Re: [Full-disclosure] IPv6 security myths

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Oct 25, 2010, at 5:46 AM, Masataka Ohta wrote:

> Sabahattin Gucukoglu wrote:
> 
>> In the interest of fair and balanced discussion.
> 
> It is of course that, merely because IPv6 makes IPsec mandatory,
> IPv6 can not be more secure than IPv4.
> 
> But, the real problem of IPsec is that it expected some PKI
> could have provided the end to end security.
> 
> However, the real myth is that PKI depends on security of a
> breakable chain of CAs, which is not the end to end security.
> 
> For the end to end security, only the end systems requiring the
> security are required to deploy mechanisms for the security,
> which means it is not necessary to mandate all the end systems
> deploy some security protocol.
> 
> 						Masataka Ohta

By the way, I don't buy the assertion that the PKI has to be global; if it did have to be global, I suspect one would have come into existence. 

If my system is supposed to talk with any system on the planet, then yes, my system's public key needs to be accessible to them and theirs to me, along with information that says what authentications I might have or they might have. The thing is - my system *isn't* supposed to talk with every system on the planet, and as a matter of fact most that want to initiate sessions with mine have no business doing so. So I don't need the keys of every system on the planet, and they don't need mine. Only the ones I want my system talking with.

Consider the Smart Grid example in the appendix to http://datatracker.ietf.org/doc/draft-baker-ietf-core. The questions there include (a) what systems are authorized to communicate with systems in the home (HAN), and (b) what systems are authorized to communicate with systems in the Advanced Metering Infrastructure (AMI), which includes the Neighborhood Area Network (NAN) and related utility networks. It turns out that those are pretty closed environments - I don't want the neighbor kid playing with my light switches, and the utility has some ideas about who should be able to play with its infrastructure. The few places where we allow someone to cross that boundary we control pretty tightly. Some utilities want the ability to directly control circuits in the home, to manage water heaters, air conditioners, thermal masses, or other specific things. They are only authorized to do so if there is a supporting contract, and that often (today) implies a separate meter that they can
  turn on and turn off. Other utilities want to be able to send price signals, which get interpreted by an energy management system within my home that might do something similar, or might do something less draconian but equally effective. For example, if my thermostat has multiple temperature settings (the ones at my house have morning, day, evening, and night settings), I might have a policy that tells the thermostat to control to a less rigorous (cooler or warmer depending on the time of year, and as a result more likely to be "off") setting when the price is "high". Either way, there are two systems I want accessing my meter - my energy management system and the utility's collector. The meter needs only the certificates that will allow it to talk with those, and anything else is TMI.

If someone isn't allowed to talk with me, there isn't a lot of value in being able to securely identify them. We can infer from the fact that I can't identify them that I'm not supposed to talk with them.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]