IETF Logo Mail Archive

Re: [Autoconf] Call for comments to a new AUTOCONF charter proposal.

Henning Rogge <hrogge@googlemail.com> Wed, 30 June 2010 13:14 UTC

Return-Path: <hrogge@googlemail.com>
X-Original-To: autoconf@core3.amsl.com
Delivered-To: autoconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 165343A6AC9 for <autoconf@core3.amsl.com>; Wed, 30 Jun 2010 06:14:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.856
X-Spam-Level:
X-Spam-Status: No, score=-1.856 tagged_above=-999 required=5 tests=[AWL=0.743, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0kRJ84cQqV6A for <autoconf@core3.amsl.com>; Wed, 30 Jun 2010 06:14:16 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 4CE323A6830 for <autoconf@ietf.org>; Wed, 30 Jun 2010 06:14:16 -0700 (PDT)
Received: by wyb40 with SMTP id 40so826638wyb.31 for <autoconf@ietf.org>; Wed, 30 Jun 2010 06:14:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:cc:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=D1pOnygu1oq7v6DZB2fboc2KH+SQgFzs/oq9+d5OZrQ=; b=DBrPOQHN+K5FoWVKDTN+6WWMTU8glXHASXaQu2bgY7qAXnqTXrzRP5SD4X4E6KqbBu yZHiJyCqweQm4bF1i4K1pnDyAMV/fDV01y3H2nCDmw8eoxyAcbZJFnGJVDw784pOXVOm B1K2POVftgGiTuJXaSK6Rm/mzDndY0NfzBqHY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=GccLR6IG9681FQ+0dv88/m7vfDf/pOMy2FoKsZMqrWRYyuKdYdextNeqXG3bQGwtbP 2Ig6yOs/z+svZsvuH6nUmp8YTsfZbZDGULv+MYyfjXTYf226TTPF/dFspBuJMnh8TTtP mWcK2jz2Y9EtwC1IxLAAO/KsCJgwPS3643UzY=
Received: by 10.216.172.204 with SMTP id t54mr6971258wel.44.1277903295235; Wed, 30 Jun 2010 06:08:15 -0700 (PDT)
Received: from core2.localnet (static-87-79-93-195.netcologne.de [87.79.93.195]) by mx.google.com with ESMTPS id w19sm8692568weq.44.2010.06.30.06.08.13 (version=SSLv3 cipher=RC4-MD5); Wed, 30 Jun 2010 06:08:13 -0700 (PDT)
From: Henning Rogge <hrogge@googlemail.com>
To: autoconf@ietf.org
Date: Wed, 30 Jun 2010 15:08:04 +0200
User-Agent: KMail/1.13.3 (Linux/2.6.34-gentoo-r1; KDE/4.4.4; x86_64; ; )
References: <BFD8FF22-FD36-436E-9985-7BFA2E234081@gmail.com> <4C2B2805.5060307@piuha.net> <ABE739C5ADAC9A41ACCC72DF366B719D0333F820@GLKMS2100.GREENLNK.NET>
In-Reply-To: <ABE739C5ADAC9A41ACCC72DF366B719D0333F820@GLKMS2100.GREENLNK.NET>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2373826.atE9SGHUAA"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Content-Transfer-Encoding: 7bit
Message-Id: <201006301508.11533.hrogge@googlemail.com>
Cc: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
Subject: Re: [Autoconf] Call for comments to a new AUTOCONF charter proposal.
X-BeenThere: autoconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Ad-Hoc Network Autoconfiguration WG discussion list <autoconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/autoconf>, <mailto:autoconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/autoconf>
List-Post: <mailto:autoconf@ietf.org>
List-Help: <mailto:autoconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/autoconf>, <mailto:autoconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2010 13:14:18 -0000

Am Mittwoch 30 Juni 2010, 13:40:49 schrieb Dearlove, Christopher (UK):
> From RFC 3971
> 
>    To protect Router Discovery, SEND requires that routers be authorized
>    to act as routers.  This authorization is provisioned in both routers
>    and hosts.  Routers are given certificates from a trust anchor, and
>    the hosts are configured with the trust anchor(s) to authorize
>    routers.
> 
> That's both significant pre-configuration, and problematic in an ad hoc
> network. (The rest of section 6 has a whole lot more complexity.)

Address configuration security will need at least some kind of certificate 
system.
Hmm, maybe a selfsigned certificate would work (nodes generate an identity for 
themselves, then get their address bound to this identity)...

I agree we should not forget security aspects, they are very difficult to add 
on this protocol layer (similar to security for routing protocols).

Henning Rogge

-- 
1) You can't win.
2) You can't break even.
3) You can't leave the game.
— The Laws of Thermodynamics, summarized

v2.23.0 | Report a Bug | By Email