On Aug 1, 2012, at 11:48 AM, Evan Hunt wrote: >> What you understand as "crazy talk," I see as; trying to get something >> working, in best-effort mode, taking into account the limitations of a >> home network with a CE router in front of it. > > Then again, the point of this WG as I understand it is to get rid of some > of those limitations, not to accomodate or perpetuate them. :)
Exactly. I think that the wish for an expedient solution often ignores the fact that a step-by-step implementation of the real solution isn't as hard as the proponents of expedient solutions often fear. Regarding the question of whether to update the primary on the CPE device or update the primary on the ISP, the main motivation in my mind for doing it on the CPE device is that it avoids a massive key management problem. If the CPE device is primary and the ISP device is secondary, the ISP can publish a SIG(0) key in a well-known zone and use that to authenticate zone transfers. Going the other direction requires the ISP to have a public key somewhere for every single customer. There's nothing fundamentally hard about this, but I think the other way is easier. Having said that, of course we should describe how to do it both ways. I just think the CPE being primary is going to be more popular, assuming both solutions are equally well-supported.
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
