Re: Admission Control to the IETF 78 and IETF 79 Networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



No, if you read my book you would see the scheme I am proposing.

The problem with current MAC addresses is that they are not
trustworthy. That is accepted. If MAC addresses were not trivially
forged then the existing WiFi scheme would work fine.

What I am saying is that if people got really serious about usability
and in particular the WiFi design had been controlled by a Steve Jobs
style person who demanded an absolute commitment to a first class
usability approach, then we could have a scheme that did not require
end-user configuration.

Instead every device would have been issued with a device cert to bind
the MAC address to a public key during manufacture. This is already a
requirement for cable modems. The cost is of the order of cents per
device if the certs are installed during manufacture. Maintenance
costs get much higher as soon as the device has left the factory.

The function of the certificate is to stop the MAC address being
trivially forged. OK yes, if you design the protocols wrong then you
can end up with Cisco being able to intercept on the wire traffic. But
if you do the job right you can prevent interception even if the
manufacturer defects.


And as for my waist - yes there does seem to be rather more of it than
there should be, but I don't think that is Dogbert's fault. I blame
the cookies at IETF break time.


On Mon, Jul 12, 2010 at 11:56 AM, Chris Elliott <chelliot@xxxxxxxxx> wrote:
> Phillip,
> In your earlier email, you state:
>>
>> If the designers had actual brains instead of bits of liver strapped
>> round their waist by dogbert then all that would be necessary to
>> securely authenticate to the network is to give either the MAC address
>> of the computer or the fingerprint of the cert.
>
> Note that you say "either". Now you state:
>>
>> Of course the MAC address is trivially forged. That is the function of
>> the certificate.
>
> Maybe you should check your waist.
> Chris.
>
> --
> Chris Elliott
> chelliot@xxxxxxxxx
>
>



-- 
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]