[ih] History of duplicate address tests
Grant Taylor
internet-history at gtaylor.tnetconsulting.net
Thu Dec 1 18:22:56 PST 2022
On 12/1/22 2:19 PM, John Shoch via Internet-history wrote:
> When considering going from manual assignment of Experimental Ethernet
> addresses to a semi-automatic generation of 48-bit addresses to be
> blown into a PROM on a board:
>
> --We thought, "It may not be perfect, but it's certainly more reliable
> than trying to scale the manual process!"
Fair enough.
> --"But what are the odds a bit blown into a PROM will heal, and produce
> a duplicate ID?" "Let's just make sure the odds of that are LESS than
> the odds of your machine catching fire or dying from a power surge;
> or your building being destroyed by lightning, flood, or earthquake;
> or someone typing Delete *.*"
:-)
> --"Have a backup and recovery plan!" "And if you don't have a recovery
> plan for fire, lightning, flood, earthquake, or fumble-fingers,
> don't complain about lower-probability network events....."
I like that.
> PS: In a similar vein, I would sometimes field provocative questions,
> "Why don't you have encryption on the Ethernet?"
Are you familiar with 802.1AE, a.k.a. MACsec?
I wonder if MACsec might be an answer for some of the provocative people
you're talking about.
I've messed with MACsec with manual keying between some Linux systems on
my LAN. I've not yet messed with the MACsec Key Agreement (a.k.a. MKA)
protocol. Even ARP is encrypted and indistinguishable from line noise.
}:-)
> I would merely observe, "We do have a project to build a crypto box
> in front of the Ethernet transceiver, for serious government customers
> with Tempest needs. But do you shred all your letters and print-outs
> before they go in the dumpster? If not, you have worse problems
> than your Ethernet....."
As I was describing it to someone in the grc.security newsgroup, the
biggest value that I see in MACsec is on the link between two buildings
where someone could tap said link and get up to mischif. Assuming that
the two offices are moderately physically secure buildings and the cable
runs in a conduit down the block between the buildings. ;-)
--
Grant. . . .
unix || die
More information about the Internet-history
mailing list