On Oct 22, 2013, at 1:06 PM, Michael Thomas <[email protected]> wrote: > At least there is a security model on my home network, such as it is: wired > needs physical > access, wireless needs a password. For roaming, wireless is a closer model. > So at least we > have shared credentials.
You have shared credentials with the wrong thing. They don't serve to authenticate a DHCP packet you receive on the WiFi. Furthermore, since they are shared, it makes no sense to use them to authenticate the server—everybody on the network by definition knows the password, so anybody can prove that they have it. Passwords of this sort strictly function to prevent unauthorized access to the network—they can't be used for anything else. I suppose we could mandate WPA2 enterprise on the homenet, but we still don't have a way to use that to secure the DHCP transaction. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
