On Apr 2, 2014, at 2:30 PM, RJ Atkinson <[email protected]> wrote:
> > I concur with Tom Pusateri, Markus Stenberg, Ted Lemon, and others: > - A layer-2 solution is not deployable in the full range of HomeNet > environments. > - Many link layers do not use any form of IEEE 802. So RBRIDGE and > TRILL and similar are not deployable over many applicable link layers. > - We need a solution that is agnostic to the type of link layer. > - Further, we have a range of on-the-shelf IETF security mechanisms > that operate at Layer-3 and higher. There is no security magic > to a Layer-2-only approach to HomeNet. > > Bottom Line: > Not all links are (wired, wireless) Ethernet or based on IEEE 802.* Dear Ran, Of course home networks may involve networking protocols such as Zigbee, Z-Wave, HomePlug/IEEE 1901, ITU-T G.9972 that might not be suitable candidates for TRILL extensions. TRILL was proposed as a means to extend the functional use of AppleTVs that impose HDCP requirements. Making adjacent network multicast traffic visible through automated processes of publishing translated routable addresses in local DNS profoundly and negatively changes home network security. While mDNS does not offer enhanced security, it does not also expose devices to threats from other networks and prohibit use of link-local addressing. Most mDNS related problems can be addressed through the use of TRILL with specific service filters without introducing a wide array of security exposures. There are many home devices that implement some level of home automation using an OS that can not be updated by their owners. The proposed homenet using the mDNS to DNS proxy will make these devices visible to browsers for example and significantly challenge the effectiveness of existing firewall strategies. In an ideal world, all devices should be secure when exposed to the Internet. Our world is not ideal. Please consider the security aspects, and how we might be able to aid deployment (even in the form of a BCP). Regards, Douglas Otis _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
