On Mar 10, 2012 5:05 PM, "Tim Chown" <[email protected]> wrote:
>
> It's good to see some traction in service discovery and naming.
>
> We also have a fifth area, security.  The text as it stands says a few
> things that apply to this area, e.g.
>
> a) An assumption of "Simple Security" with default deny on the CER.
>    This implies PCP or uPnP to support punching holes.  The text
>     also talks about addressability vs reachability.
>

I still disagree with this premise that we must default deny and have a
mess of inadequate and complex  signalling to compensate . Can someone
articulate a threat model that requires this default deny and state
tracking ? Or must we put the cart before the horse without facts presented
(maybe I missed that detailed presentation of threats) ? Because win2k
required a network based firewall, we must always cripple e2e?

Or, can homenet simply say home devices must be independently secure, may
have host based firewalls, or they must be placed in a properly screened
subnet of fundamentally flawed devices that require network security
controls and multi device port coordination ?

Cb
> b) Mention of appropriate mechanisms for users to associate
>    devices, and that devices may need keys configured, e.g. WPA2.
>    So we should be aiming for these tasks to be as simple as possible.
>
> c) The possibility to say that a ULA source indicates a connection
>    within the home. Suggested by Chris Palmer in Quebec, but not
>    discussed since.
>
> d) Mention of "Advanced Security", which talks about the ability to
>     install 3rd party policies.  Some have suggested removing this
>     from the initial homenet spec.
>
> e)  Discussion of (determination of) network borders; these are
>     points at which policies may apply.  In the "self-configuring"
>     section we talk more on that task.  Homenets may have internal
>     policy borders, e.g. between private and guest areas.
>
> There's certainly scope to put down more in the way of goals; any
> comments in this area are welcome.
>
> Tim
> _______________________________________________
> homenet mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/homenet
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to