Re: [Autoconf] I-D Action:draft-bernardos-autoconf-addressing-model-00.txt

["Teco Boot" <teco at inf-net.nl>]

Hi Ulrich,

Van: Ulrich Herberg [mailto:ulrich at herberg.name] 
Verzonden: woensdag 28 oktober 2009 14:07
Aan: Teco Boot
CC: autoconf at ietf.org
Onderwerp: Re: [Autoconf] I-D
Action:draft-bernardos-autoconf-addressing-model-00.txt

Hi Teco,
On Wed, Oct 28, 2009 at 1:13 PM, Teco Boot <teco at inf-net.nl> wrote:
Hi Ulrich,

Few things.

Please realize your rich text mails is becoming a mess, when
replied with other tools. This troubles the already troubled
discussion. I stop cleaning up.


I did not realize that. If I just answer like now (without changing the
font), is it readable? If not, I can also change to plain text for future
mails.
T: Please use ascii and > prefix character 
 

Then on the small stuff: we are working on MANET stuff, OK?

I hope so :-)
 
We have a radio, right?

yes
 
We can use this radio for catching background noise, right?

yes
 
This is either thermal noise, human made noise, interference, timing,
timing of packets received, just to come up with a few.

Yes, I am aware that a radio can be good enough as entropy source. The
question is: can we _always_ assume that it is good enough (or accessible to
the device)? Is there an RFC that claims something like: "All devices that
are used in a MANET MUST be able to provide a sufficiently good entropy
source". (for whatever meaning of "sufficient")
T: No-one ever claimed a protocol works in all cases. I have MANET products
nearby that cannot support OLSR. Or Java. Do I discourage those??


Because, if we don't have that, I am not sure we can rely on good random
numbers.
T: If PRN is good, we can rely. Why not?

Maybe we want to add this somewhere, or we have a common understanding that
all devices have a good enough entropy source.
T: Not again the "all". And yes, I say a radio is typically a pretty good
entropy source. So we are lucky this time.
 
Please let me know this does not make sense. Because then, I want
to be warned and want to stay far, far away from such devices.

And still such devices might exist if we don't exclude their use in MANETs.
 

You were active on MANET and security. Spend some cycles on
PRN for small embedded devices with radios? I don't want to push you,
but it would help us if you do.


For security purposes, evidently the requirements for PRNs are very high. I
admit that I am not an expert on PRNs, so I cannot tell you much. I will try
to ask our cryptographers in the department, hopefully they can enlighten
this issue.
To my knowledge, there are sufficiently good PRNs (even for small embedded
devices), but they depend on very good entropy sources. So when specifying,
say, a security extension to a MANET routing protocol, that document should
probably mention some requirements of the entropy source and the PRN.
T: I'm pretty sure your cryptographers will tell you that if the radio /
demodulator ADC provides digitized thermal noise, and the implementation for
getting a PRN is OK, you are done. But I can tell you key generation is a
somewhat dark area. Extreme highly unique address generation in open
standards is doable.


Regards, Teco