One document matched: draft-zhou-6man-mhash-cga-00.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!-- This template is for creating an Internet Draft using xml2rfc,
which is available here: http://xml.resource.org. -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!-- One method to get references from the online citation libraries.
There has to be one entity for each item to be referenced.
An alternate method (rfc include) is described in the references. -->
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!-- used by XSLT processors -->
<!-- For a complete list and description of processing instructions (PIs),
please see http://xml.resource.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use.
(Here they are set differently than their defaults in xml2rfc v1.32) -->
<?rfc strict="yes" ?>
<!-- give errors regarding ID-nits and DTD validation -->
<!-- control the table of contents (ToC) -->
<?rfc toc="yes"?>
<!-- generate a ToC -->
<?rfc tocdepth="4"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<!-- control references -->
<?rfc symrefs="yes"?>
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- sort the reference entries alphabetically -->
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="yes" ?>
<!-- do not start each main section on a new page -->
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->
<rfc category="std" docName="draft-zhou-6man-mhash-cga-00" ipr="trust200902">
<!-- category values: std, bcp, info, exp, and historic
ipr values: full3667, noModification3667, noDerivatives3667
you can add the attributes updates="NNNN" and obsoletes="NNNN"
they will automatically be output with "(if approved)" -->
<!-- ***** FRONT MATTER ***** -->
<front>
<!-- The abbreviated title is used in the page header - it is only necessary if the
full title is longer than 39 characters -->
<title abbrev="draft-zhou-6man-mhash-cga-00">Another Support for Multiple
Hash Algorithms in Cryptographically Generated Addresses (CGAs)</title>
<!-- add 'role="editor"' below for the editors if appropriate -->
<!-- Another author who claims to be an editor -->
<author fullname="Sujing Zhou" initials="S.Z." role="editor"
surname="Zhou">
<organization>ZTE Corporation</organization>
<address>
<postal>
<street>No.68 Zijinghua Rd. Yuhuatai District</street>
<!-- Reorder these if your country does things differently -->
<city>Nanjing</city>
<region>Jiang Su</region>
<code>210012</code>
<country>R.R.China</country>
</postal>
<email>zhou.sujing@zte.com.cn</email>
<!-- uri and facsimile elements may also be added -->
</address>
</author>
<author fullname="Ruishan Zhang" initials="R.Z" surname="Zhang">
<organization>ZTE Corporation</organization>
<address>
<postal>
<street>889 Bibo Rd, Zhangjiang Hi-Tech Park</street>
<city>Shanghai</city>
<code>201203</code>
<country>P.R.China</country>
</postal>
<email>zhang.ruishan@zte.com.cn</email>
</address>
</author>
<author fullname="Zhenhua XIe" initials="Z.X" surname="Xie">
<organization>ZTE Corporation</organization>
<address>
<postal>
<street>No.68 Zijinghua Rd. Yuhuatai District</street>
<city>Nanjing</city>
<region>Jiang Su</region>
<code>210012</code>
<country>P.R.China</country>
</postal>
<phone>+86-25-52871287</phone>
<facsimile>+86-25-52871000</facsimile>
<email>xie.zhenhua@zte.com.cn</email>
</address>
</author>
<date day="1" month="March" year="2012" />
<!-- If the month and year are both specified and are the current ones, xml2rfc will fill
in the current day for you. If only the current year is specified, xml2rfc will fill
in the current day and month for you. If the year is not the current one, it is
necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the
purpose of calculating the expiry date). With drafts it is normally sufficient to
specify just the year. -->
<!-- Meta-data Declarations -->
<area>Internet Area</area>
<workgroup>6man</workgroup>
<!-- WG name at the upperleft corner of the doc,
IETF is fine for individual submissions.
