Hiya, So Carsten volunteered to give saag a heads-up on the problem this time. If he and Cullen want to arm-wrestle that's fine:-) I'm sure either would do a fine job.
I didn't mean to say anything about the solace draft being good, bad or indifferent. But I figured someone is working on this problem somewhere and would like to make sure that whatever solution looks like it'll be adopted is something that wouldn't cause saag folk to have fits. Cheers, S. On 10/29/2012 08:32 PM, Michael Richardson wrote: > >>>>>> "Stephen" == Stephen Farrell <[email protected]> writes: > Stephen> Would it be timely to spend 10 minutes on this during the saag > Stephen> session? > > I think, if you want to talk something SOLACE related which is more > concrete than a possible SOLACE IRTF "charter", then maybe have Cullen > talk about: > > http://www.lix.polytechnique.fr/hipercom/SmartObjectSecurity/papers/CullenJennings.pdf > http://www.lix.polytechnique.fr/hipercom/SmartObjectSecurity/slides/Cullen1.pdf > > Stephen> I'd really like that the security area not end up being surprised > Stephen> by whatever is eventually decided so getting a presentation at > Stephen> saag would be useful at the point where you more or less know > Stephen> the direction, but are still flexible enough to deal with someone > Stephen> who e.g. points out significant security issues. > > Except that: > 1) the constrained devices are more constrained than the IP phones > described. > > 2) the constrained devices probably can not be attacked/p0wned until > after they get on the network, and so actually authenticating to the > network is the "application" > > Cullen's slides provide a really good starting explanation. > While the details of the ultimate answer are going to be a bit different > in small ways, the basic architecture he presents has been articulated > repeatedly by many. > > So, if your aim is to get more security geeks thinking about attacks, > and about defenses, in advance of an actual proposed protocol (and > SOLACE is an I*R*TF group, recall. A protocol might not be the result > anyway), then I suggest giving Cullen a few minutes to talk about his > slide 7,8,9. > > Stephen> It might be that waiting another meeting cycle or two would be > Stephen> better if the basic ideas aren't yet firmed up. > > One meeting cycle won't help. Four might. > _______________________________________________ 6lowpan mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lowpan
