IETF Logo Mail Archive

Re: [Autoconf] Security (Was: Re: Call for comments to a new AUTOCONF charter proposal.)

"Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com> Wed, 30 June 2010 14:13 UTC

Return-Path: <Chris.Dearlove@baesystems.com>
X-Original-To: autoconf@core3.amsl.com
Delivered-To: autoconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE4043A6A1F for <autoconf@core3.amsl.com>; Wed, 30 Jun 2010 07:13:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.594
X-Spam-Level:
X-Spam-Status: No, score=-5.594 tagged_above=-999 required=5 tests=[AWL=1.005, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nmfEks6zIEwo for <autoconf@core3.amsl.com>; Wed, 30 Jun 2010 07:13:35 -0700 (PDT)
Received: from ukmta3.baesystems.com (ukmta3.baesystems.com [20.133.40.55]) by core3.amsl.com (Postfix) with ESMTP id EBA4C3A6993 for <autoconf@ietf.org>; Wed, 30 Jun 2010 07:13:34 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.53,513,1272841200"; d="scan'208";a="73761451"
Received: from unknown (HELO baemasodc004.greenlnk.net) ([10.108.36.11]) by Baemasodc001ir.sharelnk.net with ESMTP; 30 Jun 2010 15:13:45 +0100
Received: from glkms1103.GREENLNK.NET (glkms1103.greenlnk.net [10.108.36.194]) by baemasodc004.greenlnk.net (Switch-3.4.3/Switch-3.4.3) with ESMTP id o5UEDiwF024051; Wed, 30 Jun 2010 15:13:45 +0100
Received: from GLKMS2100.GREENLNK.NET ([10.15.184.93]) by glkms1103.GREENLNK.NET with Microsoft SMTPSVC(6.0.3790.3959); Wed, 30 Jun 2010 15:13:45 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
x-mimeole: Produced By Microsoft Exchange V6.5
Date: Wed, 30 Jun 2010 15:13:45 +0100
Message-ID: <ABE739C5ADAC9A41ACCC72DF366B719D0333F996@GLKMS2100.GREENLNK.NET>
In-Reply-To: <4C2B4B92.1010607@piuha.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
thread-topic: [Autoconf] Security (Was: Re: Call for comments to a new AUTOCONF charter proposal.)
thread-index: AcsYWze7uMa+rxUSSteGELqK67atPgAAoecQ
References: <BFD8FF22-FD36-436E-9985-7BFA2E234081@gmail.com> <201006290803.34192.henning.rogge@fkie.fraunhofer.de><ABE739C5ADAC9A41ACCC72DF366B719D0333F14C@GLKMS2100.GREENLNK.NET><4C2A723E.3020806@piuha.net><ABE739C5ADAC9A41ACCC72DF366B719D0333F6EC@GLKMS2100.GREENLNK.NET><4C2B1762.1070600@piuha.net><ABE739C5ADAC9A41ACCC72DF366B719D0333F7DC@GLKMS2100.GREENLNK.NET><4C2B2805.5060307@piuha.net><ABE739C5ADAC9A41ACCC72DF366B719D0333F820@GLKMS2100.GREENLNK.NET> <4C2B4B92.1010607@piuha.net>
From: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
To: Jari Arkko <jari.arkko@piuha.net>
X-OriginalArrivalTime: 30 Jun 2010 14:13:45.0083 (UTC) FILETIME=[73505CB0:01CB185E]
Cc: autoconf@ietf.org
Subject: Re: [Autoconf] Security (Was: Re: Call for comments to a new AUTOCONF charter proposal.)
X-BeenThere: autoconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Ad-Hoc Network Autoconfiguration WG discussion list <autoconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/autoconf>, <mailto:autoconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/autoconf>
List-Post: <mailto:autoconf@ietf.org>
List-Help: <mailto:autoconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/autoconf>, <mailto:autoconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2010 14:13:37 -0000

Jari
> I did not mean to imply that SEND would directly be a good fit for
your 
> problem. In fact, I was not thinking of SEND's router authorization
part 
> at all. I was thinking of SEND host's ability to create addresses 
> securely and defend them from other hosts, all without any 
> pre-configuration, or reliance on routers.

But one thing that the almost interminable autoconf discussions have
made clear is that ad hoc nodes are routers, and if a SEND-like
mechanism requires much of its routers, it would require much of the
routers in an ad hoc network, i.e. all the nodes.

For security we are also, unfortunately, defending against Machiavelli,
not just against Murphy. If you pick an address, and I'm a bad guy,
observing you using the address is a reason for me to use that address,
not a reason to avoid it.

********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************

v2.23.0 | Report a Bug | By Email