Re: [dna] next steps on draft-ietf-dna-simple
"Bernard Aboba" <bernard_aboba@hotmail.com> Fri, 20 November 2009 13:30 UTC
Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: dna@core3.amsl.com
Delivered-To: dna@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C17D03A6AC6 for <dna@core3.amsl.com>; Fri, 20 Nov 2009 05:30:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.326
X-Spam-Level:
X-Spam-Status: No, score=-0.326 tagged_above=-999 required=5 tests=[AWL=0.414, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3L-dQ2y17Tq for <dna@core3.amsl.com>; Fri, 20 Nov 2009 05:30:06 -0800 (PST)
Received: from blu0-omc2-s29.blu0.hotmail.com (blu0-omc2-s29.blu0.hotmail.com [65.55.111.104]) by core3.amsl.com (Postfix) with ESMTP id 397FD3A68EF for <dna@ietf.org>; Fri, 20 Nov 2009 05:30:04 -0800 (PST)
Received: from BLU137-DS3 ([65.55.111.72]) by blu0-omc2-s29.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 20 Nov 2009 05:30:01 -0800
X-Originating-IP: [24.19.160.219]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU137-DS30C25B4F36BCE5F1D5C4593A10@phx.gbl>
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: 'Jari Arkko' <jari.arkko@piuha.net>, "'Suresh Krishnan (QB/EMC)'" <suresh.krishnan@ericsson.com>, draft-ietf-dna-simple@tools.ietf.org, 'Ralph Droms' <rdroms@cisco.com>, 'Lars Eggert' <lars.eggert@nokia.com>
References: <4B0655CB.2040309@piuha.net>
In-Reply-To: <4B0655CB.2040309@piuha.net>
Date: Fri, 20 Nov 2009 05:30:13 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcppvQLJ7ItJirIBTUaGOr1PTwr3RgAJZBYg
Content-Language: en-us
X-OriginalArrivalTime: 20 Nov 2009 13:30:01.0757 (UTC) FILETIME=[8FFC14D0:01CA69E5]
Cc: 'DNA' <dna@eng.monash.edu.au>, dna@ietf.org
Subject: Re: [dna] next steps on draft-ietf-dna-simple
X-BeenThere: dna@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNA working group mailing list <dna.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dna>
List-Post: <mailto:dna@ietf.org>
List-Help: <mailto:dna-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2009 13:30:06 -0000
Jari said: Please add the following text to the end of the security considerations section: The DNA procedure does not in itself provide positive, secure authentication of the router(s) on the network, or authentication of the network itself, as e.g. would be provided by mutual authentication at the link layer. Therefore when such assurance is not available, the host MUST NOT make any security-sensitive decisions based on the DNA procedure. In particular, it MUST NOT decide it has rejoined a network known to be physically secure, and proceed to abandon cryptographic protection. [BA] Where SEND is in use, DNA *does* provide positive, secure authentication of the router(s) on the network. Also, the procedures of Section 4.7.1 ensure that DNA does not override secure mechanisms available on a network, such as DHCPv6 security or SEND. Therefore, DNA provides security equivalent to existing procedures. While it's true that a host should not make security decisions based on insecure mechanisms (e.g. insecure DHCPv6 or RS/RA), that advice is not unique to simple DNA. 4) Lars Eggert was happy that the draft included retransmission rules, but noted that the draft should also set an upper limit on how many previous routers are probed. Please add the following text to end of Section 4.4: A Simple DNA implementation SHOULD limit probing to at most six previously seen routers. [BA] This is fine; existing implementations typically have such a limit.
- [dna] next steps on draft-ietf-dna-simple Jari Arkko
- Re: [dna] next steps on draft-ietf-dna-simple Bernard Aboba
- [dna] DNA and DHCPv6 Bernard Aboba
- Re: [dna] DNA and DHCPv6 Ralph Droms
- Re: [dna] DNA and DHCPv6 Bernard Aboba
- Re: [dna] DNA and DHCPv6 Ralph Droms
- Re: [dna] DNA and DHCPv6 Bernard Aboba
- Re: [dna] next steps on draft-ietf-dna-simple Suresh Krishnan
- Re: [dna] [DNA] RE: DNA and DHCPv6 Bernard Aboba
- Re: [dna] next steps on draft-ietf-dna-simple Bernard Aboba
- Re: [dna] next steps on draft-ietf-dna-simple Jari Arkko
- Re: [dna] next steps on draft-ietf-dna-simple Bernard Aboba
- Re: [dna] next steps on draft-ietf-dna-simple Jari Arkko
- Re: [dna] next steps on draft-ietf-dna-simple Ted Lemon
- Re: [dna] next steps on draft-ietf-dna-simple Jari Arkko
- Re: [dna] next steps on draft-ietf-dna-simple Suresh Krishnan
- Re: [dna] next steps on draft-ietf-dna-simple Jari Arkko