Re: [smartpowerdir] Summary of Smart Power matters July 2010
Sam Hartman <hartmans@painless-security.com> Sun, 25 July 2010 10:32 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: smartpowerdir@core3.amsl.com
Delivered-To: smartpowerdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7047B3A68F8 for <smartpowerdir@core3.amsl.com>; Sun, 25 Jul 2010 03:32:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CBm6bqNqeMtc for <smartpowerdir@core3.amsl.com>; Sun, 25 Jul 2010 03:32:45 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id C14463A68FD for <smartpowerdir@ietf.org>; Sun, 25 Jul 2010 03:32:43 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (dhcp-23f1.meeting.ietf.org [130.129.35.241]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id B8C84203C7; Sun, 25 Jul 2010 06:33:02 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 21ED44133; Sun, 25 Jul 2010 06:32:59 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: IETF SmartPower Directorate <smartpowerdir@ietf.org>
References: <F83943D2-E4F7-49CB-8E10-3DFFF32DA7D8@cisco.com> <DFDCA37B-604F-4EA0-82BA-7C74312554EE@cisco.com> <C2A0280F-167B-400F-9D94-6D4F1B0091DE@cisco.com>
Date: Sun, 25 Jul 2010 06:32:59 -0400
In-Reply-To: <C2A0280F-167B-400F-9D94-6D4F1B0091DE@cisco.com> (Fred Baker's message of "Sun, 25 Jul 2010 05:54:07 +0200")
Message-ID: <tslocdvc0mc.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: Margaret Wasserman <mrw@painless-security.com>, IAB <iab@iab.org>
Subject: Re: [smartpowerdir] Summary of Smart Power matters July 2010
X-BeenThere: smartpowerdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Members of the Smart Power Directorate <smartpowerdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/smartpowerdir>, <mailto:smartpowerdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/smartpowerdir>
List-Post: <mailto:smartpowerdir@ietf.org>
List-Help: <mailto:smartpowerdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smartpowerdir>, <mailto:smartpowerdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2010 10:32:53 -0000
>>>>> "Fred" == Fred Baker <fred@cisco.com> writes: Fred> i) As you may be aware (I was not), security in the HAN is at Fred> the moment being derived from 802.1X using EAP-TLS (RFC 5216) Fred> at the link layer. In short, devices that enter the HAN should Fred> be those that are authorized access. A comment I got from a Fred> NIST security architect (Justin Searles) said that was the Fred> best security available today. It gives me some concern, Fred> however, as the fact that one is authorized to use a network Fred> doesn't mean one is authorized to do anything in particular in Fred> the network - the fact that I can attach my laptop doesn't Fred> mean I can reconfigure the routers, for example. I'd be Fred> interested in other views... Fred, can you point me at documents discussing this in more detail? So far I've been unable to determine: * Where device certificates come from and how they are chained back to a trust anchor that the EAP server knows * How the EAP server gets a certificate that chains back to a trust anchor that the device knows * How the EAP server authorizes devices * How the device authorizes EAP servers I'll admit that eap-tls seems at first glance like a singular inapplicable technology in this space. That may well be my iniability to imagine how this is all going to be deployed, so any assistance in understanding would be greatly appreciated.
- [smartpowerdir] Summary of Smart Power matters Ju… Fred Baker
- Re: [smartpowerdir] Summary of Smart Power matter… Zach Shelby
- Re: [smartpowerdir] Summary of Smart Power matter… Sam Hartman
- Re: [smartpowerdir] Summary of Smart Power matter… Jari Arkko
- [smartpowerdir] Fwd: Summary of Smart Power matte… Fred Baker
- Re: [smartpowerdir] Summary of Smart Power matter… Henning Schulzrinne
- Re: [smartpowerdir] Summary of Smart Power matter… Zach Shelby