Re: [Autoconf] Call for comments to a new AUTOCONF charter proposal.
"Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com> Wed, 30 June 2010 11:00 UTC
Return-Path: <Chris.Dearlove@baesystems.com>
X-Original-To: autoconf@core3.amsl.com
Delivered-To: autoconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B16323A68A9 for <autoconf@core3.amsl.com>; Wed, 30 Jun 2010 04:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.298
X-Spam-Level:
X-Spam-Status: No, score=-4.298 tagged_above=-999 required=5 tests=[AWL=-0.299, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBwoFmNXdui2 for <autoconf@core3.amsl.com>; Wed, 30 Jun 2010 04:00:30 -0700 (PDT)
Received: from ukmta3.baesystems.com (ukmta3.baesystems.com [20.133.40.55]) by core3.amsl.com (Postfix) with ESMTP id 9A8FB3A687E for <autoconf@ietf.org>; Wed, 30 Jun 2010 04:00:30 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.53,511,1272841200"; d="scan'208";a="73694914"
Received: from unknown (HELO baemasodc004.greenlnk.net) ([10.108.36.11]) by Baemasodc001ir.sharelnk.net with ESMTP; 30 Jun 2010 12:00:41 +0100
Received: from glkms1102.GREENLNK.NET (glkms1102.greenlnk.net [10.108.36.193]) by baemasodc004.greenlnk.net (Switch-3.4.3/Switch-3.4.3) with ESMTP id o5UB0eOQ024528; Wed, 30 Jun 2010 12:00:40 +0100
Received: from GLKMS2100.GREENLNK.NET ([10.15.184.93]) by glkms1102.GREENLNK.NET with Microsoft SMTPSVC(6.0.3790.3959); Wed, 30 Jun 2010 12:00:40 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
x-mimeole: Produced By Microsoft Exchange V6.5
Date: Wed, 30 Jun 2010 12:00:40 +0100
Message-ID: <ABE739C5ADAC9A41ACCC72DF366B719D0333F7DC@GLKMS2100.GREENLNK.NET>
In-Reply-To: <4C2B1762.1070600@piuha.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
thread-topic: [Autoconf] Call for comments to a new AUTOCONF charter proposal.
thread-index: AcsYPBJW9D3tSQ1BTxGmDyYOS8H+/gABFoDg
References: <BFD8FF22-FD36-436E-9985-7BFA2E234081@gmail.com> <201006290803.34192.henning.rogge@fkie.fraunhofer.de><ABE739C5ADAC9A41ACCC72DF366B719D0333F14C@GLKMS2100.GREENLNK.NET><4C2A723E.3020806@piuha.net><ABE739C5ADAC9A41ACCC72DF366B719D0333F6EC@GLKMS2100.GREENLNK.NET> <4C2B1762.1070600@piuha.net>
From: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
To: Jari Arkko <jari.arkko@piuha.net>
X-OriginalArrivalTime: 30 Jun 2010 11:00:40.0907 (UTC) FILETIME=[7A9B61B0:01CB1843]
Cc: autoconf@ietf.org
Subject: Re: [Autoconf] Call for comments to a new AUTOCONF charter proposal.
X-BeenThere: autoconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Ad-Hoc Network Autoconfiguration WG discussion list <autoconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/autoconf>, <mailto:autoconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/autoconf>
List-Post: <mailto:autoconf@ietf.org>
List-Help: <mailto:autoconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/autoconf>, <mailto:autoconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2010 11:00:31 -0000
Jari > I am hopeful though that there are clever ways to address > the biggest security issues without causing too much pain. I'm interested of course, but always sceptical. Pain-free security is elusive. > For instance, FCFS type of address and prefix allocation > in the large IPv6 address space seems amenable for some > proof-of-ownership solution. Any references? Right now I don't follow how that would work. But willing to be educated. The problem in a wireless network in particular is that a bad guy can send any pattern of bits he feels like, including any addresses he feels like using. The address(es) may be good, but he's not. That means the good guy needs to include something in a message that the bad guy can't reproduce (apart from replays, and they can be solved). It would appear that to do so the good guy must be preconfigured with something. If that something is specific to that device, couldn't the something include an address, or at least something to help the address problem? If the something is common to all devices, that's less security than I'd like (compromise one device, compromise them all). But the key point is I think that security really needs to be up front, part of the requirements/problem statement, and hence in the charter. This really is a case where security cannot be an afterthought. This is actually quite separate from the issue of whether centralised DHCP is what the WG should study. It's been noted that at least this way the WG might accomplish something, which is an issue. The question is whether it accomplishes anything really useful, given that even multiple DHCP