On 03/14/2013 08:40 AM, Michael Behringer (mbehring) wrote:
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Tim Chown
Sent: 13 March 2013 16:36
To: [email protected] Group
Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-
bootstrap?
On 5 Mar 2013, at 17:52, Michael Behringer (mbehring)
<[email protected]> wrote:
Our draft shows a way to do that in a relatively simple and secure way. I
believe this is a fundamental requirement in a homenet; there are other
ways to more or less achieve this goal - that needs to be discussed. But we
should have the discussion.
If you have text to propose for the arch text, please do so.
There will be cases where two homenets are adjacent, or where a visitor plugs
in a device that doesn't belong to the homenet. We need to be able to control
that.
I suggest a subsection in the security section (3.6) to address this. This
could sound something like:
--
3.6.6. Device ownership
There must be a way to administratively assert whether a device belongs to a
homenet or not. The goal is to allow the establishment of borders, for example
between two adjacent homenets or between the service provider and the homenet;
and to avoid unauthorized devices from participating in the homenet.
The homenet architecture MUST support a way for a homenet owner to claim
ownership of his devices in a reasonably secure way. This could be achieved by
a pairing mechanisms, by for example pressing buttons simultaneously on an
authenticated and a new homenet device. Or by an enrolment process, as
described in [draft-behringer-homenet-trust-bootstrap].
In today's world access control is gated at L2 via wpa or similar. Are you
suggesting that we have a L3 equivalent? In addition? In replacement?
Mike
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
