[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security of devices other than the Gateway (was Re: simple security)

To: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
Subject: Re: Security of devices other than the Gateway (was Re: simple security)
From: Gert Doering <gert@space.net>
Date: Sun, 28 Mar 2010 22:44:11 +0200
Cc: Mark Townsley <townsley@cisco.com>, Konrad Rosenbaum <konrad@silmor.de>, v6ops@ops.ietf.org
In-reply-to: <20100329065728.75f1fdc2@opy.nosense.org>
References: <001501caca91$769511b0$63bf3510$@org> <4BAA2BF5.20400@cisco.com> <alpine.BSF.2.00.1003241713360.74067@mignon.ki.iif.hu> <201003281841.48962@zaphod.konrad.silmor.de> <4BAF8C98.5070407@cisco.com> <20100329065728.75f1fdc2@opy.nosense.org>
User-agent: Mutt/1.5.20 (2009-06-14)

Hi,

On Mon, Mar 29, 2010 at 06:57:28AM +1030, Mark Smith wrote:
> As much as I think using ULAs for this is a good simple solution, one
> model I've thought could be better is the "association" model used by
> bluetooth or DECT handsets and base stations. If you setup an
> trusted association between devices, via some sort of enrolment
> process (e.g. press a button on both devices at once, then acknowledge
> the relationship), probably with an expiry period (to allow short
> term trust e.g. temporary access to your printer for a day), the access
> to devices could then be addressing independent. Following that model,
> you could access your home NAS, fridge etc. from any location, ULA or
> global.

Hear hear.

I'm all for that.  Time to leave the encrusted IPv4 models behind.

(The whole model of "listing specific IP addresses in firewalls to
define who is allowed to do what" is something we've learned to accept,
because we do not have anything better, but that doesn't make it any
more useful.  Think "renumbering networks" and "firewall rules in
other people's firewall tables"...)

Gert Doering
        -- NetMaster
-- 
Total number of prefixes smaller than registry allocations:  150584

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

References:
- simple security
  - From: "Lee Howard" <lee@asgard.org>
- Re: simple security
  - From: Mark Townsley <townsley@cisco.com>
- Re: simple security
  - From: Mohacsi Janos <mohacsi@niif.hu>
- Re: simple security
  - From: Konrad Rosenbaum <konrad@silmor.de>
- Security of devices other than the Gateway (was Re: simple security)
  - From: Mark Townsley <townsley@cisco.com>
- Re: Security of devices other than the Gateway (was Re: simple security)
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>

Prev by Date: Re: Security of devices other than the Gateway (was Re: simple security)
Next by Date: Re: simple security
Previous by thread: Re: Security of devices other than the Gateway (was Re: simple security)
Next by thread: Re: simple security
Index(es):
- Date
- Thread