Download
cga extension header for ipv6 draft dong savi cga header 03 txt n.
Skip this Video
Loading SlideShow in 5 Seconds..
CGA Extension Header for IPv6 draft-dong-savi-cga-header-03.txt PowerPoint Presentation
Download Presentation
CGA Extension Header for IPv6 draft-dong-savi-cga-header-03.txt

CGA Extension Header for IPv6 draft-dong-savi-cga-header-03.txt

181 Views Download Presentation
Download Presentation

CGA Extension Header for IPv6 draft-dong-savi-cga-header-03.txt

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. CGA Extension Header for IPv6draft-dong-savi-cga-header-03.txt Margaret Wasserman IETF 78, Maastricht July 2010

  2. What are CGAs? • Cryptographically Generated Addresses • Defined in RFC 3972 • Currently used for Secure Neighbor Discovery (SeND) • Proposed for use in DHCPv6 • Private key associated with a particular node is used to generate the CGA & sign a packet w/CGA as source • Peer receives packet (w/CGA as source), public key and signature • Can verify that packet was generated by a node with the associated private key

  3. CGAs for Access Control • Host-based access control lists (ACLs) continue to be widely used due to their simple and intuitive configuration requirements • Administrator configures a list of nodes (by IP address or FQDN) that are approved for access • Unfortunately, these lists are quite insecure, due to ease of address spoofing • CGAs provide a secure alternative to insecure ACLs • Equivalent to public/private key exchange from a security standpoint • BUT… the ACL still consists of a list of nodes (by IP address), not a collection of keys

  4. Proposed Extension Header • Current focus is on concept, not specifics • Three options • Request CGA extension header from peer • Send CGA Params • Send Signature • Other means of sending this information have been suggested • Destination option • Via IKEv2

  5. Next Steps • Bar BOF at the NH Maastricht bar tonight from 1930-2030 • Old-fashioned bar BOF: in a bar, no slides • For people interested in this technology to discuss how to proceed • Mailing list: cgasec@ietf.org • To subscribe: https://www.ietf.org/mailman/listinfo/cgasec