If this element is not present, the default is "Network Working Group",
which is used by the RFC Editor as a nod to the history of the IETF. -->
<keyword>template</keyword>
<!-- Keywords will be incorporated into HTML output
files in a meta tag but they have no effect on text or nroff
output. If you submit your draft to the RFC Editor, the
keywords will be used for the search engine. -->
<abstract>
<t>This document provides a support for multiple hash algorithms in
Cryptographically Generated Addresses (CGAs) defined in RFC 3972.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>Cryptographically Generated Addresses (CGAs) defined in [RFC 3972] is
a method of binding a public key to an IPv6 address, with the aim of
providing address ownership in many internet protocols. But RFC3972 only
defined a unique hash algorithm, SHA-1, used to hashing a public key
into part of the neitwork IP address. To provide a support for multiple
hash algorishms, a method of reusing the security parameter bits in the
address is secified [RFC 4982] . This method can only support three hash
algorithm at most, and at the same time limiting security parameter to a
few values. In this document, a support for multiple hash algorithms is
provided without limiting security parameter or downgrading the security
level of CGAs.</t>
<section title="Terminology ">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 <xref
target="RFC2119"></xref>.</t>
</section>
</section>
<!-- -->
<section title="Mhash-method Extension ">
<t>To accomodate RFC 4982, an extension field "Mhash-method" is defined.
The format is illustrated in Figure 1.</t>
<t><figure>
<artwork><![CDATA[0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extension Type | Extension Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mhash-method|
+-+-+-+-+-+-+-+
]]></artwork>
</figure>Extension Type: TBA. (16-bit unsigned integer).</t>
<t>Extension Data Length: 1. (16-bit unsigned integer. Length of the
multiple-hash-method field of this option, in octets.)</t>
<t>Mhash-method: 1 octet length field. If Mhash-method equal 0, it means
the method of denoting hash algorithm specified in RFC 4982 is adopted,
if Mhash-method equal 1, it means the method specified in this document
is adopted.</t>
</section>
<section title="Hash Algorithm Identity Parameter">
<t>A hash algorithm identity parameter (hid) in CGA is defiend to denote
the hash algorithm adopted when caculating HASH1 and HASH2. The hash
algorithm identity parameter is a three-bit unsigned integer, and it is
encoded in the 3rd-5th bits of the interface identifier. This can be
written as follows:</t>
<t>hid = (interface identifier & 0x1c00000000000000) >> 58</t>
<t><figure>
<artwork><![CDATA[ 0 1 2 3 4 5 6 7 8 9 0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sec | hid |0 0| Leftmost 56 bits of HASH1 output |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
</figure></t>
</section>
<section title="CGA Generation Procedure ">
<t>Generate a CGA as defined in RFC 3972 except some modification to
steps 2,3,5,6 and 9 as shown in the following:</t>
<t><list style="numbers">
<t>Set the modifier to a random or pseudo-random 128-bit value.</t>
<t>Concatenate from left to right the modifier, 9 zero octets, the
encoded public key, and any optional extension fields. Execute the
adopted hash algorithm ( denoted by value of hid) on the
concatenation. Take the 112( or 115 in case sec=7 ) leftmost bits of
the hash value. The result is Hash2.</t>
<t>Compare the 16*Sec+3 leftmost bits of Hash2 with zero. If they
are all zero, continue with step 4. Otherwise, increment the
modifier by one and go back to step 2.</t>
<t>Set the 8-bit collision count to zero.</t>
<t>Concatenate from left to right the final modifier value, the
subnet prefix, the collision count, the encoded public key, and any
optional extension fields. Execute the adopted hash algorithm on the
concatenation. Take the 56 leftmost bits of the hash value. The
result is Hash1.</t>
<t>Form an interface identifier from Hash1 by writing the value of
Sec into the three leftmost bits, writing teh value of hid into the
following three bits and by setting bits 6 and 7 (i.e., the "u" and
"g" bits) to zero.</t>
<t>Concatenate the 64-bit subnet prefix and the 64-bit interface
identifier to form a 128-bit IPv6 address with the subnet prefix to
the left and interface identifier to the right, as in a standard
IPv6 address .</t>
<t>Perform duplicate address detection if required. If an address
collision is detected, increment the collision count by one and go
back to step 5. However, after three collisions, stop and report the
error.</t>
<t>Form the CGA Parameters data structure by concatenating from left
to right the final modifier value, the subnet prefix, the final
collision count value, the encoded public key, Mhash-method value
(equal 1 in this case) and any other optional extension fields.</t>
</list></t>
</section>
<section title="CGA Verification Procedure ">
<t>Veirfy a CGA as defined in RFC 3972 except some modification to steps
3,4,6 and 7 as shown in the following:</t>
<t><list style="numbers">
<t>Check that the collision count in the CGA Parameters data
structure is 0, 1, or 2. The CGA verification fails if the collision
count is out of the valid range.</t>
<t>Check that the subnet prefix in the CGA Parameters data structure
is equal to the subnet prefix (i.e., the leftmost 64 bits) of the
address. The CGA verification fails if the prefix values differ.</t>
<t>if the Mhash-method value in the Mhash-method extenstion filed is
1, read the hash algorithm identity parameter hid from the 3rd-5th
bits of the 64-bit interface identifier of the address, execute the
hash algorithm denoted by hid on the CGA Parameters data structure.
Take the 56 leftmost bits of the hash value. The result is Hash1. If
the Mhash-method value in the Mhash-method extenstion filed is 0, do
exactly as sepcified in RFC 3972 and RFC4982.</t>
<t>Compare Hash1 with the interface identifier (i.e., the rightmost
56 bits) of the address. If the 56-bit values differ, the CGA
verification fails.</t>
<t>Read the security parameter Sec from the three leftmost bits of
the 64-bit interface identifier of the address. (Sec is an unsigned
3-bit integer.)</t>
<t>Concatenate from left to right the modifier, 9 zero octets, the
public key, and any extension fields that follow the public key in
the CGA Parameters data structure. Execute the hash algorithm
denoted by hid on the concatenation. Take the 112 (or 115 in case
sec=7) leftmost bits of the SHA-1 hash value. The result is
Hash2.</t>
<t>Compare the 16*Sec+3 leftmost bits of Hash2 with zero. If any one
of them is not zero, the CGA verification fails. Otherwise, the
verification succeeds.</t>
</list></t>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This document defines one new CGA Extension Type [RFC4581] option,
which must be assigned by IANA:</t>
<t>Name: Mhash-method extension type;</t>
<t>Value: TBA.</t>
<t>Description: see Section 2.</t>
<t>The values of Mhash-method are also defined:</t>
<t>Name: Mhash-method extension value;</t>
<t>Value: 0 meaning RFC 4982, 1 meaning this document;</t>
<t>Description: see Section 2.</t>
<t>This document also defines a new parameter (hid) in CGA, the value of
which must be assigned by IANA. It may be assigned as follows:</t>
<t><figure>
<artwork><![CDATA[ Name | Value
-------------------+-------
SHA-1 | 000
SHA-244 | 001
SHA-256 | 010
SHA-384 | 011
SHA-512 | 100
TBD | 101
TBD | 110
TBD | 111
]]></artwork>
</figure></t>
<t></t>
</section>
<section anchor="Security" title="Security Considerations">
<t>The method in this document have the hash algorithm identifier as
part of the interface identifier and ultimatly part of IPv6 address,
downgrading attack can be avoided as analysed in RFC 4982.</t>
<t>WIth 3 bits off the interface identifier used for output of HASH1,
the security level will be downgraded to O(2^56) from O(2^59), but with
the increment by 3 of the check bits in the output of HASH2, the whole
security level is kept the same, i.e.,O( 2^(16*sec+59)).</t>
</section>
</middle>
<!-- *****BACK MATTER ***** -->
<back>
<!-- References split into informative and normative -->
<!-- There are 2 ways to insert reference entries from the citation libraries:
1. define an ENTITY at the top, and use "ampersand character"RFC2629; here (as shown)
2. simply use a PI "less than character"?rfc include="reference.RFC.2119.xml"?> here
(for I-Ds: include="reference.I-D.narten-iana-considerations-rfc2434bis.xml")
Both are cited textually in the same manner: by using xref elements.
If you use the PI option, xml2rfc will, by default, try to find included files in the same
directory as the including file. You can also define the XML_LIBRARY environment variable
with a value containing a set of directories to search. These can be either in the local
filing system or remote ones accessed by http (http://domain/dir/... ).-->
<references title="Normative References">
<?rfc include='reference.RFC.2119.xml'?>
<?rfc include='reference.RFC.3972.xml'?>
<?rfc include='reference.RFC.4982.xml'?>
</references>
<!-- -->
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 04:27:24 |