>>>>> "Ted" == Ted Lemon <[email protected]> writes:
Ted> It's also possible that it might make sense to use some other
Ted> medium of exchange that's not USB at all. For example,
Ted> routers with ethernet ports can simply be connected together,
Ted> and there you have a physical link. But for a wireless device
Ted> with no ethernet ports, that's not an option.
Let's talk about the ethernet port exchange here, lest someone get
unduly excited. Let's understand the benefit / risk / threat.
To make this really secure, you need to do something that can't be bridged,
because if it can be easily bridged, then it can be MITM'ed sent over wifi,
encapsulated into GRE, etc.
I think really having physical access is important, and it should take
more than a compromised PC with a hardwire to the router to easily do
the transfer, stealing the key remotely for later use.
I think that this means something like:
a) using additional symbols at the MII/MLT-3 layer.
b) playing with PoE drive levels to confirm
c) near-simultaenous pushing of an out-of-band button.
d) maybe simultaenous use of wifi (at extremely low power).
e) using the ethernet cabling in an entirely different fashion
(e.g. turning it into RS232...)
f) maybe something LLDP/CDP
g) 802.1ag / 802.3ah can do these things...
I do not propose the IETF standardize anything like this, just the
contents which are eventually transfered.
It's clearly the domain of the IEEE, but a single vertically integrated
vendor who has control (or significant influence) right down to the PHY
could easily innovate within their product line, while still
interoperating
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
