See one inline belowŠ On 9/17/14, 6:40 PM, "Brian E Carpenter" <[email protected]> wrote:
>On 18/09/2014 02:58, Michael Thomas wrote: >> On 09/16/2014 11:31 PM, Mikael Abrahamsson wrote: >>> As was presented in.. err, London?, shared secrets are bad. To really >>> do this properly, we need device specific keys and some kind of list >>> of "devices that are allowed to connect", perhaps by having their >>> public keys in HNCP. I don't know. I am no security expert, but I >>> believe we probably have to have two or three modes of security, one >>> being "unsecure" that is auto everything (will give scenarios like the >>> one Tim wrote about), one that is "shared secret", but where devices >>> need to be configured using this shared secret (protects against >>> accidents), and a third one where PKI is used, but where user policy >>> infrastructure is available. The third one greatly increases scope the >>> framework required to implement. I'm not sure it would even be HNCP >>> anymore, perhaps we need a wider view than what the HOMENET charter >>> has in it currently. >> >> Global symmetric keys certainly have their problems, but using public >> keys have their own. >> Namely, if I want to enroll a new device each other currently enrolled >> device needs to know about >> the public key of the new enrollee. For 2 devices, that's possibly >> manageable but for more I really >> don't want to run around my house looking for every homenet device to >> enroll the new one. >> >> If we were to do that, it might be nice to have a distributed database >> of homenet devices such that >> I only had to enroll it on one of my homenet devices, and then it's >> distributed to the rest. > >I don't think that's a "nice to have". I think it's an unavoidable >requirement, and it has to require at most trivial human intervention. > >(Don't shoot me, but this happens to be a must-have for autonomic >networking too.) I¹m not sure that this is a must-have but, if it were, could the autonomic networking solution be used for homenet? Thanks, Acee > > Brian > >_______________________________________________ >homenet mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/homenet _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
