> > Well, draft-pritikin-anima-bootstrapping-keyinfra-01 describes a way to > bootstrap a certificate infrastructure, zero touch. Once every device in a > domain has a domain certificate, two devices can directly authenticate each > other, without PSK. Then you can also authenticate a key negotiation > scheme such as IKE, to negotiate a PSK which you can then use in your > "normal" authentication scheme. Obviously, would be nice if protocol > supported certs directly, but it’s not required. > > IKE provides just symmetric crypto key between two parties. Typical > network has more (and routing protocols use multicast). Multiparty IKE is > more or less dead (or undead?). > > Remember, we need whole network to agree on the keys, or at least > everyone on the link if any multicast is used in a way that requires > authentication or confidentiality. (HNCP is designed to avoid transmitting > anything important over multicast; are routing protocols? For most part, I > think not.)
Sorry, I haven't been following all this discussion so I may be missing something, but ... I would say: Pick a master (on a link, or the entire network); master calculates a random key; distributes it to the other nodes using asymmetric crypto; all nodes use that key. For rollover use some key chain mechanism such that for a period of time old and new key are accepted. Plug those keys into the "normal" routing protocol security mechanism. What am I missing? Michael _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
