headers
Dr. Mauro Conti | 3 Mar 2012 09:13
Picon
Favicon

CFP: The 4th International Conference on Security and Privacy in Mobile Information and Communication Systems

(We apologize if you receive multiple copies of this email)

CALL FOR PAPERS
===============

The 4th International Conference on Security and Privacy in Mobile 
Information and Communication Systems

Mobisec 2012, Frankfurt, Germany
25 - 27 June 2012
http://mobisec.org/2012

KEYNOTE SPEAKERS
================
* Kim Cameron, Distinguished Engineer and Chief Architect, Microsoft
* Prof. Dr. Kai Rannenberg, Deutsche Telekom Chair of Mobile Business & 
Multilateral Security, Goethe University Frankfurt
* Amardeo Sarma, Deputy General Manager, NEC Laboratories

SCOPE
=====
MobiSec's focus is the convergence of information and communication 
technology in mobile scenarios. This convergence is realised in 
intelligent mobile devices, accompanied
by the advent of next-generation communication networks. Privacy and 
security aspects need to be covered at all layers of mobile networks, 
from mobile devices, to privacy respecting credentials and mobile 
identity management, up to machine-to-machine communications.

In particular, mobile devices such as Smartphones and Internet Tablets
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tero Kivinen | 5 Mar 2012 12:26
Picon
Picon
Favicon

New Version Notification for draft-kivinen-ipsecme-oob-pubkey-00.txt

I just posted following document. I think I would like to get few
minutes in Paris to explain this document, and see wheter there is any
comments to it. I think it should be forwarded as individual draft to
the RFC, but I am not sure whether it should be informational or
standards track document, and this is something I would like to get
feedback from the community.

This is very similar in ideas than to the tls version
(draft-ietf-tls-oob-pubkey-01), i.e. it shares the same format for the
raw key.
----------------------------------------------------------------------
From: internet-drafts <at> ietf.org
To: kivinen <at> iki.fi
Cc: hannes.tschofenig <at> gmx.net, pwouters <at> redhat.com
Subject: New Version Notification for draft-kivinen-ipsecme-oob-pubkey-00.txt
Date: Mon, 05 Mar 2012 03:07:42 -0800
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0

A new version of I-D, draft-kivinen-ipsecme-oob-pubkey-00.txt has been
successfully submitted by Tero Kivinen and posted to the IETF
repository.

Filename:	 draft-kivinen-ipsecme-oob-pubkey
Revision:	 00
Title:		 More Raw Public Keys for IKEv2
Creation date:	 2012-03-05
WG ID:		 Individual Submission
Number of pages: 7
(Continue reading)

Permalink | Reply | 2 comments |
headers
Paul Hoffman | 6 Mar 2012 05:37

Re: New Version Notification for draft-kivinen-ipsecme-oob-pubkey-00.txt

On Mar 5, 2012, at 3:26 AM, Tero Kivinen wrote:

> I just posted following document. I think I would like to get few
> minutes in Paris to explain this document, and see wheter there is any
> comments to it. I think it should be forwarded as individual draft to
> the RFC, but I am not sure whether it should be informational or
> standards track document, and this is something I would like to get
> feedback from the community.

I see no reason it should not be on standards track.

> This is very similar in ideas than to the tls version
> (draft-ietf-tls-oob-pubkey-01), i.e. it shares the same format for the
> raw key.

And this is good.

--Paul Hoffman
Permalink | Reply | 1 comment |
headers
Prashant Batra (prbatra | 6 Mar 2012 12:21
Picon
Favicon

EAP AKA on USIM

Hello,

 

  Not sure if this is the right place to ask this, but I am not getting

    any other mailing list.

    Can someone point me to a software implementation of EAP-AKA algorithm

    (calculation of IK/CK/RES/MAC) on USIM,

    when the sim gets a EAP-Challenge request.

