Mark Townsley <[email protected]> wrote: > Without declaring consensus on how far we should go scope-wise in terms > of overall homenet security just yet, I'd like to know if, in terms of > HNCP itself from a bits-on-the-wire protocol perspective, can we adopt > this proposal proposal from Mikael? If yes, please say so. If no, > please say why not (and even better if you can propose text that would > alleviate your concern).
It is essentially identical to what I am proposing.
I would motify slightly:
1) the I in "PKI" is inappropriate.
2) not-yet-secure nodes should be able to listen to secured traffic.
> Mikael Abrahamsson wrote:
>> So my proposal is that we make HNCP capable of using several methods,
>>one is unsecure, one is secure by means of a shared secret, and then add
>>other optional methods using PKI that would enable the above mentioned
>>"accept each device manually" more secure way.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgpq4E2ll1EUv.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
