Re: [Autoconf] Call for comments to a new AUTOCONF charter proposal.

["Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>]

Jari
> I am hopeful though that there are clever ways to address
> the biggest security issues without causing too much pain.

I'm interested of course, but always sceptical. Pain-free
security is elusive.

> For instance, FCFS type of address and prefix allocation
> in the large IPv6 address space seems amenable for some
> proof-of-ownership solution.
 
Any references? Right now I don't follow how that would work.
But willing to be educated.

The problem in a wireless network in particular is that a
bad guy can send any pattern of bits he feels like, including
any addresses he feels like using. The address(es) may be good,
but he's not. That means the good guy needs to include something
in a message that the bad guy can't reproduce (apart from replays,
and they can be solved). It would appear that to do so the good
guy must be preconfigured with something. If that something is
specific to that device, couldn't the something include an
address, or at least something to help the address problem? If
the something is common to all devices, that's less security
than I'd like (compromise one device, compromise them all).

But the key point is I think that security really needs to be
up front, part of the requirements/problem statement, and hence
in the charter. This really is a case where security cannot be
an afterthought.

This is actually quite separate from the issue of whether
centralised DHCP is what the WG should study. It's been noted
that at least this way the WG might accomplish something, which
is an issue. The question is whether it accomplishes anything
really useful, given that even multiple DHCP servers are just
for the future. I guess that needs people to stand up and say
that if they had this, this would be what they need, and that
they'd be quite happy with having to wait quite a while (a
couple of years?) before any work in the WG was spent on
anything decentralised. If enough people say that, that justifies
the work (and provides some people who might be prevailed on to
help). However I'm not standing up.

-- 
Christopher Dearlove
Technology Leader, Communications Group
Networks, Security and Information Systems Department
BAE Systems Advanced Technology Centre
West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
Tel: +44 1245 242194  Fax: +44 1245 242124

BAE Systems (Operations) Limited
Registered Office: Warwick House, PO Box 87,
Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK
Registered in England & Wales No: 1996687



********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************