On 13.9.2014, at 5.50, Brian E Carpenter <[email protected]> wrote: > On 12/09/2014 22:23, Markus Stenberg wrote: > ... >> 1) Can we assume secure L2 and/or appropriate device >> configuration by the manufacturer/ISP(/user)? (This is what I >> can assume in my own home.) > I'm not sure I fully understand this question, but certainly > there a vast numbers of insecure home 802.11 setups. This is > less prevalent than it was a few years ago, but it seems like a > dangerous assumption if homenet-compliant kit is mixed in with > older stuff such as wireless hubs that are open by default.
>From my point of view, if you’re exposing part of your home network via >insecure wireless, only way to secure it would be to run mandatory crypto over >it both to hosts and routers. I’m not sure this is really feasible either. >Just securing router-router traffic (or parts of it) does not bring >significant benefit from my point of view unless you also authenticate hosts >in such a case. While securing HNCP in such a case would prevent some attacks on in-home network auto-configuration, anything else (e.g. using home resources, using home internet access, pretending to be uplink and performing MITM, the list goes on) would be still possible and I do not see the point. Cheers, -Markus _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
