On Oct 22, 2013, at 4:22 PM, Michael Thomas <[email protected]> wrote: > If you'd pause a moment from winning, I said that requiring knowledge of the > group secret > to do the leap of faith is somewhat better than the straight leap of faith > that ssh uses.
The public key can be used to authenticate the server in future connections as being the same server that you contacted when you first made the leap of faith. The "group secret" proves to the server that you know the password to the network, but it can't be used by the network to prove that it is trustworthy. And there is no additional token, so every time you use that server, you are making the same leap of faith you made the first time. Leap of faith authentication provides some additional security because you can only attack it the first time it's used—when the leap of faith is made. If you make a leap of faith every time you connect, that's no different than having no security at all. > But we're far afield from my original point: that I'd rather use a server on > my home > network to get my configuration, rather than trusting some random ISP who I > happen > to be connected to at any point in time. That doesn't work for roaming, and > it's questionable > whether it's an especially good idea even when I'm not. This is the key point: your home network is just a random network to your device, unless you have a secure mechanism for identifying it. I do agree with your basic point that you can't just trust any random network; what I am trying to point out is there is currently no mechanism we've specified that allows your device to securely distinguish your home network from those other networks. > Are you suggesting that we shouldn't comment on that draft? If I wanted to say such an inappropriate thing, I would just say it, and then presumably there would be a recall petition, and I'd be able to go back to being an individual contributor, and my life would get a lot simpler. I want desperately for the working group to comment on the draft, and I appreciate you commenting. Please don't take debate from me as implying that you should shut up. When I accuse you of handwaving, it's because I want you to get specific, not because I want you to shut up. You're in no way obliged to get specific—that's just what _I_ want. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
