4lOt023352; Tue, 6 Apr 2004 18:04:47 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36G4jIt023347 for ; Tue, 6 Apr 2004 18:04:46 +0200 (MET DST) Message-ID: <015c01c41bf0$f5ad68e0$366115ac@dcml.docomolabsusa.com> From: "James Kempf" To: "Tuomas Aura" , "SEND WG" References: <64A531765B7C8342BFA260497BE0045701C54C51@RED-MSG-43.redmond.corp.microsoft.com> Subject: Re: CGA Issue #7: Strengthening Section 7.4 (Ted Hardie) Date: Tue, 6 Apr 2004 09:05:20 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 06 Apr 2004 16:05:45.0748 (UTC) FILETIME=[04F57540:01C41BF1] Content-Transfer-Encoding: 7bit Ok this looks fine. jak ----- Original Message ----- From: "Tuomas Aura" To: "SEND WG" Sent: Tuesday, April 06, 2004 1:05 AM Subject: RE: CGA Issue #7: Strengthening Section 7.4 (Ted Hardie) > Personally, I think that there is some merit to using the word > "authentication" for CGA-signed messages sent from the CGA. > However, there is absolutely no need to use the controversial > word in the draft. Here is my simplified version of the text: > > In any protocol that uses other identifiers, such as DNS names, > CGA signatures alone are not a sufficient security mechanism. > There must also be a secure way of mapping the other identifiers > to IPv6 addresses. If the goal is not to verify claims about IPv6 > addresses, CGA signatures are probably not the right solution. > > Elsewhere in the paper, I've make the following edits: > "CGA-based authentication" --> "CGA-based security" > "CGA-based authentication" --> "CGA signatures" > "authenticated SEND messages" --> "signed SEND messages" > > Tuomas > > > James Kempf wrote: > > I agree, with the provision that CGAs don't provide authentication, > they > > prove authorization. Hence I'd suggest the following rewording: > > > > In any protocol that aims to use other identifiers, > > CGA-based authorization alone is not sufficient to protect > > the application. There must also be a secure mechanism for > > mapping higher-layer identifiers, such as DNS names, to > > IP addresses. If the primary goal is not to deterimine the > > authorization to make claims about an IPv6 address, CGA-based > > authorization is probably not the right solution. > > > > and changing "authentication" to "authorization" in the rest of the > > paragraph. > > > > -------------------------------------------------------------------- > To unsubscribe from this list, send email with "UNSUBSCRIBE" in the > body to . > Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html > -------------------------------------------------------------------- -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 6 12:10:00 2004 Received: from penguin.ericsson.se (penguin.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01737 for ; Tue, 6 Apr 2004 12:09:59 -0400 (EDT) Received: from esealmw143.al.sw.ericsson.se ([153.88.254.118]) by penguin.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i36GA0PA022812 for ; Tue, 6 Apr 2004 18:10:00 +0200 (MEST) Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by esealmw143.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 18:09:56 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 2CQB902W; Tue, 6 Apr 2004 18:10:24 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i36G9tXA000278; Tue, 6 Apr 2004 18:09:55 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36G9kIt024042; Tue, 6 Apr 2004 18:09:46 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i36G9k4l024041; Tue, 6 Apr 2004 18:09:46 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36G9iIt024037 for ; Tue, 6 Apr 2004 18:09:45 +0200 (MET DST) Message-ID: <01ce01c41bf1$a83f5e50$366115ac@dcml.docomolabsusa.com> From: "James Kempf" To: "Tuomas Aura" , "SEND WG" Cc: "Jari Arkko" References: <64A531765B7C8342BFA260497BE0045701C54C61@RED-MSG-43.redmond.corp.microsoft.com> Subject: Re: CGA Issue #11: Key lifetimes (Russ Housley) Date: Tue, 6 Apr 2004 09:10:19 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 06 Apr 2004 16:09:56.0728 (UTC) FILETIME=[9A8DF780:01C41BF1] Content-Transfer-Encoding: 7bit Yes, this sounds fine. jak ----- Original Message ----- From: "Tuomas Aura" To: "SEND WG" Cc: "Jari Arkko" Sent: Tuesday, April 06, 2004 3:53 AM Subject: RE: CGA Issue #11: Key lifetimes (Russ Housley) > Jari wrote about the changes to Section 7.1: > > I agree with the text you have provided, but what about > > brute force attacks on RSA keys? I seem to remember that > > the mandated key length is small, so perhaps with some > > time on their hands, an attacker could discover the private > > key without compromising the node. Maybe you should add > > something about not keeping the keys longer than you > > believe the keys are cryptographically safe? Or am I > > missing something obvious? > > This is a valid