[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Privacy extensions to Stateless Address Autoconf

To: Francis Dupont <Francis.Dupont@xxxxxxxxxxxxxxxx>
Subject: Re: Privacy extensions to Stateless Address Autoconf
From: Suresh Krishnan <suresh.krishnan@xxxxxxxxxxx>
Date: Thu, 7 Oct 2004 20:39:26 -0400 (EDT)
Cc: Suresh Krishnan <suresh.krishnan@xxxxxxxxxxx>,Brian Haberman <brian@xxxxxxxxxxxxxxxxxx>, ipv6@xxxxxxxx
Delivery-date: Fri, 08 Oct 2004 03:52:44 +0300
Envelope-to: archive@lists.atm.tut.fi
In-reply-to: <21A5F45EFF209A44B3057E35CE1FE6E46BD3E7@eammlex037.lmc.ericsson.se>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>,<mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>,<mailto:ipv6-request@ietf.org?subject=unsubscribe>
Reply-to: Suresh Krishnan <suresh.krishnan@xxxxxxxxxxx>
Sender: ipv6-bounces@xxxxxxxx

Hi Brian and Francis,
  Thanks for your comments. I have made some changes to the draft to 
address the issues you raised. Let me know if these changes are OK.

* I have removed all references to MD5 in the document.
* I have added a reference to draft-ietf-ipsec-esp-ah-algorithms-02
* I added the following paragraph about the hash algorithm

  "The randomized interface identifier generation algorithm assumes that
   the node is capable of running a hash algorithm which is capable of
   producing a 128 bit random value.  The selected hash algorithm SHOULD
   follow the guidelines set forth in  [RANDOM] to ensure randomness of
   the result.  The node MAY use one of the hash algorithms specified in
   [IPSECALGO] as these algorithms will be available on every IPv6
   compliant node"

where 
[IPSECALGO] is draft-ietf-ipsec-esp-ah-algorithms-02 and 
[RANDOM] is RFC1750

Thanks
Suresh

On Thu, 7 Oct 2004, Francis Dupont wrote:

> In your previous mail you wrote:
>
>   First, changing the algorithm will not affect interoperability.  The
>   generation of the IID is local to each node.
>   
>=> so the change should not be a problem if it is justified.
>
>   Second, we are attempting to move this document from PS to
>   DS, so making a gratuitous change to the hash algorithm is not
>   usually favored.
>
>=> the argument is that MD5 is/shall be not available by default.
>I suggest to give it to security area directors for an advice.
>
>   In addition, will we change it again when a newer algorithm comes along?
>
>=> your proposal is a nice answer.
>   
>   Perhaps an alternative, if people feel a need to move away from
>   MD5, would be to not specify a single hash, but rather give a list
>   of possible hashes.  And an informative pointer to RFC 1750
>   would help with this direction.
>   
>=> this seems a wOnderful idea!
>
>Thanks
>
>Francis.Dupont@enst-bretagne.fr
>
>PS: draft-ietf-ipsec-esp-ah-algorithms-02.txt changes MD5 based algo
>requirement levels from MUST to MAY so the argument about MD5 seems
>to be right.
>
>--------------------------------------------------------------------
>IETF IPv6 working group mailing list
>ipv6@ietf.org
>Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
>--------------------------------------------------------------------
>

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Follow-Ups:
- Re: Privacy extensions to Stateless Address Autoconf
  - From: Francis Dupont
- Re: Privacy extensions to Stateless Address Autoconf
  - From: Brian Haberman

Prev by Date: Re: Privacy extensions to Stateless Address Autoconf
Next by Date: RE: AH and flow label
Previous by thread: Re: Privacy extensions to Stateless Address Autoconf
Next by thread: Re: Privacy extensions to Stateless Address Autoconf
Index(es):
- Date
- Thread