servers are just for the future. I guess that needs people to stand up and say that if they had this, this would be what they need, and that they'd be quite happy with having to wait quite a while (a couple of years?) before any work in the WG was spent on anything decentralised. If enough people say that, that justifies the work (and provides some people who might be prevailed on to help). However I'm not standing up. -- Christopher Dearlove Technology Leader, Communications Group Networks, Security and Information Systems Department BAE Systems Advanced Technology Centre West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK Tel: +44 1245 242194 Fax: +44 1245 242124 BAE Systems (Operations) Limited Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK Registered in England & Wales No: 1996687 ******************************************************************** This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. ********************************************************************
- [Autoconf] Call for comments to a new AUTOCONF ch… Ryuji Wakikawa
- Re: [Autoconf] Call for comments to a new AUTOCON… Henning Rogge
- Re: [Autoconf] Call for comments to a new AUTOCON… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Carlos Jesús Bernardos Cano
- Re: [Autoconf] Call for comments to a new AUTOCON… Carlos Jesús Bernardos Cano
- Re: [Autoconf] Call for comments to a new AUTOCON… Alexandru Petrescu
- Re: [Autoconf] Call for comments to a new AUTOCON… Alexandru Petrescu
- Re: [Autoconf] Call for comments to a new AUTOCON… Henning Rogge
- Re: [Autoconf] Call for comments to a new AUTOCON… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Jari Arkko
- Re: [Autoconf] Call for comments to a new AUTOCON… Teco Boot
- Re: [Autoconf] Call for comments to a new AUTOCON… Ryuji Wakikawa
- Re: [Autoconf] Call for comments to a new AUTOCON… Jari Arkko
- Re: [Autoconf] Call for comments to a new AUTOCON… Zach Shelby
- Re: [Autoconf] Call for comments to a new AUTOCON… Alexandru Petrescu
- Re: [Autoconf] Call for comments to a new AUTOCON… Alexandru Petrescu
- Re: [Autoconf] Call for comments to a new AUTOCON… Ulrich Herberg
- Re: [Autoconf] Call for comments to a new AUTOCON… Zach Shelby
- Re: [Autoconf] Call for comments to a new AUTOCON… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Jari Arkko
- Re: [Autoconf] Call for comments to a new AUTOCON… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Jari Arkko
- Re: [Autoconf] Call for comments to a new AUTOCON… Carlos Jesús Bernardos Cano
- Re: [Autoconf] Call for comments to a new AUTOCON… Carlos Jesús Bernardos Cano
- Re: [Autoconf] Security (Was: Re: Call for commen… Henning Rogge
- Re: [Autoconf] Call for comments to a new AUTOCON… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… HyungJin Lim
- Re: [Autoconf] Call for comments to a new AUTOCON… Henning Rogge
- Re: [Autoconf] Call for comments to a new AUTOCON… Emmanuel Baccelli
- [Autoconf] Security (Was: Re: Call for comments t… Jari Arkko
- Re: [Autoconf] Security (Was: Re: Call for commen… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Stan Ratliff
- Re: [Autoconf] Security (Was: Re: Call for commen… Jari Arkko
- Re: [Autoconf] Security (Was: Re: Call for commen… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Charles E. Perkins
- Re: [Autoconf] Call for comments to a new AUTOCON… Charles E. Perkins
- Re: [Autoconf] Call for comments to a new AUTOCON… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Emmanuel Baccelli
- Re: [Autoconf] Call for comments to a new AUTOCON… Teco Boot
- Re: [Autoconf] Call for comments to a new AUTOCON… Zach Shelby
- Re: [Autoconf] Call for comments to a new AUTOCON… Henning Rogge
- Re: [Autoconf] Call for comments to a new AUTOCON… Holtzer, A.C.G. (Arjen)
- Re: [Autoconf] Call for comments to a new AUTOCON… Charles E. Perkins
- Re: [Autoconf] Call for comments to a new AUTOCON… Teco Boot
- Re: [Autoconf] Call for comments to a new AUTOCON… Mark Townsley
- Re: [Autoconf] Call for comments to a new AUTOCON… Teco Boot
- Re: [Autoconf] Call for comments to a new AUTOCON… Emmanuel Baccelli
- Re: [Autoconf] Call for comments to a new AUTOCON… Mark Townsley
- Re: [Autoconf] Call for comments to a new AUTOCON… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Mark Townsley
- Re: [Autoconf] Call for comments to a new AUTOCON… Dearlove, Christopher (UK)
- Re: [Autoconf] Call for comments to a new AUTOCON… Cedric Adjih
- Re: [Autoconf] Call for comments to a new AUTOCON… Teco Boot
- Re: [Autoconf] DHCP and AUTOCONF (was: Call for c… Alexandru Petrescu