Ted Lemon <[email protected]> wrote: >> If, OTOH, you can say that you would in fact also require origin >> authentication, then that is also of interest. (It'd mean that your >> use case could not be met by the initially chartered work for DICE, >> and that factoid could be helpful in figuring out how to handle the >> DICE work.)
> I think we definitely need origin authentication, but I am skeptical
> that we need multicast TLS. I guess if we had it it might work,
> though. But I'm not convinced it's the right model. So I'd hate to
> have you guys go off and invent something cool that winds up not
> matching the eventual design.
I think that it useful if we have a simple way to authenticate the
multicast'ed communication, but I think it is acceptable to form point to
point (unicast) security associations to get the origin authentication.
The communication might go like:
MULTICAST DrNick: HEY EVERYBODY, I got a new PREFIX to share!
UNICAST Homer to DrNick: mmmm... PREFIXES.. can I have some?
UNICAST DrNick to Homer: sure, not a problem!
[If that sounds like DHCPv6....]
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgpUR0d2GQ6wI.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
