Stephen Farrell <[email protected]> wrote: > So I think this is a recurring theme in various protocols > and note that the drafts referenced in this thread overnight > [1,2,3,4] total 134 pages of text. So istm that there is > scope for a bit of generic guidance on the specific issues > about which Peter is asking, i.e. guidance on what kinds > of analysis to do when inventing or re-using an identifier > in a protocol, and (mainly via reference I'd hope) describing > the attack surface created when someone doesn't do that as > well as they might.
The anima-bootstrap team spent three calls on this topic this past month.
I think that we may have a "HHGH" problem though (the answer being 42)
i.e: the question here is not sufficiently specific.
> If someone was willing to try craft a short I-D addressing
> the above, that'd I think be a fine thing. Anyone want to
> volunteer to try that? (If so, replying on or off list is
> fine.) Or is that a silly idea? (If you think so, then
> replying on the list is way better:-)
I will volunteer, and I'll do this publically so that you'll hold me to it.
Expect it by draft cut-off date.
I think that I can summarize the situation for bootstrap well.
I don't know if it applies to operation or not, because I don't know what the
situation is for uses.
I think that there are significant operational differences between a BTLE
based *PERSONAL* area network (watch, heart monitor, phone) vs an unencrypted
WIFI at CoffeeShopInc. The differences are very large, and I find that many
privacy discussions focus on the coffee shop to the exclusion of everything
else.
I also want to point out that MAC randomnization is probably far more
important than anything else because AFAIK, none of the 802.11 or 802.15.4
specifications offer to encrypt the L2 addresses, just the payloads.
(I think, but I'm unsure, that the BTLE L2 does encrypt the L2 addresses)
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
