STARK, BARBARA H <[email protected]> wrote: > If the concern is with a man-in-the-middle attack on HNCP messages, > then point-to-point security, using encryption with any key that the 2
The concern is man-in-the-middle "attacks" on HNCP messages by an outsider,
not another member of the household. Or, more specifically, the outsider
being a misconfigured (physical) neighbour.
Possession of the WPA2 passphrase means that the router is part of my home.
> If the goal is to know whether an endpoint is authorized to
> send/receive a HNCP message WPA2-PSK is also useless. It authorizes no
> such thing. Users should be free to run HNCP in a manner that requires
> no explicit authorization. If explicit authorization to run HNCP is
> desired by the user, then such authorization must come from a person
> with physical access to the home network and its devices, and such
> authorization must be specific to the running of HNCP and/or a role in
> home network configuration.
What do you mean by "user" here. Last I checked, my wife is a user, and I'm
sure that neither her person, nor her mobile phone, nor her chrome book need
to run HNCP.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgp6xKto475UX.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
