On Tue, Mar 24, 2015 at 10:11:27AM -0500, Markus Stenberg wrote: > > On 24.3.2015, at 10.08, David Lamparter <[email protected]> wrote: > > the DNCP draft contains 4 variants of bootstrap ceremonies, but the only > > thing I can find about distrust is that "Configured Distrust" exists as > > a state. Can you detail how that works? (And possibly add that detail > > to the draft? - If/when someone else implements this, I can see them > > skipping this entirely by just failing to notice its existence.) > > As you can see, there is a priority list of states that a trust > verdict can have. > > The ‘configured distrust’ essentially has highest priority; if someone > publishes that for another node, it will not be trusted, period.
There are sections on user interface for creating "Configured Trust" state, yet nothing on creating "Configured Distrust" state. Why is that different? > Improvements on how it is described are welcomed as always :) I don't have the solution - just seeing a (security) issue... At the very least I guess we need something along like: "Installation of 'Configured Distrust' state does not suffer from the bootstrap problem since trusted devices are known. However, devices implementing certificate-based trust MUST implement an user interface add Configured Distrust; devices relying on button or first-use models MAY instead have an interface to clear all configured trust state." (I guess for some ROM-based 64kB device it's easier to have a "clear all" button, while for standard wifi routers I'd expect a web interface with a distrust button.) -David _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
