Re: [dna] next steps on draft-ietf-dna-simple

Jari Arkko <jari.arkko@piuha.net> Thu, 10 December 2009 17:08 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: dna@core3.amsl.com
Delivered-To: dna@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C5DA03A6B14; Thu, 10 Dec 2009 09:08:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.546
X-Spam-Level:
X-Spam-Status: No, score=-2.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id INx2pCnvfII4; Thu, 10 Dec 2009 09:08:16 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by core3.amsl.com (Postfix) with ESMTP id EC6D23A6ACF; Thu, 10 Dec 2009 09:08:15 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 1D681D4946; Thu, 10 Dec 2009 19:08:04 +0200 (EET)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QXeLzktAeK7v; Thu, 10 Dec 2009 19:08:03 +0200 (EET)
Received: from [IPv6:::1] (unknown [IPv6:2001:14b8:400::130]) by p130.piuha.net (Postfix) with ESMTP id 761DED4930; Thu, 10 Dec 2009 19:08:03 +0200 (EET)
Message-ID: <4B212AF2.6080201@piuha.net>
Date: Thu, 10 Dec 2009 19:08:02 +0200
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Bernard Aboba <bernard_aboba@hotmail.com>
References: <4B0655CB.2040309@piuha.net> <4B203D25.5090409@ericsson.com> <BLU137-DS1F32A2E3E81C6B537AB94938D0@phx.gbl>, <4B21272D.7060605@piuha.net> <BLU137-W21E8A387CE0934AB3B3C08938D0@phx.gbl>
In-Reply-To: <BLU137-W21E8A387CE0934AB3B3C08938D0@phx.gbl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Dna <dna@eng.monash.edu.au>, dna@ietf.org, draft-ietf-dna-simple@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, Lars Eggert <lars.eggert@nokia.com>
Subject: Re: [dna] next steps on draft-ietf-dna-simple
X-BeenThere: dna@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNA working group mailing list <dna.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dna>
List-Post: <mailto:dna@ietf.org>
List-Help: <mailto:dna-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2009 17:08:17 -0000

Ok. Suresh, can you make this a part of the new version? Thanks.

Jari

Bernard Aboba wrote:
> This is fine.
>
> > Ok. How about this:
> >
> > "Unless SEND or other form of secure address configuration is used, the
> > DNA procedure does not in itself provide positive, secure 
> authentication
> > of the router(s) on the network, or authentication of the network
> > itself, as e.g. would be provided by mutual authentication at the link
> > layer. Therefore when such assurance is not available, the host MUST 
> NOT
> > make any security-sensitive decisions based on the DNA procedure alone.
> > In particular, it MUST NOT decide it has rejoined a network known to be
> > physically secure, and proceed to abandon cryptographic protection."
> >
> > Jari
> >