I decided to take a look at the homenet architecture draft and compare the requirements there with what is defined for HNCP as of now.
Section 3.6 describes security. It seems to be concerned mainly with filtering of traffic between different networks - for example, guest, home, and Internet. Section 3.8.2 adds potential need for manual provisioning of wireless keys. Current HNCP draft provides for both automated border discovery (to determine between home and Internet being plugged on different ports) that is not really dependant on HNCP itself, but neither is it very secure, as in the zero-configuration case there is no way to authenticate ISP _or_ the hosts. Given provisioning by manufacturer/ISP, or configuration by the end user, the automated border discovery can be disabled, and fixed categories assigned to interfaces. In that mode, HNCP fullfills the security specified in the draft. What the draft does not cover is what is the assumption about security of protocols within it. If HNCP is run only over either physically or cryptographically secured link layer, there are no real extra requirements for HNCP. So, question time: 1) Can we assume secure L2 and/or appropriate device configuration by the manufacturer/ISP(/user)? (This is what I can assume in my own home.) 2) If not, should the solution be some sort of pre-shared key scheme? (If not, please explain your alternative solution.) 2.1) And if so, should it be manually keyed IPsec (multicast prevents e.g. IKE)? (This is what is in the draft currently.) 2.2) Or should we roll our own in-HNCP scheme? Cheers, -Markus _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
