On Oct 22, 2013, at 3:28 PM, Michael Thomas <[email protected]> wrote: > I didn't say anything about DHCP; I was purposefully vague about what a > configuration/whatever > protocol ought to be. I was only pointing out that there already exists a > shared credential between my phone, say, and my home router, say. And you > could use the initial contact with the holder of a shared secret (eg router) > to bootstrap a 1:1 key (diffie helman is probably our friend). So you have an > initial leap of faith, but beyond that you're enrolled. No AAA required.
The DHCP issue is a red herring. You don't have a shared secret. You have a well-known token. You can't use that to make a leap of faith. I'm not saying this problem can't be solved, but it won't be solved this way, and it must be solved before we can trust the configuration information we get on the local wire. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
