>>>>> "Stephen" == Stephen Farrell <[email protected]> writes: Stephen> I've been reading the list with interest and have a question.
Stephen> When various devices in the home figure out which does what,
Stephen> and do that periodically to handle changes, there's clearly
Stephen> the potential that a zombied host tries to try take over
Stephen> stuff with undesirable consequences.
We have throught about this.
Stephen> My question is whether this group are planning to think
Stephen> about that now, or later, or never? (Or don't even think
Stephen> there's a problem worth attempting to address.)
We think that the most sophisticated security we can hope for is that
all pieces of equipment can be provided with a "network password"
For devices which have WIFI, this will essentially be the WPA/PSK key,
but used to key other protocols as well.
However, I am thinking that we can perhaps bootstrap equipment that has
never been configured (or has been factory reset) in some fashion such
that if the equipment is "virginal" that it can essentially always try
some default keys, and bring up enough networking to let all equipment
be discovered and identified. There would be strong nag screens to get
the user to up a network password.
At this point, I think that many users are used to having a network
password.
Stephen> Note - I'm not trying to argue for any particular level of
Stephen> security and certainly not for some unachievable fort knox
Stephen> everywhere, I'm just asking what's the plan?
I agree: we need something. It needs to be just enough, and it's okay
if there are ways of subverting the system if you have physical access.
Having said that, I'd like to see optional (MAY) support for stronger
systems, for the Bill Gates-type/Yari Arko-type home...
pgpJqGMikC2iQ.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
