March 20, 2006IETF65 PANA WG PANA Specification Updates (draft-ietf-pana-pana-11.txt) Yoshihiro Ohba

Slides:



Advertisements
Similar presentations
Web security: SSL and TLS
Advertisements

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
PANA Requirements and Terminology - IETF54 -. PANA WG, IETF 54, Requirements and Terminology draft-ietf-pana-requirements-02.txt Changes Comments/questions.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.
IKEv2 extension: MOBIKE Faisal Memon Erik Weathers CS 259.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IPsec – IKE CS 470 Introduction to Applied Cryptography
IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
SNMP for the PAA-EP protocol PANA wg - IETF 61 Washington DC Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-02.txt.
12/05/2007IETF70 PANA WG1 PANA Network Selection draft-ohba-pana-netsel-00.txt Yoshihiro Ohba.
July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das
Dean Cheng Jouni Korhonen Mehamed Boucadair
IP Security: Security Across the Protocol Stack
7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.
INRIA Rhône-Alpes - Planète research group Reed-Solomon FEC I-D LDPC-* FEC I-D TESLA I-D Simple-auth I-D IETF 70 th – Vancouver meeting, November 2007.
CSCE 715: Network Systems Security
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
SMUCSE 5349/49 IP Sec. SMUCSE 5349/7349 Basics Network-level: all IP datagrams covered Mandatory for next-generation IP (v6), optional for current-generation.
IETF71 DIME WG RFC3588bis and Extensibility Status Victor Fajardo (draft-ietf-dime-rfc3588bis-10.txt)
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
07/24/200769th IETF Meeting - 6LoWPAN WG1 IPv6 Header Compression for Global Addresses Jonathan Hui David Culler draft-hui-6lowpan-hc1g-00 – “Stateless.
IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.
SIP Digest Access Authentication Rifaat Shekh-Yusef IETF 89, SIPCore WG, London March 6, Rifaat Shekh-Yusef - SIP Digest Auth.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
BAI513 - PROTOCOLS ARP BAIST – Network Management.
3/20/2007IETF68 PANA WG1 PANA Issues and Resolutions Yoshihiro Ohba Alper Yegin.
PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.
Multi-hop PANA IETF Currently: –“For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
1 /10 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland draft-urien-tls-keygen-00.txt TLS Key Generation
SNMP for the PAA-EP protocol PANA wg - IETF 62 Minneapolis Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-03.txt.
Overview of draft–16 for MIPv6 MIPv6 Design Team March 19 th, 2002.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.
OSPFv3 Auto-Config IETF 83, Paris Jari Arkko, Ericsson Acee Lindem, Ericsson.
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
Moving HIP to Standards Track Robert Moskowitz ICSAlabs an Independent Div of Verizon Business Systems July 30, 2009 Slides presented.
Diameter SIP Application
IETF69 PANA WG Victor Fajardo, Yoshihiro Ohba and Rafael Marin Lopez PANA State Machine Issue Resolution (draft-ietf-pana-statemachine-05.txt)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
August 2, 2005IETF63 EAP WG AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) Yoshihiro Ohba (Toshiba) Mayumi.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
DHCPv4 option for PANA Authentication Agents draft-suraj-dhcpv4-paa-option-00.txt DHC/PANA WG IETF-63 France, Paris.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.
KeyProv PSKC Specification Mingliang Pei Authors: P. Hoyer, M. Pei and S. Machani 73 nd IETF meeting, Minneapolis, Nov
<draft-ohba-pana-framework-00.txt>
Open issues with PANA Protocol
PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
PANA Issues and Resolutions
Next Generation: Internet Protocol, Version 6 (IPv6) RFC 2460
PANA Discussion in DSL Forum Warsaw Meeting
LMP Behavior Negotiation
Carlos Pignataro Bruno Stevant Jean-Francois Tremblay Bill Storer
March 2012 doc.: IEEE March 2012 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title:
Robert Moskowitz, Verizon
Robert Moskowitz, Verizon
Robert Moskowitz, Verizon
802.11i Bootstrapping Using PANA
Protocol for Carrying Authentication for Network Access - PANA -
Ch 17 - Binding Protocol Addresses
Presentation transcript:

March 20, 2006IETF65 PANA WG PANA Specification Updates (draft-ietf-pana-pana-11.txt) Yoshihiro Ohba

Issues 23 issues are part of AD review 2 other issues Only major issues are explained

Issues on stateless PAA discovery Issue 223: Cookie example –Issue Cookie example is not useful –Resolution: Cookie example was removed Reference to RFC 4083 is added for randomness of cookie value Issue 224: Concern on stateless discovery –Issue: Is complexity of stateless discovery worth adding? –Resolution: Rejected because the stateless feature is more important in multi-hop scenarios Issue 225: Stateless discovery indication –Issue: There is no explicit indication of stateless discovery Only insertion of a Cookie AVP implicitly indicates stateless discovery –Resolution: Added ‘L’-flag in PANA header

Issue 240: PaC updating its IP address Issue: When a PaC moves to a new subnet, not only IP address but also device id may change –This can happens when IP address is used as device id –PANA-Update exchange should support this Resolution: –Added optional Device-Id AVP in PUR to update PaC’s device id –Added Device-Id AVP in PUA to update the device identifier(s) of EP(s)

Issues 169 and 245: PANA lower layer ciphering and KDF Issue: –HMAC-SHA1 as KDF without iteration does not produce 64-octet key –KDF should not be hard-coded in the spec Resolution: –Use of IKEv2 prf+ to generate keys of arbitrary length based on iteration of a base algorithm –The hash algorithm used for prf+ is carried in Algorithm AVP The first 2 bytes of the value field contains the hash algorithm The last 2 bytes carries integrity algorithm used for generating AUTH AVP (MAC AVP is renamed to AUTH AVP based on Issue 221) The algorithm code space is defined in IKEv2 and managed by IANA –Mandatory supported base algorithms for prf+ HMAC-SHA1 for both key derivation and integrity algorithms

Other issues Issue 227: Rate limiting to responding to request –Issue: Missing details on rate limitation –Resolution: Rate limiting to responding to duplicate request is a “MUST” Rate limiting to responding to non-duplicate Ping-Request is a “MAY” Issue 235 Nonces –Issues: What is the suggested length of nonce? –Resolution: The nonce length is at least the length of the PRF key

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.