In message <504fe1ea.90...@mtcc.com> Michael Thomas writes: > On 09/11/2012 04:53 PM, Curtis Villamizar wrote: > > In message <504f9a0b.1080...@mtcc.com> > > Michael Thomas writes: > > > > If we're using the property that they need to have access to my home > > wifi as proof the device is "mine" rather than "somebody else's", then > > lets stop right now with the posture that what we're doing is > > "zeroconf" because configuring a wifi password is most certainly not > > "zeroconf". > > We had a similar discussion before and I pointed out that for security > > some form of exchange of keys or certificates was needed. > > Here is usually where IETF usually wraps around the axle. I'm not > saying that "has my wifi password, therefore is allowed" is bad, I'm > just saying that it's not zeroconf. We need to be extremely careful > that the best is the enemy of the good. At the point that we're talking > about certs we've almost certainly wandered into something well > beyond "littleconf". If we can get by with "has my wifi password" > or similar, we're still probably on track. Or maybe ssh-like leap of > faith kinds of bare public key enrollment is ok.
"keys or certificates" would include public/private key pairs like the rsa or dsa keys that ssh uses. > In any case, my larger point is that "littleconf" might also involve having > to give a name to some of my devices so that I don't have to remember > that megacorp-light-switch-1279385xxc7 is the front room mood lighting > in addition to giving it my wifi password for the home automation SSID. > > Mike And my SIP phone has a serial number for a host name. One problem is that some clueless programmers have allowed any characters to be entered into the host name string, so DHCP can return a hostname that has more than just DNS allowed characters. I'm not sure %20 and other substitutes legal in URLs are legal in hostnames. I don't think so. Its OK to have "Bill's Laptop" in the leases file, but you can't put that into a DNS hostname and "Bill T. Cat's Laptop" would be worse because of the dot. But you might get this from DHCP. Maybe a good start for homenet is recommendations on what should be setable on any home device and constraints (hostnames within valid DNS character set being one example). Allowing a fixed address is another (my SIP phone DNS client is a bit broken and doesn't always renew before the lease expires and then locks up if the address changes). Supporting IPv6 is yet another. Curtis _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet