ulnerable to an active MITM using a different "known public
key"?
This doesn't happen today with Wifi because a human either picks "CoffeeShop"
ESSID, or can validate the cert chain to say "CoffeeShop Inc", but a
the system has been bootstrapped.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
s that's why it scales O(number of devices), because the responder has
to try *all* of the PSK it knows? Wow.
With public key technology, one could sign something, send the signature, and
let the responder try all the public keys it knows? Basically, just omit the
Certificate in the handsha
is probably far more
important than anything else because AFAIK, none of the 802.11 or 802.15.4
specifications offer to encrypt the L2 addresses, just the payloads.
(I think, but I'm unsure, that the BTLE L2 does encrypt the L2 addresses)
--
Michael Richardson , Sande
ly to an authorized operator,
which is resistant to an active MITM, given that the new device (the pledge)
doesn't know who the authorized operator is yet.
Encrypting it via a not-yet-fully authenticated TLS1.3 connection is easy.
--
Michael Richardson , Sandelman Software
Brian E Carpenter wrote:
> That doesn't mean it needs to be visible in clear after bootstrap.
I'm just keeping this here to emphasis the point.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description:
o me that the real problem is that attackers/observers are not
forced to reveal their identity first, in order that respondants can ask,
"Who wants to know?" first, and also better repell DDoS. (Attackers would
have to have validatable identities to even ask)
--
Michael Richardson , Sand
e, more private) standards for devices
to adhere to. Marshall has the advantage of not needing an income in order
to be able to work on this stuff.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
ool nurse :-)
I say this in jest, yet, I'm actually quite serious.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
ere were implementations, and you
clearly have some... Would there be value to deploy this at IETF meeting
networks?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca
Tenure Track committees... can
we "infiltrate" NSF-like entities in various places. Many ccTLD entities
seem to have money to spend on infrastructure initiatives (CIRA, nic.cz,
nic.nl, nic.mx are the ones I know about)... maybe there could be some overt
coordination here.
--
]
hould treat them as equal in the UI.
Nobody said that unauthenticated TLS should show a "lock"
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
pgpzmoFSXjC9I.pgp
Description: PGP signature
___
perpass mailing
ruct the
device to do "letsencrypt" if you can give it a stable name reachable from
the letsencrypt people. IPv6 could provide the connectivity.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
pgpF5Nsks5bfl.pg
On Wed, Nov 19, 2014 at 1:42 PM, Michael Richardson
wrote:
> In the case of an ILOM, we can't predict a name or an IP address which the
> device can claim... but, the manufacturer usually has a MAC address, Asset
> Tag, or other identifier which is often unique. If only *THAT* c
other identifier which is often unique. If only *THAT* could go into
the Location Bar instead of the IP address. Yes, this is user interface
thing... sorta.. it's really about a different kind of URI.
--
Michael Richardson , Sandelman Software Work
liminate the invalid
certificates that seem inevitable from things like ILOMs/iDRAC/etc. because
the https interface to the service processor never knows what zone it will
use. I'd love to find a way for such appliance uses of HTTPS to come
up secure in some way.
--
Michael Richardson ,
.
The MPLS part is pretty much just up-sale marketing...
All of this effort would be better spent pushing IKEv1 and L2TP off the map,
and making IPv6 + IPsec easier to setup.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Softwar
t, a renewed push could
have occured. That problem will affect any new solution as well.
I look forward to reviewing drafts, and running beta code.
Who is going to make money on this system?
What's the market incentive to deploy?
--
Michael Richardson , Sandelman Software Works
-= IPv6 I
7;t think anyone would be so stupid as to do that kind of
thing.
--
Michael Richardson , Sandelman Software Works
pgph70PKYd16x.pgp
Description: PGP signature
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
he way AES-GCM-type
modes work.
--
Michael Richardson , Sandelman Software Works
pgpolQUZ9IJep.pgp
Description: PGP signature
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
| ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
pgpZL8L5NATaU.pgp
Description: PGP signature
___
lugins for years (decades?)... the
problem is finding and trusting the keys.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/
22 matches
Mail list logo