Embed Size (px)
Citation preview
Simple Authentication schemes for ALC and NORM
draft-ietf-rmt-simple-auth-for-alc-norm-00
IETF 73 – Minneapolis, November 2008
Vincent Roca (INRIA)
General
now a WG Item document
as decided during IETF71
summary of the proposal
this I-D and TESLA I-D introduce several packet-
level sender authentication/integrity check schemes
for ALC and NORM
all of them define specific EXT_AUTH header
extensions, one per authentication scheme
General… (cont’)
these HE start by the same ASID (Auth Scheme ID)
4-bit field:
goal is to enable a mixed use of these schemes in the
same session, even on the same communication path:
• e.g., TESLA for downstream NORM traffic, and Group MAC for
the upstream traffic
the ASID/auth. scheme mapping is communicated
out-of-band, as part of the session description
there is no fixed IANA value
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HET (=1) | HEL | ASIDASID | … (scheme specific) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Record of the changes
RSA digital signatures
added text detailing how to use RSA signatures
as in TESLA I-D
we also mention SHA-256 (rather than SHA-1)
corrected a mistake:
the parameters to be communicated to the receivers
must include the signature crypto function (e.g., SHA-
256)
Record of the changes… (cont’)
ECC (elliptic curve crypto) digital signatures
added discussion in introduction
higher performances than RSA-based signatures (see
RMT Security discussion I-D)
but patent claims exist
we mention ECC but do not define any scheme for
them
QUESTION: should we detail the use of ECC or leave it
open for a future (tiny) document?
Record of the changes… (cont’)
Group MAC
clarified that SHA-256 is recommended
clarified that during HMAC-SHA* output truncation,
we need to keep the MSB
Record of the changes… (cont’)
Combined use of Group MAC/Digital Signatures
BEFORE: use two separate EXT_AUTH HE
NOW: a specific EXT_AUTH HE, that gathers the
signature + the Group MAC fields
motivated by
a lower overhead (32 bits smaller)
a clear specification that Group MAC encompasses the
digital signature field (calculated first)
Security section added
adapted from that of TESLA I-D
Next steps
probably a new version
especially if ECC is included
and then WGLC