point. However, the right reaction to > factoring attacks is not to set a maximum lifetime for the > keys but to increase key length. The reason is that > increasing the key refresh rate has only a linear effect > on the security while increasing the key length has a > near-exponential effect. > > Here is a new proposal for the end of Section 7.1: > > The minimum RSA key length required for SEND is only 384 > bits. So short keys are vulnerable to integer-factoring > attacks and cannot be used for strong authentication or > secrecy. On the other hand, the cost of factoring 384-bit > keys is currently high enough to prevent most denial-of-service > attacks. Implementations that initially use short RSA keys > SHOULD be prepared switch to longer keys when denial-of-service > attacks arising from integer factoring become a problem. > > The impact of a key compromise on CGAs depends on the > application for which they are used. In SEND, it is not a > major concern. If the private signature key is compromised > because the SEND node itself has been compromised, the attacker > does not need to spoof SEND messages from the node. When it is > discovered that a node has been compromised, a new signature > key and a new CGA SHOULD be generated. On the other hand, if > the RSA key is compromised because integer-factoring attacks > for the chosen key length have become practical, the key needs > to be replaced with a longer one, as explained above. In either > case, the address change effectively revokes the old public > key. It is not necessary to have any additional key revocation > mechanism or to limit the lifetimes of the signature keys. > > I would also add the following sentence to the cautionary > notes in Section 7.4 Related Protocols: > > Second, the minimum RSA key length of 384 bits may be too > short for many applications and the impact of key compromise > on the particular protocol needs to be evaluated. > > Tuomas > > > > > -----Original Message----- > > From: Jari Arkko [mailto:jari.arkko@kolumbus.fi] > > Sent: 31 March 2004 19:40 > > To: Tuomas Aura > > Cc: SEND WG > > Subject: Re: CGA Issue #11: Key lifetimes (Russ Housley) > > > > Tuomas, > > > > I agree with the text you have provided, but what about > > brute force attacks on RSA keys? I seem to remember that > > the mandated key length is small, so perhaps with some > > time on their hands, an attacker could discover the private > > key without compromising the node. Maybe you should add > > something about not keeping the keys longer than you > > believe the keys are cryptographically safe? Or am I > > missing something obvious? > > > > --Jari > > > > Tuomas Aura wrote: > > > Russ Housley: > > > > > > The security considerations ought to say something about the > lifetime > > > of the public/private key pair. The one brief statement in > section > > > 7.3 > > > is not sufficient for an implementor to know how often the key > pair > > > needs to be changed. > > > > > > --- > > > > > > Tuomas Aura: > > > > > > There isn't any reason for changing the keys, except if the > > > host is compromised and its private keys may have leaked. > > > > > > I suggest adding the following to Section 7.1: > > > > > > The impact of key compromise depends on the > > > application of the CGA-based signatures. In SEND, it is not a > > > major concern. The private signature key is typically stored > > > in the physical node that uses the CGA generated from the > > > corresponding public key. If the private key is compromised, it > > > is likely that the node itself has been compromised. If that is > > > the case, the attacker does not need to spoof SEND messages > > > from the node. When it is discovered that a node has > > > been compromised, a new signature key and a new CGA SHOULD be > > > generated. The address change effectively revokes the > > > old public key. It is not necessary to have any additional > > > key revocation mechanism or to limit the lifetimes of the > > > signature keys. > > > > > > > -------------------------------------------------------------------- > To unsubscribe from this list, send email with "UNSUBSCRIBE" in the > body to . > Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html > -------------------------------------------------------------------- -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 6 13:33:12 2004 Received: from penguin.ericsson.se (penguin.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA09176 for ; Tue, 6 Apr 2004 13:33:12 -0400 (EDT) Received: from esealmw141.al.sw.ericsson.se ([153.88.254.120]) by penguin.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i36HXBPA003575 for ; Tue, 6 Apr 2004 19:33:12 +0200 (MEST) Received: from esealnt613.al.sw.ericsson.se ([153.88.254.125]) by esealmw141.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 19:33:10 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FWJDPS; Tue, 6 Apr 2004 19:33:10 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i36HX9XA001132; Tue, 6 Apr 2004 19:33:09 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36HWPIt011914; Tue, 6 Apr 2004 19:32:25 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i36HWPRQ011913; Tue, 6 Apr 2004 19:32:25 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep20-app.kolumbus.fi (fep20-0.kolumbus.fi [193.229.0.47]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36HWOIt011909 for ; Tue, 6 Apr 2004 19:32:24 +0200 (MET DST) Received: from kolumbus.fi ([62.248.155.81]) by fep20-app.kolumbus.fi with ESMTP id <20040406173223.NUKS22518.fep20-app.kolumbus.fi@kolumbus.fi>; Tue, 6 Apr 2004 20:32:23 +0300 Message-ID: <4072E900.7070501@kolumbus.fi> Date: Tue, 06 Apr 2004 20:29:36 +0300 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tuomas Aura CC: SEND WG Subject: Re: CGA Issue #7: Strengthening Section 7.4 (Ted Hardie) References: <64A531765B7C8342BFA260497BE0045701C54C51@RED-MSG-43.redmond.corp.microsoft.com> In-Reply-To: <64A531765B7C8342BFA260497BE0045701C54C51@RED-MSG-43.redmond.corp.microsoft.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 06 Apr 2004 17:33:10.0561 (UTC) FILETIME=[3B1C6910:01C41BFD] Content-Transfer-Encoding: 7bit Tuomas Aura wrote: > Personally, I think that there is some merit to using the word > "authentication" for CGA-signed messages sent from the CGA. > However, there is absolutely no need to use the controversial > word in the draft. Here is my simplified version of the text: > > In any protocol that uses other identifiers, such as DNS names, > CGA signatures alone are not a sufficient security mechanism. > There must also be a secure way of mapping the other identifiers > to IPv6 addresses. If the goal is not to verify claims about IPv6 > addresses, CGA signatures are probably not the right solution. > > Elsewhere in the paper, I've make the following edits: > "CGA-based authentication" --> "CGA-based security" > "CGA-based authentication" --> "CGA signatures" > "authenticated SEND messages" --> "signed SEND messages" Looks good to me. --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 6 13:33:32 2004 Received: from albatross.ericsson.se (albatross.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA09225 for ; Tue, 6 Apr 2004 13:33:32 -0400 (EDT) Received: from esealmw140.al.sw.ericsson.se ([153.88.254.121]) by albatross.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i36HXWWR024680 for ; Tue, 6 Apr 2004 19:33:32 +0200 (MEST) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw140.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 19:33:31 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id H8FCQZDK; Tue, 6 Apr 2004 19:34:21 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i36HXOwg014790; Tue, 6 Apr 2004 19:33:24 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36HWUIt011928; Tue, 6 Apr 2004 19:32:30 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i36HWUab011927; Tue, 6 Apr 2004 19:32:30 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep20-app.kolumbus.fi (fep20-0.kolumbus.fi [193.229.0.47]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36HWTIt011923 for ; Tue, 6 Apr 2004 19:32:29 +0200 (MET DST) Received: from kolumbus.fi ([62.248.155.81]) by fep20-app.kolumbus.fi with ESMTP id <20040406173228.NUKY22518.fep20-app.kolumbus.fi@kolumbus.fi>; Tue, 6 Apr 2004 20:32:28 +0300 Message-ID: <4072E905.7040601@kolumbus.fi> Date: Tue, 06 Apr 2004 20:29:41 +0300 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tuomas Aura CC: SEND WG Subject: Re: CGA Issue #11: Key lifetimes (Russ Housley) References: <64A531765B7C8342BFA260497BE0045701C54C61@RED-MSG-43.redmond.corp.microsoft.com> In-Reply-To: <64A531765B7C8342BFA260497BE0045701C54C61@RED-MSG-43.redmond.corp.microsoft.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 06 Apr 2004 17:33:31.0828 (UTC) FILETIME=[47C97F40:01C41BFD] Content-Transfer-Encoding: 7bit Tuomas Aura wrote: > Jari wrote about the changes to Section 7.1: > >>I agree with the text you have provided, but what about >>brute force attacks on RSA keys? I seem to remember that >>the mandated key length is small, so perhaps with some >>time on their hands, an attacker could discover the private >>key without compromising the node. Maybe you should add >>something about not keeping the keys longer than you >>believe the keys are cryptographically safe? Or am I >>missing something obvious? > > > This is a valid point. However, the right reaction to > factoring attacks is not to set a maximum lifetime for the > keys but to increase key length. The reason is that > increasing the key refresh rate has only a linear effect > on the security