[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: autoconfiguration
>>>>> "Richard" == Richard Draves <richdr@microsoft.com> writes:
Richard> My understanding of this requirement in IPsec is that this
Richard> compliant IPv6 host will not be able to send Router
Richard> Solicitations, receive Router Advertisements, or do anything
Richard> else with the network, until some knowledgeable person sitting
Richard> at the keyboard configures the host's inbound and outbound SPDs.
This sounds like the SNMPv2 security vs initial config problem all over again.
Richard> My concern is that I believe IPv6's auto-configuration
Richard> capabilities are important and as I understand it this IPsec
Richard> requirement is in conflict.
We have need to define a digital signature based AH. This is *not* going to
be useful for bulk data transfers, but it does present a way to do things
like initial config. The problem is then reduced to the problem of
doing initial certificate enrollment and acquisition of appropriate
certificate chains. While this isn't an easy problem, it is a problem
that lots of people are already working on.
You can't solve the initial boot on the network problem in a secure
fashion unless you simultaneously answer questions like:
- should you be allowed to connect here?
- should you get an address? (or did you turn some other guys'
machine off, yanked the network card and/or copied the MAC
and now are impersonating him?)
- if your PC gets fixed/upgraded/etc. do you risk loosing your
network identity?
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | Firewalls, TCP/IP and Unix administration
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
Corporate: http://www.sandelman.ottawa.on.ca/SSW/
ON HUMILITY: To err is human, to moo bovine.
Follow-Ups:
References: