Brian E Carpenter <brian.e.carpen...@gmail.com> wrote:
> But On 14/07/2017 18:13, Eliot Lear wrote: ...
>> I made my comment in the context of a possible interface collision in
>> your diagram. Those had to do with the autonomic nodes, not the
>> proxies, as I understand things. To avoid those sorts of collisions,
>> it seems like using the h/w address remains sensible. A collision in
>> those circumstances would be extremely unlikely, whereas relying on
>> poor PRNG almost assures it of happening. These devices are likely to
>> have very little entropy available to them.
> And they may well be BRSKI pledges, just not using GRASP for discovery.
> So Eliot's point seems valid (but not an issue for ANIMA alone).
7217 says:
RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key)
only the secret_key is really unique, and perhaps that's what you are
worrying about?
secret_key:
A secret key that is not known by the attacker. The secret
key SHOULD be of at least 128 bits. It MUST be initialized to
a pseudo-random number (see [RFC4086] for randomness
requirements for security) when the operating system is
installed or when the IPv6 protocol stack is "bootstrapped"
for the first time.
As the secret_key should be generated when the system is "installed"
or "first bootstrapped", I'm not sure the PRNG quality at runtime.
It seems to me like the secret_key should be set at manufacturer time
on the "bed-of-nails" or other JTAG point, at the same time when the
BRSKI IDevID and (perhaps) MASA anchors are loaded. If those things
are in a TPM, then the secret_key could be there too.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