while increasing the key length has a > near-exponential effect. > > Here is a new proposal for the end of Section 7.1: > > The minimum RSA key length required for SEND is only 384 > bits. So short keys are vulnerable to integer-factoring > attacks and cannot be used for strong authentication or > secrecy. On the other hand, the cost of factoring 384-bit > keys is currently high enough to prevent most denial-of-service > attacks. Implementations that initially use short RSA keys > SHOULD be prepared switch to longer keys when denial-of-service > attacks arising from integer factoring become a problem. > > The impact of a key compromise on CGAs depends on the > application for which they are used. In SEND, it is not a > major concern. If the private signature key is compromised > because the SEND node itself has been compromised, the attacker > does not need to spoof SEND messages from the node. When it is > discovered that a node has been compromised, a new signature > key and a new CGA SHOULD be generated. On the other hand, if > the RSA key is compromised because integer-factoring attacks > for the chosen key length have become practical, the key needs > to be replaced with a longer one, as explained above. In either > case, the address change effectively revokes the old public > key. It is not necessary to have any additional key revocation > mechanism or to limit the lifetimes of the signature keys. > > I would also add the following sentence to the cautionary > notes in Section 7.4 Related Protocols: > > Second, the minimum RSA key length of 384 bits may be too > short for many applications and the impact of key compromise > on the particular protocol needs to be evaluated. Ok. Thanks. --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 6 13:42:50 2004 Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10402 for ; Tue, 6 Apr 2004 13:42:50 -0400 (EDT) Received: from esealmw143.al.sw.ericsson.se ([153.88.254.118]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i36HgpAh023924 for ; Tue, 6 Apr 2004 19:42:51 +0200 Received: from esealnt612.al.sw.ericsson.se ([153.88.254.118]) by esealmw143.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 6 Apr 2004 19:42:50 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 212ZGCXS; Tue, 6 Apr 2004 19:42:50 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i36Hgewg021411; Tue, 6 Apr 2004 19:42:40 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36HgOIt013396; Tue, 6 Apr 2004 19:42:24 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i36HgODf013394; Tue, 6 Apr 2004 19:42:24 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep20-app.kolumbus.fi (fep20-0.kolumbus.fi [193.229.0.47]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i36HgNIt013390 for ; Tue, 6 Apr 2004 19:42:23 +0200 (MET DST) Received: from kolumbus.fi ([62.248.155.81]) by fep20-app.kolumbus.fi with ESMTP id <20040406174223.NVYY22518.fep20-app.kolumbus.fi@kolumbus.fi>; Tue, 6 Apr 2004 20:42:23 +0300 Message-ID: <4072EB57.3020701@kolumbus.fi> Date: Tue, 06 Apr 2004 20:39:35 +0300 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tuomas Aura CC: ietf-send@standards.ericsson.net Subject: Re: issue 70 -- upgrade path for algorithms References: <64A531765B7C8342BFA260497BE0045701C54C82@RED-MSG-43.redmond.corp.microsoft.com> In-Reply-To: <64A531765B7C8342BFA260497BE0045701C54C82@RED-MSG-43.redmond.corp.microsoft.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 06 Apr 2004 17:42:50.0936 (UTC) FILETIME=[950A9B80:01C41BFE] Content-Transfer-Encoding: 7bit Tuomas Aura wrote: > There is one inconsistency in NDOPT created by the latest > round of changes, and another paragraph that could be improved. > Otherwise, the changes made by Jari look ok to me. > > In NDOPT Section 5.2: > The SHA-1 hash is taken over the presentation used > in the Key Information field of the CGA option. > > This should be something like: > The SHA-1 hash is taken over the presentation used > in the Public Key field of the CGA Parameters data > structure that is carried in the CGA option. Yes. > In NDOPT Section 7.1: > Nodes that use stateless address autoconfiguration SHOULD generate a > new CGA as specified in Section 4 of [13] each time they run the > autoconfiguration procedure. The nodes MAY continue to use the same > public key and modifier, and start the process from Step 4 of the > generation algorithm. > > This could be changed to: > Nodes that use stateless address autoconfiguration SHOULD generate a > new CGA and a CGA Parameters data structure as specified in Section 4 > > of [13] each time they run the autoconfiguration procedure. > (I think the last sentence is now unnecessary in NDOPT and > can be deleted.) Ok. I have updated the draft according to this, and the diffs are available from the issue page: http://www.arkko.com/publications/send/issues/ --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 8 05:32:54 2004 Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA26125 for ; Thu, 8 Apr 2004 05:32:45 -0400 (EDT) Received: from esealmw142.al.sw.ericsson.se ([153.88.254.119]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i389WkAh008279 for ; Thu, 8 Apr 2004 11:32:46 +0200 Received: from esealnt612.al.sw.ericsson.se ([153.88.254.118]) by esealmw142.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 8 Apr 2004 11:32:46 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 23ZHT9J6; Thu, 8 Apr 2004 11:32:46 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i389WJwg002771; Thu, 8 Apr 2004 11:32:20 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i389VEIt010215; Thu, 8 Apr 2004 11:31:14 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i389VEVT010214; Thu, 8 Apr 2004 11:31:14 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i389VDIt010210 for ; Thu, 8 Apr 2004 11:31:13 +0200 (MET DST) Received: from [IPv6:::1] (teldanex.local.nikander.com [192.168.0.194]) by n97.nomadiclab.com (Postfix) with ESMTP id D678D9; Thu, 8 Apr 2004 12:43:42 +0300 (EEST) In-Reply-To: <64A531765B7C8342BFA260497BE0045701C54C51@RED-MSG-43.redmond.corp.microsoft.com> References: <64A531765B7C8342BFA260497BE0045701C54C51@RED-MSG-43.redmond.corp.microsoft.com> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: "SEND WG" From: Pekka Nikander Subject: Re: CGA Issue #7: Strengthening Section 7.4 (Ted Hardie) Date: Thu, 8 Apr 2004 12:32:51 +0300 To: "Tuomas Aura" X-Mailer: Apple Mail (2.613) Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 08 Apr 2004 09:32:46.0331 (UTC) FILETIME=[735B74B0:01C41D4C] Content-Transfer-Encoding: 7bit > Personally, I think that there is some merit to using the word > "authentication" for CGA-signed messages sent from the CGA. > However, there is absolutely no need to use the controversial > word in the draft. Here is my simplified version of the text: > > In any protocol that uses other identifiers, such as DNS names, > CGA signatures alone are not a sufficient security mechanism. > There must also be a secure way of mapping the other identifiers > to IPv6 addresses. If the goal is not to verify claims about IPv6 > addresses, CGA signatures are probably not the right solution. > > Elsewhere in the paper, I've make the following edits: > "CGA-based authentication" --> "CGA-based security" > "CGA-based authentication" --> "CGA signatures" > "authenticated SEND messages" --> "signed SEND messages" Looks good to me, too. --Pekka -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 8 05:33:27 2004 Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA26196 for ; Thu, 8 Apr 2004 05:33:18 -0400 (EDT) Received: from esealmw142.al.sw.ericsson.se ([153.88.254.119]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i389XJAh008605 for ; Thu, 8 Apr 2004 11:33:19 +0200 Received: from esealnt613.al.sw.ericsson.se ([153.88.254.125]) by esealmw142.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 8 Apr 2004 11:33:19 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 2PV28FH3; Thu, 8 Apr 2004 11:33:19 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i389XIXA003941; Thu, 8 Apr 2004 11:33:18 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i389X8It010479; Thu, 8 Apr 2004 11:33:08 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i389X8Mm010478; Thu, 8 Apr 2004 11:33:08 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i389X7It010473 for ; Thu, 8 Apr 2004 11:33:07 +0200 (MET DST) Received: from [IPv6:::1] (teldanex.local.nikander.com [192.168.0.194]) by n97.nomadiclab.com (Postfix) with ESMTP id AE2999; Thu, 8 Apr 2004 12:45:40 +0300 (EEST) In-Reply-To: <64A531765B7C8342BFA260497BE0045701C54C61@RED-MSG-43.redmond.corp.microsoft.com> References: <64A531765B7C8342BFA260497BE0045701C54C61@RED-MSG-43.redmond.corp.microsoft.com> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: "SEND WG" , "Jari Arkko" From: Pekka Nikander Subject: Re: CGA Issue #11: Key lifetimes (Russ Housley) Date: Thu, 8 Apr 2004 12:34:49 +0300 To: "Tuomas Aura" X-Mailer: Apple Mail (2.613) Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 08 Apr 2004 09:33:19.0347 (UTC) FILETIME=[87094C30:01C41D4C] Content-Transfer-Encoding: 7bit > Here is a new proposal for the end of Section 7.1: > > The minimum RSA key length required for SEND is only 384 > bits. So short keys are vulnerable to integer-factoring > attacks and cannot be used for strong authentication or > secrecy. On the other hand, the cost of factoring 384-bit > keys is currently high enough to prevent most denial-of-service > attacks. Implementations that initially use short RSA keys > SHOULD be prepared switch to longer keys when denial-of-service > attacks