I really like RPis as a cryptographic tool. The only thing that would make
them better is a second Ethernet interface so they could be used as a
firewall type device.

However that said, the pros are:

* Small, cheap, reasonably fast, has ethernet and even a monitor output

* Boot from an SD card which can be preloaded with the OS and application
build. So it is really easy to use RPi as an embedded device controller.

The main con is that they are not so fast that you want to be routing
packets through them unnecessarily. So they are a great device to make use
of for connection brokering, not such a great idea to tunnel video packets
through them.

It is entirely reasonable to tell someone to get an RPi, download a config
onto an SD card, plug it into their network and apply power and ethernet.
And they take so little power that we could even tell them to install a
pair so that they had a fault tolerant setup (although they are low enough
power, low enough complexity that this may not be necessary or helpful).

In the home of the future there will be hundreds of devices on the network
rather than just the dozens I have today. So trying to configure security
at every point is a non starter. Peer to peer network configurations tend
to end up being unnecessarily chatty and are hard to debug because you
can't tell who is meant to be in command.

The approach that makes most sense to me is to have one or two network
controller devices built on something like RPis and vest all the trust
decisions in those. So rather than trying to configure PKI at hundreds of
devices, concentrate those decisions in just one logical point.

So I would like at minimum such a device to be my DNS + DHCP + PKI + NTP
configuration service and talk a consistent API to the rest of the network.
Which is the work I am doing on Omnibroker.

Putting a mail server on the system as well would be logical, though it
would increase complexity and more moving parts on a trusted system makes
me a little nervous.

Website: http://hallambaker.com/
The cryptography mailing list

Reply via email to