On Sep 23, 2014, at 3:39 PM, Michael Thomas <[email protected]> wrote: > > On 9/23/14, 1:07 PM, Michael Richardson wrote: >> Michael Thomas <[email protected]> wrote: >> >> 2) ISP-provided router has to be willing to trust retail purchased >> router, >> >> or nothing works. >> >> > So what about the other way around? To what degrees should my homenet >> trust >> > ISP-maintained CPE? >> >> That's up to you. Seriously. >> Your ISP-maintained CPE totally p0wns your network. If you don't trust them, >> even just a little bit, then you can't use their equipment. >> >> > > And there's nothing we can do about that, even if we define a boundary > such that they are outside it? > > Do they *have* to participate in the IGP in order for homenet routing to work? > > I'm no expert here, but it seems to me that the normal first hop ISP router > doesn't > have these characteristics of p0nwage for in-home traffic?
Dear Michael, Actually, it is better to assume there is a long list of vulnerable home routers being p0wned by entities beyond their ISP. Leaving that problem aside and assuming this can be handled using a KISS approach, even setting up firewalls when their are multiple routers involved becomes somewhat problematic whenever overlaid networking is not being used. After all, how can each router's assigned prefixes be exchanged. How can mDNS proxy information be communicated? It is important to consider many of the contained devices might be vulnerable to Internet access. Not all devices are updated beyond their warranty period. In some cases, this period might be a 20/20 guarantee, 20 feet or 20 seconds, whichever comes first. While some printers might be able to handle direct Internet access, most can't. Many of these devices announce their routable address via mDNS, hence the need for a network overlay. By using a network overlay, Trust on First Use (TOFU) is less essential although nice to have as an additional layer of protection. Regards, Douglas Otis _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