arising from integer factoring become a problem. > > The impact of a key compromise on CGAs depends on the > application for which they are used. In SEND, it is not a > major concern. If the private signature key is compromised > because the SEND node itself has been compromised, the attacker > does not need to spoof SEND messages from the node. When it is > discovered that a node has been compromised, a new signature > key and a new CGA SHOULD be generated. On the other hand, if > the RSA key is compromised because integer-factoring attacks > for the chosen key length have become practical, the key needs > to be replaced with a longer one, as explained above. In either > case, the address change effectively revokes the old public > key. It is not necessary to have any additional key revocation > mechanism or to limit the lifetimes of the signature keys. > > I would also add the following sentence to the cautionary > notes in Section 7.4 Related Protocols: > > Second, the minimum RSA key length of 384 bits may be too > short for many applications and the impact of key compromise > on the particular protocol needs to be evaluated. Looks good. --Pekka -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Apr 8 11:20:54 2004 Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA26545 for ; Thu, 8 Apr 2004 11:20:54 -0400 (EDT) Received: from esealmw143.al.sw.ericsson.se ([153.88.254.118]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i38FKmAh012267 for ; Thu, 8 Apr 2004 17:20:53 +0200 Received: from esealnt612.al.sw.ericsson.se ([153.88.254.118]) by esealmw143.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Thu, 8 Apr 2004 17:20:48 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 23ZHWTAF; Thu, 8 Apr 2004 17:20:48 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i38FKlXA009315; Thu, 8 Apr 2004 17:20:47 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i38FJjIt024100; Thu, 8 Apr 2004 17:19:45 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i38FJjtL024099; Thu, 8 Apr 2004 17:19:45 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i38FJgIt024083 for ; Thu, 8 Apr 2004 17:19:43 +0200 (MET DST) Message-ID: <005201c41d7c$ffa8a890$366115ac@dcml.docomolabsusa.com> From: "James Kempf" To: Subject: Interoperability Testing? Date: Thu, 8 Apr 2004 08:20:17 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_004F_01C41D42.5340A8D0" Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 08 Apr 2004 15:20:48.0299 (UTC) FILETIME=[11FAE7B0:01C41D7D] This is a multi-part message in MIME format. ------=_NextPart_000_004F_01C41D42.5340A8D0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Now that SEND is approaching completion, would there be any interest in organizing an interoperability test? I've attached an email that was sent to the Mobike list about an ETSI event for interoperability in the area of security. I assume the reason this email was not also sent to the SEND list was because SEND is in the Internet area, but it seems like it might still be an appropriate topic for the event. jak ------=_NextPart_000_004F_01C41D42.5340A8D0 Content-Type: message/rfc822; name="[Mobike] ETSI Interoperability Event.eml" Content-Disposition: attachment; filename="[Mobike] ETSI Interoperability Event.eml" Message-ID: <1db501c41d47$a3182a90$4406a8c0@leila> From: "Muriel Souville" To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: [Mobike] ETSI Interoperability Event Precedence: bulk Date: Thu, 8 Apr 2004 10:58:17 +0200 Content-Transfer-Encoding: 7bit Dear all, As you probably know, The European Telecommunications Standards Institute (ETSI) is organising an interoperability event in the field of security. We already have many participants working on PKIs and XadES. But some of them are also interested in testing IKEv2, that's why we are searching new actors working on this field. I remind you that the deadline is the 5th of May. If you are interested in, please contact us at interop@actimage.net or just take a look at http://www.etsi.org/plugtests/security.htm Thanks for your attention. Best regards, Muriel SOUVILLE ETSI Consultant ----------------------------- +33 3 90 23 63 63 _______________________________________________ Mobike mailing list Mobike@machshav.com https://www.machshav.com/mailman/listinfo/mobike ------=_NextPart_000_004F_01C41D42.5340A8D0-- -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Apr 13 13:44:07 2004 Received: from penguin.ericsson.se (penguin.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA24335 for ; Tue, 13 Apr 2004 13:44:03 -0400 (EDT) Received: from esealmw143.al.sw.ericsson.se ([153.88.254.118]) by penguin.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i3DHi1PA027138 for ; Tue, 13 Apr 2004 19:44:03 +0200 (MEST) Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by esealmw143.