On Oct 22, 2013, at 4:01 PM, Michael Thomas <[email protected]> wrote: > It's isn't "well known", it's just a group secret. And you certainly could > use it to make > a leap of faith: ssh does it without a group secret at all, so it's actually > somewhat better: > I at least know that the thing that I'm doing the leap of faith with has > knowledge of the > group secret.
It's not a secret if it is shared by more than two hosts. It is a well known token, which is not widely known. Any device connected to the network can pretend to be the server if you allow that token to be used to authenticate the server. Ssh has a public/private key pair on the server. The leap of faith there is based on that key pair, not on a "group secret." This problem can be solved, but I am strongly opposed to handwaving. If you want to assert that we can have a secure system, even based on a leap of faith, I do not disagree with that, but you need to tell me what the system _is_. Otherwise the discussion is completely hypothetical, and we can't draw any real conclusions at all. So before the working group has any conversations about technologies that depend on a security solution that doesn't yet exist, I would like us to have a security solution upon which to base those technologies. Until we do, proposals like this one just sound like security snake oil, and we shouldn't be entertaining them. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
