Re: [Anima] Is this how BRSKI/IPIP works?

[Toerless Eckert <tte@cs.fau.de>]

Sorry, cathing up late with the thread.

Thanks, Eliot. Thats good information. The MAC address based limited
link-local address space is a problem for devices running a proxy.
Do you have an idea about some class of devices that has the issue
that you describe and that could be proxies ?

I know about these crazy LED lightbulbs that actually build a mesh
network. Is that what you where alluding to ? 

But would those type of devices really be able to do all the
security stuff of ANIM/BRSKI ?

Cheers
    Toerless

On Thu, Jul 13, 2017 at 10:58:45PM +0200, Eliot Lear wrote:
> Hi Toerless,
> 
> 
> On 7/6/17 9:09 AM, Toerless Eckert wrote:
> > On Thu, Jul 06, 2017 at 04:34:05PM +1200, Brian E Carpenter wrote:
> >> It used to be, but the recommendation today is a pseudo-random
> >> value (RFC7217). In any case it's a software choice.
> > brand new recommendations do not equate to be expected
> > standard practice in products. Would be very good to have
> > folks with practical insight into various products to 
> > provide more information.
> On this point, I think it's quite likely that we will see a good number
> of devices fielded that will do a lousy job of PRNG, and so it would be
> inadvisable for them to implement RFC7217, lest they test their DAD code
> in ways not really intended.  I'm not thinking about iPhones here, but
> energy harvesting devices like some light switches, and a bunch of,
> well,... crap.
> 
> The question is whether you should design for these devices.  IMHO "no"
> is a perfectly valid answer, but I'm still a bit skeptical about the
> value of 7217 for these class of devices in any event.
> 
> Eliot