Ted, >> using the electricity network as an analogy, can we make a distinction >> between "safety" and "security"? >> the electricity network in the home is somewhat self protecting with >> breakers and earthing. >> a home network must protect 'itself', i.e. handle any device plugged into >> it, in any topology, external and internal attacks >> and so on. > > I am highly sympathetic to the desire not to try to solve this problem. > However, unfortunately network topology isn't the same as electrical > topology, for a couple of reasons. > > The first reason is that electrical systems are generally set up by > professionals. Yes, you plug devices into the electrical wiring of your > house, but someone skilled set it up (or if not, I hope you sleep in asbestos > pajamas). The devices we are talking about are more analogous to circuit > distribution panels than to toasters. > > The second reason is that electrical systems are essentially topology-free. > Any point on the system is essentially equivalent to any other. This is not > true of a home network with routing. What we are talking about is > essentially the possibility of rogue distribution panels intentionally or > accidentally being connected to your distribution system. > > Which is a result of the third reason: home networks are typically wireless, > or partially wireless, and so there is no physical security, unlike an > electrical network in a house, which is secure by virtue of being entirely > enclosed by the house. > > I think what you are getting at is that we cannot be responsible for securing > the network. And that is probably true. But if the system doesn't have a > built-in mechanism for distinguishing between friend and stranger, the > autoconfiguration mechanism will create topologies that aren't desired, > either by accident or because a stranger wants access to the network.
I do agree with that. I think we can figure out a way of "pairing" devices. whatever layer that ends up being done at. it will be much more difficult to protect against hostiles injecting default routes, or pretending to be DHCP servers and so on. cheers, Ole _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
