On 03/03/2015 09:37 AM, Michael Behringer (mbehring) wrote:

I scanned this over (I think I've scanned Max's base doc too, but it's been a
long time), and don't think that the problem at hand has much to do with
needing a CA of any sort. Binding "human" names to cryptographic
identities is fraught with trouble -- and if they're not intended to be human
consumable, they might as well be the fingerprint of a public key.

The big question i have is whether the non-interactive nature of certs is
being taken advantage of. For example, if I throw my root current CA in the
trash what happens?

I have a lot of other questions, but I'm not sure whether this is right time to
go through them.
There are lots of questions which we should discuss. To the above question, 
easiest case would be that you create a new root CA and re-enrol devices there. 
Not perfect, but probably acceptable in a homenet, if the enrolment process is 
easy (which I believe we can make it).

Yuck, obviously. It seems to me that there's a larger distributed database problem that this is probably another for-instance of. I really want to be able to throw my current CPE in the trash when it dies and not spend an entire day of harrowing configuration annotated with the dictionary's 4-letter word section.

(others being dns naming/config, router/routing configs, dhcp goodies, etc, etc).


Should we set up an informal meeting in Dallas to discuss this? Find a slot 
that works for most, a quiet corner, and discuss?



Alas, I will not be in Dallas. Grassy knolls give me the sneezes.

Mike

_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to