IETF Logo Mail Archive

[Autoconf] Security (Was: Re: Call for comments to a new AUTOCONF charter proposal.)

Jari Arkko <jari.arkko@piuha.net> Wed, 30 June 2010 13:50 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: autoconf@core3.amsl.com
Delivered-To: autoconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8CE028B23E for <autoconf@core3.amsl.com>; Wed, 30 Jun 2010 06:50:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.83
X-Spam-Level:
X-Spam-Status: No, score=-1.83 tagged_above=-999 required=5 tests=[AWL=0.769, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K+lPWwXY+nad for <autoconf@core3.amsl.com>; Wed, 30 Jun 2010 06:50:00 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by core3.amsl.com (Postfix) with ESMTP id AB24F3A6A42 for <autoconf@ietf.org>; Wed, 30 Jun 2010 06:50:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id F38D92CED7; Wed, 30 Jun 2010 16:50:10 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JncsBzYo+f-7; Wed, 30 Jun 2010 16:50:10 +0300 (EEST)
Received: from [IPv6:::1] (unknown [IPv6:2001:14b8:400::130]) by p130.piuha.net (Postfix) with ESMTP id 6C4412CC62; Wed, 30 Jun 2010 16:50:10 +0300 (EEST)
Message-ID: <4C2B4B92.1010607@piuha.net>
Date: Wed, 30 Jun 2010 16:50:10 +0300
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
References: <BFD8FF22-FD36-436E-9985-7BFA2E234081@gmail.com> <201006290803.34192.henning.rogge@fkie.fraunhofer.de><ABE739C5ADAC9A41ACCC72DF366B719D0333F14C@GLKMS2100.GREENLNK.NET><4C2A723E.3020806@piuha.net><ABE739C5ADAC9A41ACCC72DF366B719D0333F6EC@GLKMS2100.GREENLNK.NET><4C2B1762.1070600@piuha.net><ABE739C5ADAC9A41ACCC72DF366B719D0333F7DC@GLKMS2100.GREENLNK.NET> <4C2B2805.5060307@piuha.net> <ABE739C5ADAC9A41ACCC72DF366B719D0333F820@GLKMS2100.GREENLNK.NET>
In-Reply-To: <ABE739C5ADAC9A41ACCC72DF366B719D0333F820@GLKMS2100.GREENLNK.NET>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: autoconf@ietf.org
Subject: [Autoconf] Security (Was: Re: Call for comments to a new AUTOCONF charter proposal.)
X-BeenThere: autoconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Ad-Hoc Network Autoconfiguration WG discussion list <autoconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/autoconf>, <mailto:autoconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/autoconf>
List-Post: <mailto:autoconf@ietf.org>
List-Help: <mailto:autoconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/autoconf>, <mailto:autoconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2010 13:50:06 -0000

Christopher,

> >From RFC 3971
>
>    To protect Router Discovery, SEND requires that routers be authorized
>    to act as routers.  This authorization is provisioned in both routers
>    and hosts.  Routers are given certificates from a trust anchor, and
>    the hosts are configured with the trust anchor(s) to authorize
>    routers.  
>
> That's both significant pre-configuration, and problematic in an ad hoc
> network. (The rest of section 6 has a whole lot more complexity.)
>   

I did not mean to imply that SEND would directly be a good fit for your 
problem. In fact, I was not thinking of SEND's router authorization part 
at all. I was thinking of SEND host's ability to create addresses 
securely and defend them from other hosts, all without any 
pre-configuration, or reliance on routers.

Jari

v2.23.0 | Report a Bug | By Email