On 15/03/2013 00:16, Michael Behringer (mbehring) wrote:
>> -----Original Message-----
>> From: Michael Thomas [mailto:[email protected]]
>> Sent: 14 March 2013 17:43
>> To: Michael Behringer (mbehring)
>> Cc: Tim Chown; [email protected] Group
>> Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-
>> bootstrap?
>>
>> On 03/14/2013 10:03 AM, Michael Behringer (mbehring) wrote:
>>>> From: Michael Thomas [mailto:[email protected]]
>>> [...]
>>>> In today's world access control is gated at L2 via wpa or similar.
>>>> Are you suggesting that we have a L3 equivalent? In addition? In
>> replacement?
>>> We need a solution to this problem. I think this is the first important
>>> thing
>> to note, and so far it isn't noted (or I missed it). Which solution is open
>> for
>> discussion.
>>> Can we agree thus far?
>> Well, it seems to me that we have a solution today at L2, at least for
>> wireless which is the most pressing need. Am I missing something? Or are
>> talking about remote access into your homenet?
>
> No, it's not primarily for remote access.
>
> Even if we have something, the architecture doc should describe that this is
> an issue and needs to be addressed, and which solutions fit (including
> existing).
>
> But I think the need goes beyond wireless. If I have visitors, I may not like
> it if they plug in a device into the Ethernet socket in the guest room, and
> the device has full access to everything. I think we need a simple way to
> accept/deny a new device onto the network, independent of the media type.
And preferably a method that doesn't involve asking your visitor for her
MAC address, or giving her a password that you don't want to leak.
On the other hand, a Bluetooth-like method that involves opening access
for a few minutes while you automatically register the MAC address might
be good enough for home use (but unacceptable for professional use).
What is unlikely to work in the real world is a complex cryptographically
sound mechanism, even though it might be fun to design and debug.
Brian
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