 

    Thanks,

    Prashant

 

_______________________________________________
IPsec mailing list
IPsec <at> ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
Permalink | Reply | 1 comment |
headers
Andreas Steffen | 6 Mar 2012 18:55
Favicon
Gravatar

Re: EAP AKA on USIM

Hello Prashant,

the strongSwan open source project has a software implementation of
the EAP-AKA 3GPP2 algorithm:

http://git.strongswan.org/?p=strongswan.git;a=tree;f=src/libcharon/plugins/eap_aka_3gpp2;hb=HEAD

Regards

Andreas

On 06.03.2012 12:21, Prashant Batra (prbatra) wrote:
> Hello,
> 
>   Not sure if this is the right place to ask this, but I am not getting
> 
>     any other mailing list.
> 
>     Can someone point me to a software implementation of EAP-AKA algorithm
> 
>     (calculation of IK/CK/RES/MAC) on USIM,
> 
>     when the sim gets a EAP-Challenge request.
> 
>     Thanks,
> 
>     Prashant

======================================================================
Andreas Steffen                         andreas.steffen <at> strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
Permalink | Reply | 0 comments |
headers
Stephen Hanna | 6 Mar 2012 22:54
Favicon

Please Comment on New P2P VPN Problem Statement

In case you didn't notice, I have posted the -00 version
of the P2P VPN problem statement. The URL is below.
Please review and comment.

I'm especially interested in getting feedback on the
use cases in this document. As previously agreed, they
are based on the use cases in section 2.2 of the
previous problem statement draft. I have tried to
clarify those use cases, especially by providing
definitions of terms and using those terms consistently
throughout the document. 

After we reach consensus on the use cases, we can move
on to defining requirements derived from those use cases.
But I see no point in talking about requirements before
we've agreed on a clear description of the problems
that we are trying to solve.

So please review this short document and send comments.

Thanks,

Steve

-----Original Message-----
From: i-d-announce-bounces <at> ietf.org [mailto:i-d-announce-bounces <at> ietf.org] On Behalf Of Internet-Drafts <at> ietf.org
Sent: Tuesday, March 06, 2012 11:01 AM
To: i-d-announce <at> ietf.org
Cc: ipsec <at> ietf.org
Subject: I-D ACTION:draft-ietf-ipsecme-p2p-vpn-problem-00.txt

A new Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF.

    Title         : Point to Point VPNs Problem Statement
    Author(s)     : S. Hanna
    Filename      : draft-ietf-ipsecme-p2p-vpn-problem
    Pages         : 13 
    Date          : March 6, 2012 

   This document describes the problem of enabling a large number of
   systems to communicate directly using IPsec to protect the traffic
   between them.  Manual configuration of all possible tunnels is too
   cumbersome in such cases, so an automated method is needed.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-p2p-vpn-problem

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
Permalink | Reply | 7 comments |
headers
Vishwas Manral | 6 Mar 2012 23:22
Picon

Re: Please Comment on New P2P VPN Problem Statement

Hi Steve,

I agree to the need of standardization for a large scale point-to-point solution.

1. I guess the problem statement is not just about lessening the number of configuration commands but also the fact that static configuration may not work in some cases. The spokes may get new addresses every time they come up (using DHCP/ PPPoE) and hence the communication end point identifiers change.

2. I am not sure but the use cases do not come out very clearly to me. The most important part of the communication is of end-sites communicating to the gateway hub router. In a typical enterprise deployment that would mean a branches connected to the campus/ data center. This tunnel is permanent. Mainly to access resources at the back end. There could be redundancy here to provide HA.

3. We then optionally require communication between end sites and such communication may be temporary or permanent. For such cases we want to be able to unburden the gateway so as to not cause overload.

4. We could have multiple gateways work in a cluster mode to serve a set of end-sites and to provide HA.

5. The clusters may in turn communicate with each other.

We as HP would love to participate in this draft as well as any solution document that is produced.

Thanks,
Vishwas

On Tue, Mar 6, 2012 at 1:54 PM, Stephen Hanna <shanna <at> juniper.net> wrote:
In case you didn't notice, I have posted the -00 version
of the P2P VPN problem statement. The URL is below.
Please review and comment.

I'm especially interested in getting feedback on the
use cases in this document. As previously agreed, they
are based on the use cases in section 2.2 of the
previous problem statement draft. I have tried to
clarify those use cases, especially by providing
definitions of terms and using those terms consistently
throughout the document.

After we reach consensus on the use cases, we can move
on to defining requirements derived from those use cases.
But I see no point in talking about requirements before
we've agreed on a clear description of the problems
that we are trying to solve.

So please review this short document and send comments.

Thanks,

Steve

-----Original Message-----
From: i-d-announce-bounces <at> ietf.org [mailto:i-d-announce-bounces <at> ietf.org] On Behalf Of Internet-Drafts <at> ietf.org
Sent: Tuesday, March 06, 2012 11:01 AM
To: i-d-announce <at> ietf.org
Cc: ipsec <at> ietf.org
Subject: I-D ACTION:draft-ietf-ipsecme-p2p-vpn-problem-00.txt

A new Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF.

   Title         : Point to Point VPNs Problem Statement
   Author(s)     : S. Hanna
   Filename      : draft-ietf-ipsecme-p2p-vpn-problem
   Pages         : 13
   Date          : March 6, 2012

  This document describes the problem of enabling a large number of
  systems to communicate directly using IPsec to protect the traffic
  between them.  Manual configuration of all possible tunnels is too
  cumbersome in such cases, so an automated method is needed.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-p2p-vpn-problem

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

_______________________________________________
IPsec mailing list
IPsec <at> ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec <at> ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
Permalink | Reply | 2 comments |
headers
Paul Hoffman | 6 Mar 2012 23:39

Re: Please Comment on New P2P VPN Problem Statement

Yes, please do comment on the draft. Before commenting, read the whole draft. For extra points: start
different threads of the comments with different subject lines.

We will discuss this draft at the upcoming IETF meeting in Paris. By "discuss", I do *not* mean "have the
draft introduced to us": I do mean "talk about issues with the draft and things that should be added". Given
that there are weeks between now and the meeting, Yaron and I will be somewhat ruthless in preventing Steve
from doing much intro in his presentation, and instead insist that he focus on open issues. This will give
the folks in the room the maximum amount of time to discuss issues.

This WG has one active draft in front of it; it is not too much of us to expect you to read it before coming to the meeting.

--Paul Hoffman
Permalink | Reply | 0 comments |
headers
Paul Hoffman | 6 Mar 2012 23:43

Call for agenda items

We have one active draft, and that might take up most of our hour. However, we have often had time to have short
(5 minutes or less) quick presentations on other topics. A proposed agenda is:

5 min:   WG intro
45 min:  draft-ietf-ipsecme-p2p-vpn-problem issues
5 min:   draft-kivinen-ipsecme-oob-pubkey issues

Are there other IPsec-related topics for the meeting?

--Paul Hoffman
Permalink | Reply | 0 comments |
headers
Yoav Nir | 6 Mar 2012 23:54
Picon
Favicon

P2P VPN Problem Statement - why is this hard?

Hi Steve

On Mar 6, 2012, at 11:54 PM, Stephen Hanna wrote:

> So please review this short document and send comments.

While the draft does a good job of describing use cases, and certain inadequate solutions, I think it's
missing a description of why this is hard.

Even if we accept the solution of a star topology, where a satellite needs only have one single tunnel, there
are really two choices:
 1. that each satellite know about all the protected networks of all the gateways in the configuration, or
 2. that satellites send all traffic to the "core" or "hub" gateways. This includes clear traffic (as in HTTP
to facebook.com). This increased the load even more.

If you don't want #2, then the satellite still needs to know about every IP address whether it is protected by
some gateway (and therefore needs to go in the tunnel), or not (and so packets with that destination should
go out in the clear). Since the protected networks change, this requires that information to propagate
throughout the network, and dynamic updates to SPD

If we don't want a star topology, the gateways or endpoints still need to know what is or is not encrypted.
They also need to either know about all peers, or be able to find the peer and (securely) learn how it should
authenticate. Either way, without a star topology, you need dynamic updates to PAD.

I think the draft should mention this.

Yoav
Permalink | Reply | 2 comments |

Gmane