The ND Option Approach for SEND draft-arkko-send-ndopt-00.txt

1
The ND Option Approach for SENDdraft-arkko-send-
ndopt-00.txt

• 57th IETF, Vienna
• Jari Arkko, Ericsson Research
• Tuomas Aura, Microsoft Research
• (In debt for WG draft authors including James,
  Bill, Pekka, Brian)

2
Presentation Outline

• What is it?
• What are its benefits?
• Are there any problems?

3
The ND Option Approach
IPv6
ICMPv6
ND Msg
ND Options
4
A Few Technical Details

• No modifications to ND (or AH)
• Solicited node multicast addresses, unspecified
  source
• No separate address spaces
• If nonce verifies, timestamp not used
• All CGA processing is in the CGA option
• The only thing holding them together is
  configuration which might say allow either
  trusted root or CGA verification
• Can be put in its own section or draft (but SEND
  may not be very useful without NS/NA protection)
• Per RFC 2461 receivers ignore unknown ND options,
  a CERT- only receiver can accept messages from a
  CGACERT sender

5
Interworking with RFC 2461

• No separate transition mode!
• All SEND-NDOPT messages can be accepted by
  todays RFC 2461 implementations
• A SEND node, however, makes a decision whether it
  trusts received ND messages
• A secure entry (e.g. default router) never
  overwritten by a insecure message
• An insecure entry always overwritten by a secure
  message
• On first generated tentative address, accept also
  insecure responses, on the next two not. After
  three attempts, fail.

6
Advantages of the ND Option Approach

• Process issues, architecture and outside impacts
• No modifications to current ND
• No need for lengthy discussions about whether its
  legal to change AH or not
• Mobile IPv6 HA-MN uses IPsec with 100x smaller
  requirements, but its taken months to discuss
  even these issues in the IESG
• No separate address spaces for SEND and ND
• The whole security solution in one place
• Implementation and analysis benefits

7
Advantages of the ND Option Approach

• Technical issues (the important stuff)
• The security mechanisms have all the relevant
  information available
• Nonces avoid time synchronization issues for
  solicited adverts
• Claimed addresses can be found from their current
  place
• Security scheme of the current message vs. the
  one that created the entry earlier
• Significantly better transition mechanism
• Implementation of heavy ASN.1 cryptographic
  operations is easier from ND than from AH/CGA
  header
• Only a single set of advertisements needed
• Denial-of-Service prevention is easier, e.g.
  verification decisions depend on content of the
  message internal state

8
Disadvantages?

• Cant think of any technical ones in the SEND
  scope!
• But generalized AH (and maybe CGA) headers could
  be useful in other applications, too.
• On the other hand, ND-like protocols can easily
  use these ND options, too.
• And if your kernel has PK CGA libraries, they
  can probably be easily used in another protocol
  as well -- with the same kind of all information
  available advantages as they have here.