Re: [Autoconf] Security (Was: Re: Call for comments to a new AUTOCONF charter proposal.)

[Jari Arkko <jari.arkko@piuha.net>]

Christopher,

> But one thing that the almost interminable autoconf discussions have
> made clear is that ad hoc nodes are routers, and if a SEND-like
> mechanism requires much of its routers, it would require much of the
> routers in an ad hoc network, i.e. all the nodes.
>   

Please do not take the SEND model literally here. I am trying to suggest 
that some ideas similar to those used in other parts of SEND might be 
useful for protecting address autoconfiguration, which is what this WG 
is about. Other parts of SEND do not IMHO appear suitable. But again, 
I'm just handwaving so I could be wrong.

> For security we are also, unfortunately, defending against Machiavelli,
> not just against Murphy. If you pick an address, and I'm a bad guy,
> observing you using the address is a reason for me to use that address,
> not a reason to avoid it.
>   

Right. And that is precisely the type of an attack that the address 
configuration security mechanisms could protect against.

Of course, in ad hoc networking the full scope of security problems is 
wider. Presumably there are Byzantine security issues, for instance. But 
technically those are part of the routing protocol. I'm not sure what 
MANET or ROLL has done in this space, for instance. Do you know? I do 
not believe these are for this working group, however.

Anyway, I think we've debated long enough about this particular topic. 
If I believe there are clever ways to deal with the address 
autoconfiguration security problem I need to write it up and then we can 
have a more in-depth discussion. Lets do that later.

Jari