Title: Weak Identifier Multihoming Protocol (WIMP) draft-ylitalo-multi6-wimp-00.txt J. Ylitalo, V. Torvinen, E. Nordmark
1Weak Identifier Multihoming Protocol (WIMP)
draft-ylitalo-multi6-wimp-00.txt J. Ylitalo, V.
Torvinen, E. Nordmark
- Vesa Torvinen
- Ericsson Research Nomadiclab, Finland
- 59th IETF - Seoul, Korea
2Overview
- Experiments with "weak" authentication and light
cryptographic operations - Up to 2000-4000 times faster than public key
operations? - Context establishment and re-addressing separated
- Initiation phase stateless for responder
- Locators can change dynamically, and be private
- End-point identifiers are (currently) not
routable - Initiator ephemeral ID (hash of nonce)
- Responder hash of FQDN
draft-ylitalo-multi6-wimp-00.txt
3Basic operations
INITIATOR RESPONDER INIT
mac(H0(I)) --------------------------gt CC
temporary_H0(R) lt-------------------------
CCR H0(I) --------------------------gt
CONF H0(R) lt--------------------------
REA H1(I), mac(H2(I)), locators ------------
--------------gt AC1 H1(R)_piece_1
lt------------------------- ACn
H1(R)_piece_n lt-------------------------
ACR H1(R), H2(I) --------------------------gt
- Reverse hash chain
- Hn Hash(random)
- Hn-1 Hash(Hn)
-
- H0 Hash(H1) anchor
- Secret splitting
- X xor pad e(X)
draft-ylitalo-multi6-wimp-00.txt
4Major issues
- End-point flow IDs
- Flow-id not inline with draft-ietf-ipv6-flow-label
-09.txt - End-point IDs should be routable (cf. SIP)
- Hijacking attack attacker establish state in
victim so that when victim tries to send packets
to server, he will actually send them to attacker - DoS attack easy generation of a storm of INIT
messages (statelessness helps) - Adopt solution from other drafts, e.g. NOID?
draft-ylitalo-multi6-wimp-00.txt