In message <[email protected]> Ted Lemon writes: > On Oct 12, 2011, at 4:48 AM, Ole Troan wrote: > > using the electricity network as an analogy, can we make a > > distinction between "safety" and "security"? > > the electricity network in the home is somewhat self protecting with > > breakers and earthing. > > a home network must protect 'itself', i.e. handle any device plugged > >into it, in any topology, external and internal attacks > > and so on. > > I am highly sympathetic to the desire not to try to solve this > problem. However, unfortunately network topology isn't the same as > electrical topology, for a couple of reasons. > > The first reason is that electrical systems are generally set up by > professionals. Yes, you plug devices into the electrical wiring of > your house, but someone skilled set it up (or if not, I hope you sleep > in asbestos pajamas). The devices we are talking about are more > analogous to circuit distribution panels than to toasters. > > The second reason is that electrical systems are essentially > topology-free. Any point on the system is essentially equivalent to > any other. This is not true of a home network with routing. What we > are talking about is essentially the possibility of rogue distribution > panels intentionally or accidentally being connected to your > distribution system. =20
The electricity analogy is not very useful. Maybe best to drop it. > Which is a result of the third reason: home networks are typically > wireless, or partially wireless, and so there is no physical security, > unlike an electrical network in a house, which is secure by virtue of > being entirely enclosed by the house. > > I think what you are getting at is that we cannot be responsible for > securing the network. And that is probably true. But if the system > doesn't have a built-in mechanism for distinguishing between friend > and stranger, the autoconfiguration mechanism will create topologies > that aren't desired, either by accident or because a stranger wants > access to the network. If applications are secure, the only threat to a wide open network is theft of service. WPA provides a knob to stop that. The only question is whether WPA or any WiFi security should be enabled by default. Is it better to leave the possibility of theft of service or is it better to have the device unusable by default (until configured)? For provider equipment that is always configured, the latter (unusable until configured). For home equipment where the customer wants to unpack the box, plug it in and use it, the former is better (make it usabled but allow possible theft of service). Every WiFi product I ever bought was open WiFi as shipped. Curtis _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
