Hi Kris:
It seems to me that we are talking about another global distributed
Internet registry with the capability to store tens of billions of
entries.
A node would really own the 64bit ID once it would have registered it.
IEEE would keep some ranges and free some other up for IPv6 and others
to jump in and allocate IDs formed some other ways like CGA. Then a web
of servers would keep track of unique ids, associated keys and more
stuff overtime.
- This obviously might cause privacy issues so this ID would not be to
be used lightly
- There would be a need to obtain temporary IDs
- This could help forgery detection so I'm sure we could get some
support for the effort :)
What do you think?
Pascal
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Kris Pister
Sent: lundi 15 juin 2009 02:09
To: Rene Struik
Cc: [email protected]
Subject: Re: [6lowpan] (16-bit addresses are not globally unique) RE:
ad hoc whiteboard
I agree. The ability to do stuff like this is one of the big
advantages
of being connected with the internet. Let's use it.
As usual Rene, I'm going to ask you to tell me exactly what I'm
supposed
to buy from you (I mean "implement", sorry). :)
What's right approach? Do we start with what you did in Zigbee, or
isa100, or an existing rfc, or what?
ksjp
Rene Struik wrote:
Hi Richard:
A simple approach avoiding duplicate device identifiers would be to
register devices with a registration
authority and hand out device certificates that bind the device id with
public/private keying material. If
devices can only gain access to a network by presenting their public
key certificate, this would push counter-
feit devices off the cliff, since the registration authority would not
allow registration of more than one
device with the same device id.
(Obviously, one can still try and clone a device by trying and
extract private keys as well and copying this
info to a number of devices, all with the same device id, something -
if deemed to be a real risk - to be
dealt with by proper implementation security and security techniques
along the supply chain.)
Best regards,
Rene
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Richard Kelsey
Sent: Friday, June 12, 2009 11:18 AM
To: Rene Struik
Cc: [email protected]
Subject: Re: [6lowpan] (16-bit addresses are not globally unique) RE:
ad hoc whiteboard (was: [Fwd: New
Version Notification for draft-ietf-6lowpan-nd-03])
From: Rene Struik <[email protected]>
Date: Thu, 11 Jun 2009 16:44:46 -0400
One cautionary node: in my mind, secure, yet easy to use device
configuration and trust lifecycle management relies on devices to
be
uniquely identified in a static way, in a vendor independent
fashion.
Sadly, as I learned on another part of this thread, it
appears that we may not be able to rely on having static,
globally-unique identifiers. Manufacturers of
counterfeit-branded devices have a disincentive to
cooperate.
As such, this assumes a globally unique name space across all
nodes. This suggests that "globally unique" is not a proper
adjective
for "16-bit addresses" (unless you wish global device deployment
to be
limited to 64k devices only [which I hope not...]).
"Globally unique" was indeed incorrect. I should have
said "unique within the LoWPAN" or some such.
-Richard Kelsey
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
