[rbridge] TTL only - was RE: New fields in shim header?
Gray, Eric
Eric.Gray at marconi.com
Fri Oct 13 13:52:33 PDT 2006
Silvano,
The project/techniques coming out of 802 committee should
be orthogonal to the work in this WG, in the IETF. Presumably,
implementors will be able to reconcile their implementations to
more than one set of standards.
I am aware that you did not suggest using either IPSec or
a subset thereof. I believe Caitlin brought that up. I think
you will discover that we will almost certainly be required to
suggest use of IPSec for at least control plain authentication
in deployment modes with a trust model requiring authentication.
Similarly, if a requirement for L2 data-plane authentication is
determined, then we will simply adopt what is defined in IEEE.
I see no particular advantage to making this harder than
it has to be.
--
Eric
--> -----Original Message-----
--> From: Silvano Gai [mailto:sgai at nuovasystems.com]
--> Sent: Friday, October 13, 2006 4:43 PM
--> To: Gray, Eric; Caitlin Bestler; Joe Touch
--> Cc: rbridge at postel.org; Radia Perlman
--> Subject: RE: [rbridge] TTL only - was RE: New fields in shim header?
-->
-->
--> Eric,
-->
--> If you want to support 802, IEEE has authentication
--> project/techniques
--> different from IPsec.
-->
--> I never said that I want IPsec or a subset.
-->
--> -- Silvano
-->
--> > -----Original Message-----
--> > From: Gray, Eric [mailto:Eric.Gray at marconi.com]
--> > Sent: Friday, October 13, 2006 9:58 AM
--> > To: Silvano Gai; Caitlin Bestler; Joe Touch
--> > Cc: rbridge at postel.org; Radia Perlman
--> > Subject: RE: [rbridge] TTL only - was RE: New fields in
--> shim header?
--> >
--> > Silvano,
--> >
--> > In this forum, it is a bit risky to argue that any subset of
--> > IPSec authentication is useful - particularly if you can also make
--> > the assumption that IPSec could be used directly.
--> >
--> > The phrase "much more difficult" is not especially meaningful
--> > when what you really need is to distinguish possible and
--> impossible.
--> > "More difficult" equates to "more challenging" to the
--> average hacker
--> > and assuming that "more difficult" provides any degree of
--> protection
--> > is an easy mistake to make.
--> >
--> > --
--> > Eric
--> >
--> > --> -----Original Message-----
--> > --> From: rbridge-bounces at postel.org
--> > --> [mailto:rbridge-bounces at postel.org] On Behalf Of Silvano Gai
--> > --> Sent: Thursday, October 12, 2006 4:26 PM
--> > --> To: Caitlin Bestler; Joe Touch
--> > --> Cc: rbridge at postel.org; Radia Perlman
--> > --> Subject: Re: [rbridge] TTL only - was RE: New fields in shim
--> header?
--> > -->
--> > --> Catlin,
--> > -->
--> > --> I didn't reply to your last point
--> > -->
--> > --> >
--> > --> > I am assuming there is no desire to replicate IPSEC
--> funcationality
--> > --> > at L2 then *all* of the L2 headers may be forged. I
--> don't see
--> how
--> > --> > you can claim that any specific one is more trustworthy than
--> > --> > the others.
--> > -->
--> > --> Even without IPsec, RBridges can authenticate to each other
--> > --> and forging
--> > --> an RBridge is much more difficult that using a readily
--> > --> available program
--> > --> on your PC to spoof the IP or MAC address.
--> > -->
--> > --> -- Silvano
--> > -->
--> > -->
--> > --> _______________________________________________
--> > --> rbridge mailing list
--> > --> rbridge at postel.org
--> > --> http://mailman.postel.org/mailman/listinfo/rbridge
--> > -->
-->
More information about the rbridge
mailing list