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Tue, 13 Apr 2004 19:44:00 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 25RJQ29N; Tue, 13 Apr 2004 19:44:01 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i3DHhmwg027753; Tue, 13 Apr 2004 19:43:49 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3DHglIt019341; Tue, 13 Apr 2004 19:42:47 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i3DHglZc019340; Tue, 13 Apr 2004 19:42:47 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3DHgiIt019336 for ; Tue, 13 Apr 2004 19:42:45 +0200 (MET DST) Message-ID: <00a901c4217e$ceed7180$366115ac@dcml.docomolabsusa.com> From: "James Kempf" To: Subject: Drafts Status Date: Tue, 13 Apr 2004 10:43:18 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 13 Apr 2004 17:44:00.0060 (UTC) FILETIME=[E72257C0:01C4217E] Content-Transfer-Encoding: 7bit Folks, Based on list discussion, Tuomas and Jari have completed edits and are sending the latest version of the drafts to the Internet Drafts editor. In the case of draft-ietf-send-cga-xx.txt, the draft has already passed through IESG Review and the edits were in response to comments from the IESG. In the case of draft-ietf-send-ndopts-xx.txt, the draft went through Working Group Last Call with two extensive reviews in Feb., and the latest round of edits was to incorporate those changes, and to align the draft more closely with the changes in draft-ietf-send-cga-xx.txt. So, Pekka and I would like to send both drafts to the IESG at this time without any further ado, since we believe most of the changes have either been in response to WG Last Call, to the IESG, or are minor. If nobody has an objection by Fri., I will inform Margaret that both drafts are now ready for IESG Review. jak -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Fri Apr 16 17:30:55 2004 Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA11353 for ; Fri, 16 Apr 2004 17:30:54 -0400 (EDT) Received: from esealmw142.al.sw.ericsson.se ([153.88.254.119]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i3GLUtAh015771 for ; Fri, 16 Apr 2004 23:30:55 +0200 Received: from esealnt613.al.sw.ericsson.se ([153.88.254.125]) by esealmw142.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Fri, 16 Apr 2004 23:30:55 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id 20QVNNHQ; Fri, 16 Apr 2004 23:30:54 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i3GLUgwg012206; Fri, 16 Apr 2004 23:30:42 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3GLTJIt003431; Fri, 16 Apr 2004 23:29:19 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i3GLTJOK003430; Fri, 16 Apr 2004 23:29:19 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep22-app.kolumbus.fi (fep22-0.kolumbus.fi [193.229.0.60]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3GLTIIt003419 for ; Fri, 16 Apr 2004 23:29:18 +0200 (MET DST) Received: from kolumbus.fi ([62.248.155.81]) by fep22-app.kolumbus.fi with ESMTP id <20040416212917.YWVG17404.fep22-app.kolumbus.fi@kolumbus.fi> for ; Sat, 17 Apr 2004 00:29:17 +0300 Message-ID: <40804F75.9070200@kolumbus.fi> Date: Sat, 17 Apr 2004 00:26:13 +0300 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: SEND WG Subject: (fwd) I-D announcement: draft-ietf-send-ndopt-05.txt Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 16 Apr 2004 21:30:55.0247 (UTC) FILETIME=[19A841F0:01C423FA] Content-Transfer-Encoding: 7bit A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Securing Neighbor Discovery Working Group of the IETF. Title : SEcure Neighbor Discovery (SEND) Author(s) : J. Arkko, et al. Filename : draft-ietf-send-ndopt-05.txt Pages : 58 Date : 2004-4-16 IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes on the link, to determine the link-layer addresses of other nodes on the link, to find routers, and to maintain reachability information about the paths to active neighbors. If not secured, NDP is vulnerable to various attacks. This document specifies security mechanisms for NDP. Unlike to the original NDP specifications, these mechanisms do not make use of IPsec. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-send-ndopt-05.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-send-ndopt-05.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-send-ndopt-05.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Apr 28 02:44:24 2004 Received: from albatross.ericsson.se (albatross.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA27486 for ; Wed, 28 Apr 2004 02:44:23 -0400 (EDT) Received: from esealmw142.al.sw.ericsson.se ([153.88.254.119]) by albatross.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i3S6iMWR018554 for ; Wed, 28 Apr 2004 08:44:23 +0200 (MEST) Received: from esealnt613.al.sw.ericsson.se ([153.88.254.125]) by esealmw142.