Brian E Carpenter <brian.e.carpen...@gmail.com> wrote: > But On 14/07/2017 18:13, Eliot Lear wrote: ... >> I made my comment in the context of a possible interface collision in >> your diagram. Those had to do with the autonomic nodes, not the >> proxies, as I understand things. To avoid those sorts of collisions, >> it seems like using the h/w address remains sensible. A collision in >> those circumstances would be extremely unlikely, whereas relying on >> poor PRNG almost assures it of happening. These devices are likely to >> have very little entropy available to them.
> And they may well be BRSKI pledges, just not using GRASP for discovery. > So Eliot's point seems valid (but not an issue for ANIMA alone). 7217 says: RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) only the secret_key is really unique, and perhaps that's what you are worrying about? secret_key: A secret key that is not known by the attacker. The secret key SHOULD be of at least 128 bits. It MUST be initialized to a pseudo-random number (see [RFC4086] for randomness requirements for security) when the operating system is installed or when the IPv6 protocol stack is "bootstrapped" for the first time. As the secret_key should be generated when the system is "installed" or "first bootstrapped", I'm not sure the PRNG quality at runtime. It seems to me like the secret_key should be set at manufacturer time on the "bed-of-nails" or other JTAG point, at the same time when the BRSKI IDevID and (perhaps) MASA anchors are loaded. If those things are in a TPM, then the secret_key could be there too. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima