IETF Logo Mail Archive

Re: [Madinas] identities for legitimate devices

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 04 November 2020 17:23 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: madinas@ietfa.amsl.com
Delivered-To: madinas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC9A03A0E9F for <madinas@ietfa.amsl.com>; Wed, 4 Nov 2020 09:23:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.246
X-Spam-Level:
X-Spam-Status: No, score=-2.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id De0wqLHcyc3V for <madinas@ietfa.amsl.com>; Wed, 4 Nov 2020 09:23:53 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA52C3A0D29 for <madinas@ietf.org>; Wed, 4 Nov 2020 09:23:52 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id EC240BE5C; Wed, 4 Nov 2020 17:23:50 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id viOMZZrLR59K; Wed, 4 Nov 2020 17:23:49 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 21445BE5D; Wed, 4 Nov 2020 17:23:49 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1604510629; bh=5Fxb1suApc/BL01BxHZXg/BskA1InHWATsODqvuDTHs=; h=Subject:To:References:From:Date:In-Reply-To:From; b=K57V/SAZ2+MMk3dVZ9WoQjeE3V7PJ3mpi+oSZGOelDEmBqmTzOxM6oayuAqS+6uSK HAvrcWdzYQo02u2p9TPLtaRubd5IW5H3pPW6Rcfv0HtJos7hRvoNYkdRVqLxK0Ictq 8zuWnTxFEFglgPZfBUDFo1y3wFl3u1P3ou1xiHZY=
To: Michael Richardson <mcr+ietf@sandelman.ca>, Qin Wu <bill.wu@huawei.com>, "madinas@ietf.org" <madinas@ietf.org>
References: <B8F9A780D330094D99AF023C5877DABAADB22346@dggeml511-mbs.china.huawei.com> <14818.1604508889@localhost>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <7b63421e-a0f7-2dd4-0d0d-3f7c1f8fa3b9@cs.tcd.ie>
Date: Wed, 04 Nov 2020 17:23:47 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2
MIME-Version: 1.0
In-Reply-To: <14818.1604508889@localhost>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="HIomkcmcbjm8tVqSTnIcF0KAI1EGUxWsm"
Archived-At: <https://mailarchive.ietf.org/arch/msg/madinas/LtaV_foX7Phz0StXKe_qg6l-ffI>
Subject: Re: [Madinas] identities for legitimate devices
X-BeenThere: madinas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: MAC Address Device Identification for Network and Application Services <madinas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/madinas>, <mailto:madinas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/madinas/>
List-Post: <mailto:madinas@ietf.org>
List-Help: <mailto:madinas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/madinas>, <mailto:madinas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2020 17:23:55 -0000

Hiya,

On 04/11/2020 16:54, Michael Richardson wrote:
> But, the key (pun intended), in my opinion, is to change the device identity
> from being a MAC address to being a key.

While agreeing with the goal (for home networks
and similar) I'd word it differently - such n/w's
often do not need to identify a specific device,
they only need to authorise access to the network.
A common PSK can be fine for that.

S.

v2.23.0 | Report a Bug | By Email