On 10/22/13 9:01 AM, Ted Lemon wrote:
On Oct 22, 2013, at 11:29 AM, Michael Thomas <[email protected]> wrote:
Since this is homenet, oughtn't we be thinking in terms of getting
configuration information
from things that we believe we ought to always trust, like, oh say, a server on
our home network?
Regardless of our current attachment point(s)?
What would the security model be here? How do we know to trust something on our home
network? We pretty much blew this off when we did the architecture document—the general
attitude seemed to be "security is hard, so let's do it later." So while I
might agree in the abstract that your proposal makes sense, we have no solution that
actually _does_ this. So mentioning it as an alternative isn't going to get us anywhere.
Of course, we _also_ don't have a security model for the scenario Daniel's draft talks
about. So I would say that both of these solutions are non-starters.
At least there is a security model on my home network, such as it is: wired
needs physical
access, wireless needs a password. For roaming, wireless is a closer model. So
at least we
have shared credentials.
That's why I keep saying that "Zeroconf" is an illusion. The only way you have
wireless zeroconf
is to not have wireless authentication which is pretty boneheaded. Littleconf.
Mike
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