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Wed, 28 Apr 2004 08:44:22 +0200 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id JWBD20N1; Wed, 28 Apr 2004 08:44:22 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i3S6iLXA028694; Wed, 28 Apr 2004 08:44:21 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3S6hMIt008188; Wed, 28 Apr 2004 08:43:22 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i3S6hMPp008187; Wed, 28 Apr 2004 08:43:22 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep02-app.kolumbus.fi (fep02-0.kolumbus.fi [193.229.0.44]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3S6hLIt008183 for ; Wed, 28 Apr 2004 08:43:21 +0200 (MET DST) Received: from kolumbus.fi ([62.248.155.81]) by fep02-app.kolumbus.fi with ESMTP id <20040428064321.WISM5607.fep02-app.kolumbus.fi@kolumbus.fi> for ; Wed, 28 Apr 2004 09:43:21 +0300 Message-ID: <408F51C9.8010504@kolumbus.fi> Date: Wed, 28 Apr 2004 09:40:09 +0300 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: SEND WG Subject: (fwd) I-D announcement on draft-ietf-send-cga-06.txt Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 28 Apr 2004 06:44:22.0481 (UTC) FILETIME=[3D414C10:01C42CEC] Content-Transfer-Encoding: 7bit A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Securing Neighbor Discovery Working Group of the IETF. Title : Cryptographically Generated Addresses (CGA) Author(s) : T. Aura Filename : draft-ietf-send-cga-06.txt Pages : 22 Date : 2004-4-27 This document describes a method for binding a public signature key to an IPv6 address in the Secure Neighbor Discovery (SEND) protocol. Cryptographically Generated Addresses (CGA) are IPv6 addresses where the interface identifier is generated by computing a cryptographic one-way hash function from a public key and auxiliary parameters. The binding between the public key and the address can be verified by re-computing the hash value and by comparing the hash with the interface identifier. Messages sent from an IPv6 address can be protected by attaching the public key and auxiliary parameters and by signing the message with the corresponding private key. The protection works without a certification authority or other security infrastructure. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-send-cga-06.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-send-cga-06.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Apr 28 02:56:48 2004 Received: from penguin.ericsson.se (penguin.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA27916 for ; Wed, 28 Apr 2004 02:56:47 -0400 (EDT) Received: from esealmw141.al.sw.ericsson.se ([153.88.254.120]) by penguin.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i3S6ukPA021414 for ; Wed, 28 Apr 2004 08:56:46 +0200 (MEST) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw141.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Wed, 28 Apr 2004 08:56:45 +0200 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id JSDV67HK; Wed, 28 Apr 2004 08:56:35 +0200 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id i3S6u2wg011222; Wed, 28 Apr 2004 08:56:03 +0200 (MEST) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3S6tSIt010859; Wed, 28 Apr 2004 08:55:28 +0200 (MET DST) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id i3S6tR3i010858; Wed, 28 Apr 2004 08:55:27 +0200 (MET DST) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fep22-app.kolumbus.fi (fep22-0.kolumbus.fi [193.229.0.60]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id i3S6tQIt010853 for ; Wed, 28 Apr 2004 08:55:26 +0200 (MET DST) Received: from kolumbus.fi ([62.248.155.81]) by fep22-app.kolumbus.fi with ESMTP id <20040428065526.WIDG17404.fep22-app.kolumbus.fi@kolumbus.fi> for ; Wed, 28 Apr 2004 09:55:26 +0300 Message-ID: <408F549F.5050307@kolumbus.fi> Date: Wed, 28 Apr 2004 09:52:15 +0300 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: SEND WG Subject: list admin note Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 28 Apr 2004 06:56:45.0288 (UTC) FILETIME=[F800A680:01C42CED] Content-Transfer-Encoding: 7bit This is a reminder from your list administrator. Mail sent to the list by non-subscribers will not go to the list automatically, but will get to me and I will forward it to the list. However, I also get dozens of spam mails per day to the list. As I scan the mails using a manual process, I might classify real mails as spam by accident. So if you send something to the list, take a moment to see that it actually went through and complain to me if it didn't. Also, by the time I get to see the e-mails, HTML-based mails pretty much all look alike, so avoiding HTML increases the chances that I catch your bounced e-mails. Thanks, --Jari -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html --------------------------------------------------------------------