On Aug 7, 2011, at 6:16 AM, Pascal Thubert (pthubert) wrote: > Looks obvious, but is it? > > In one hand, we want the capability to reach anywhere we're allowed to from > home. OTOH, if anything in my home is reachable from anywhere, we are back to > the firewall paradigm.
I want my mobile phone to connect to my home NAS from anywhere without explicitly poking a hole in a firewall. It's not so much an inside versus outside issue; it's about ensuring that the devices are trusted to conform to a particular policy prior to establishing a connection. I think this generally requires manual association by the user, such as in a pairing ceremony with mutual key signing. In general, this can't be made "plug and play" because the networks that are used might contain uninvited hardware or software. > > There is an alternate model based on L3 overlays that was presented in > various places under names such as route projection, community of interest > or on-demand VPNs. > > That model forms dynamic overlays that act as L3 VLANs. Prefixes are no more > injected in the main infrastructure but only projected within the overlay. > This allows the model to scale with good mobility properties since an overlay > separates the locator and the identifier, which BTW can be of different > Address Families. Protocols for securely associating devices seems to be the place to start, along with default policies for ACLs, etc. Mark > > I wanted to ask for a BOF in Taipei to discuss that model. Would anyone be > interested? > > Pascal > > >> -----Original Message----- >> From: homenet-boun...@ietf.org [mailto:homenet-boun...@ietf.org] On >> Behalf Of Roger Jørgensen >> Sent: Sunday, August 07, 2011 2:58 PM >> To: james woodyatt >> Cc: homenet@ietf.org; Fernando Gont >> Subject: Re: [homenet] [homegate] HOMENET working group proposal >> >> On Sun, Aug 7, 2011 at 3:18 AM, james woodyatt <j...@apple.com> wrote: >> <snip> >>> In the context of the HOMENET working group, one imagines that restoring >> general end-to-end reachability is arguably a worthy goal. <snip> >> >> +1 :-) >> >> >> >> -- >> >> Roger Jorgensen | >> rog...@gmail.com | - IPv6 is The Key! >> http://www.jorgensen.no | ro...@jorgensen.no >> _______________________________________________ >> homenet mailing list >> homenet@ietf.org >> https://www.ietf.org/mailman/listinfo/homenet > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > > > _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
