IETF Logo Mail Archive

Re: [Roll] Ralph Droms' Discuss on draft-ietf-roll-of0-15: (with DISCUSS and COMMENT)

Michael Richardson <mcr@sandelman.ca> Tue, 09 August 2011 15:26 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B32E221F8C66; Tue, 9 Aug 2011 08:26:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.954
X-Spam-Level:
X-Spam-Status: No, score=-1.954 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HOST_MISMATCH_NET=0.311, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qc0CUSuxzTkd; Tue, 9 Aug 2011 08:26:33 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [67.23.6.41]) by ietfa.amsl.com (Postfix) with ESMTP id E453C21F8C60; Tue, 9 Aug 2011 08:26:33 -0700 (PDT)
Received: from marajade.sandelman.ca (74-115-197-34.eng.wind.ca [74.115.197.34]) by relay.sandelman.ca (Postfix) with ESMTPS id 2280F3418E; Tue, 9 Aug 2011 11:26:33 -0400 (EDT)
Received: from marajade.sandelman.ca (marajade.sandelman.ca [127.0.0.1]) by marajade.sandelman.ca (Postfix) with ESMTP id 16F7798C68; Tue, 9 Aug 2011 10:52:24 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Ralph Droms <rdroms.ietf@gmail.com>
In-Reply-To: <20110808232350.30897.61741.idtracker@ietfa.amsl.com>
References: <20110808232350.30897.61741.idtracker@ietfa.amsl.com>
X-Mailer: MH-E 8.1; nmh 1.3-dev; XEmacs 21.4 (patch 22)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Tue, 09 Aug 2011 10:52:24 -0400
Message-ID: <2982.1312901544@marajade.sandelman.ca>
Sender: mcr@sandelman.ca
Cc: roll@ietf.org, draft-ietf-roll-of0@tools.ietf.org, The IESG <iesg@ietf.org>, roll-chairs@tools.ietf.org
Subject: Re: [Roll] Ralph Droms' Discuss on draft-ietf-roll-of0-15: (with DISCUSS and COMMENT)
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 15:26:34 -0000

>>>>> "Ralph" == Ralph Droms <rdroms.ietf@gmail.com> writes:
    Ralph> 5. In section 4.2.1, what does it mean to "validate a
    Ralph> router"?  Why would a router that passes validation
    Ralph> ("succeeded that validation process") only be "preferable"?

I think, it refers to rpl-19 section 3.2.3, to the "authenticated" mode.
This mode is completely unworkable with asymmetric crypto.   I guess I
need to write an ID that explains this better.

The reason why an authenticated router is only preferred is because the
node might need to get online in order to actually validate things.  Any
node which will pass enough traffic so that a new node can validate some
certificate chain is good enough.  

While a new node can do all manner of DOS attacks to prevent the
prospective node from validating some security properties, none of them
(if you trust your crypto) are worse than having the prospective node
find itself without any network.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition.

v2.23.0 | Report a Bug | By Email