Regards Brian Carpenter http://orcid.org/0000-0001-7924-6182
On 18/09/2014 11:55, Acee Lindem (acee) wrote: > See one inline belowŠ > > On 9/17/14, 6:40 PM, "Brian E Carpenter" <[email protected]> > wrote: > >> On 18/09/2014 02:58, Michael Thomas wrote: >>> On 09/16/2014 11:31 PM, Mikael Abrahamsson wrote: >>>> As was presented in.. err, London?, shared secrets are bad. To really >>>> do this properly, we need device specific keys and some kind of list >>>> of "devices that are allowed to connect", perhaps by having their >>>> public keys in HNCP. I don't know. I am no security expert, but I >>>> believe we probably have to have two or three modes of security, one >>>> being "unsecure" that is auto everything (will give scenarios like the >>>> one Tim wrote about), one that is "shared secret", but where devices >>>> need to be configured using this shared secret (protects against >>>> accidents), and a third one where PKI is used, but where user policy >>>> infrastructure is available. The third one greatly increases scope the >>>> framework required to implement. I'm not sure it would even be HNCP >>>> anymore, perhaps we need a wider view than what the HOMENET charter >>>> has in it currently. >>> Global symmetric keys certainly have their problems, but using public >>> keys have their own. >>> Namely, if I want to enroll a new device each other currently enrolled >>> device needs to know about >>> the public key of the new enrollee. For 2 devices, that's possibly >>> manageable but for more I really >>> don't want to run around my house looking for every homenet device to >>> enroll the new one. >>> >>> If we were to do that, it might be nice to have a distributed database >>> of homenet devices such that >>> I only had to enroll it on one of my homenet devices, and then it's >>> distributed to the rest. >> I don't think that's a "nice to have". I think it's an unavoidable >> requirement, and it has to require at most trivial human intervention. >> >> (Don't shoot me, but this happens to be a must-have for autonomic >> networking too.) > > I¹m not sure that this is a must-have but, if it were, could the autonomic > networking solution be used for homenet? Well, except that we don't have one yet ;-). Really it's too soon to know, but the arguments about needing a strong identity + trust model in the two cases are very similar. And some sort of self-managing PKI seems to be needed. However, I really don't want homenet to be stuck waiting for a non-existent WG to get itself organized, so I think this is just something to keep in mind for now. Brian _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
