IETF Logo Mail Archive

Re: Admission Control to the IETF 78 and IETF 79 Networks

Phillip Hallam-Baker <hallam@gmail.com> Tue, 13 July 2010 16:05 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 74E8C3A695E for <ietf@core3.amsl.com>; Tue, 13 Jul 2010 09:05:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.435
X-Spam-Level:
X-Spam-Status: No, score=-1.435 tagged_above=-999 required=5 tests=[AWL=1.164, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TJuQvUyf2kRV for <ietf@core3.amsl.com>; Tue, 13 Jul 2010 09:05:17 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id CE01F3A67EC for <ietf@ietf.org>; Tue, 13 Jul 2010 09:05:16 -0700 (PDT)
Received: by pwj1 with SMTP id 1so2791746pwj.31 for <ietf@ietf.org>; Tue, 13 Jul 2010 09:05:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=2gAPY49nvAvB18a+k6CXUxj9lRO5M3jszUdnYc8SjJ0=; b=oHe/774354uz966C0RWTQguHQyKIJpO8kd4IijYCUEqVxQH6uNc6tsNWkp0tx+kxAm jHxUx/dhMdyprtJ/LG8ezWl5IcMoH6CulCj3Pn/23rRg0QxX9rYqdYivsBjsUZI3TuBD oERDzZGZ1iwa5IkJN2flKYgzPDKULFOevfcAI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=v5jvhXgX4NocKkpLtDoxcScny1DipoY8iMDIZepm7m3L4ZJ/Worxqf/d2A4N0uxWYb eKejF26/FQsN0vOBjXzziSGHNCJr64mXIEOAthK/z5L7w71/5WXu13570a7HQQZ+CV6z cCPoNIRLzcnr1rm59LEDUSpgbp5iTPkmC16yM=
MIME-Version: 1.0
Received: by 10.142.163.15 with SMTP id l15mr3938975wfe.6.1279037121677; Tue, 13 Jul 2010 09:05:21 -0700 (PDT)
Received: by 10.231.32.8 with HTTP; Tue, 13 Jul 2010 09:05:21 -0700 (PDT)
In-Reply-To: <AANLkTinQhd-Cn-wPsjhmGEPjjcpkVTlYkb7UfNf9-7Lc@mail.gmail.com>
References: <CFB08C07-DE90-47BE-ADFF-FC72162BBFA1@daedelus.com> <4C2BBD51.2060605@ietf.org> <6.2.5.6.2.20100701070804.0c26b8a0@resistor.net> <6D6E25E2-057B-4591-9288-1283036D0374@cisco.com> <AANLkTinMFsrGyIy9bu5kzUiZqNmDbf7lpS-eht8h3hvP@mail.gmail.com> <CCD1D0AD-97DC-4CE0-9E27-CC75B5F47C54@muada.com> <AANLkTilVmeg2Tgjgllg2yT3Oc34Y4ZuwXwl9U1ELfjhc@mail.gmail.com> <20100706170631.GK25518@thunk.org> <AANLkTil357pxy8tD49Q9ds9QVlSjo9h3p3akSN9UF1XS@mail.gmail.com> <AANLkTil0YIS9H-vYxIJJS_OC7tAlcCLQQycskFcLE71V@mail.gmail.com> <AANLkTilVAn3j-iXbdytu9en-OWAjlCFQSyQy1jiY1Zq1@mail.gmail.com> <AANLkTilCRrRhYVBNKdkaBudacJDCbBx3_48D9_U2RaSM@mail.gmail.com> <AANLkTinQhd-Cn-wPsjhmGEPjjcpkVTlYkb7UfNf9-7Lc@mail.gmail.com>
Date: Tue, 13 Jul 2010 12:05:21 -0400
Message-ID: <AANLkTikg8QmDxh93OAXbOsXt6KTuMcDYRGeXnU91Kh35@mail.gmail.com>
Subject: Re: Admission Control to the IETF 78 and IETF 79 Networks
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Mailman-Approved-At: Wed, 14 Jul 2010 09:14:52 -0700
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2010 16:05:20 -0000

While the fingerprint of the cert can be used as a globally unique
identifier, this approach has advantages and disadvantages.

Pro: There is no cost to generating the cert, the cert can be
generated after the device ships

Con: There is no cost to generating the cert, the cert can be
generated after the device ships. Thus there is no degree of
accountability established in the presentation of a cert. If a user
abuses the network (e.g. to send spam) there is no bar to prevent them
ditching the banned cert and re-applying for another.

Con: Existing management infrastructure is designed around the
communication of MAC addresses. Most computer system retailers
servicing the enterprise space already communicate the MAC address of
equipment to customers as part of the shipping process. Infrastructure
to support additional identifiers would have to be built out
separately and to avoid birthday paradox collisions, randomly unique
identifiers need to be twice as long as assigned ones making use of
simple barcodes impossible.


The IETF requirements can be met with cert fingerprints, the general
case requirement for accountability cannot without some party
providing rate limiting somewhere in the system.

On Mon, Jul 12, 2010 at 11:12 PM, Donald Eastlake <d3e3e3@gmail.com> wrote:
> See belos ...
>
>> On Mon, Jul 12, 2010 at 12:07 PM, Phillip Hallam-Baker <hallam@gmail.com>
>> wrote:
>>>
>>> No, if you read my book you would see the scheme I am proposing.
>>>
>>> The problem with current MAC addresses is that they are not
>>> trustworthy. That is accepted. If MAC addresses were not trivially
>>> forged then the existing WiFi scheme would work fine.
>>>
>>> ...
>>>
>>> Instead every device would have been issued with a device cert to bind
>>> the MAC address to a public key during manufacture. This is already a
>>> requirement for cable modems. The cost is of the order of cents per
>>> device if the certs are installed during manufacture. Maintenance
>>> costs get much higher as soon as the device has left the factory.
>
> I don't see any need for the MAC address to be bound. If the device
> has a build in cert, you can use that, regardless of what the MAC
> address is, to authenticate and secure communications.
>
> Isn't this provided by 802.1AR-2009? ( Available from
> http://standards.ieee.org/getieee802/802.1.html )
>
>>> The function of the certificate is to stop the MAC address being
>>> trivially forged. OK yes, if you design the protocols wrong then you
>>> can end up with Cisco being able to intercept on the wire traffic. But
>>> if you do the job right you can prevent interception even if the
>>> manufacturer defects.
>>>
>>> ...
>>>
>



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email