On 09/17/2014 06:37 AM, Michael Richardson wrote:
Michael Thomas <m...@mtcc.com> wrote:
>> I further suggest that if two routers have wireless that they might
>> well have a WPA2/PSK available to them, and that they can and SHOULD
>> use something derived from that key to authenticate each other. Could
>> be over IKEv2, yes.
> If I have more than one SSID, which PSK should the router use?
Whichever ones authenticates the message. The PSK is not transmitted.
I'm about to send a routing update, or whatever message. Which WPA2 key
does the router use?
> And if it's a simple derivation, that means that anybody with the right
> PSK can derive that key and participate in routing whether we want them
> to or not, right? That is, where is the authz?
That's the nature of a PSK, yes.
I want to control people who I give access to my home network to
participate in routing or not.
Overloading network access control with access to control plane
modification sounds like a
bad idea to me.
If you wanted to overload the use of a key, it might better to derive a
key from their admin
logins. But it would be best of all to not overload anything.
Mike
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet