On 09/16/2014 11:31 PM, Mikael Abrahamsson wrote:
As was presented in.. err, London?, shared secrets are bad. To really do this properly, we need device specific keys and some kind of list of "devices that are allowed to connect", perhaps by having their public keys in HNCP. I don't know. I am no security expert, but I believe we probably have to have two or three modes of security, one being "unsecure" that is auto everything (will give scenarios like the one Tim wrote about), one that is "shared secret", but where devices need to be configured using this shared secret (protects against accidents), and a third one where PKI is used, but where user policy infrastructure is available. The third one greatly increases scope the framework required to implement. I'm not sure it would even be HNCP anymore, perhaps we need a wider view than what the HOMENET charter has in it currently.
Global symmetric keys certainly have their problems, but using public keys have their own. Namely, if I want to enroll a new device each other currently enrolled device needs to know about the public key of the new enrollee. For 2 devices, that's possibly manageable but for more I really don't want to run around my house looking for every homenet device to enroll the new one.
If we were to do that, it might be nice to have a distributed database of homenet devices such that I only had to enroll it on one of my homenet devices, and then it's distributed to the rest.
Mike _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
