On Mar 10, 2012 5:05 PM, "Tim Chown" <[email protected]> wrote: > > It's good to see some traction in service discovery and naming. > > We also have a fifth area, security. The text as it stands says a few > things that apply to this area, e.g. > > a) An assumption of "Simple Security" with default deny on the CER. > This implies PCP or uPnP to support punching holes. The text > also talks about addressability vs reachability. >
I still disagree with this premise that we must default deny and have a mess of inadequate and complex signalling to compensate . Can someone articulate a threat model that requires this default deny and state tracking ? Or must we put the cart before the horse without facts presented (maybe I missed that detailed presentation of threats) ? Because win2k required a network based firewall, we must always cripple e2e? Or, can homenet simply say home devices must be independently secure, may have host based firewalls, or they must be placed in a properly screened subnet of fundamentally flawed devices that require network security controls and multi device port coordination ? Cb > b) Mention of appropriate mechanisms for users to associate > devices, and that devices may need keys configured, e.g. WPA2. > So we should be aiming for these tasks to be as simple as possible. > > c) The possibility to say that a ULA source indicates a connection > within the home. Suggested by Chris Palmer in Quebec, but not > discussed since. > > d) Mention of "Advanced Security", which talks about the ability to > install 3rd party policies. Some have suggested removing this > from the initial homenet spec. > > e) Discussion of (determination of) network borders; these are > points at which policies may apply. In the "self-configuring" > section we talk more on that task. Homenets may have internal > policy borders, e.g. between private and guest areas. > > There's certainly scope to put down more in the way of goals; any > comments in this area are welcome. > > Tim > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
