Wednesday, Nov 18, 2015 8:24 AM Juliusz Chroboczek wrote: > HNCP is an amazingly flexible protocol, and one that will hopefully be > used well beyond it's original area of application. Many of the possible > applications of HNCP don't require DTLS, either because the network is > secured at a lower layer, or because they use a different application > layer mechanism.
Which possible applications of HNCP don't require security? The problem we have with HNCP is that we have no basis for establishing trust, not that we don't need security. The argument against DTLS that I think makes some sense is "we don't know how to key it, and therefore don't know if it will work if/when we figure out security," not "we don't need it." I actually have a great deal of sympathy for Kathleen's view here; if we make DTLS MTI, then at least we'll have an encryption/authentication mechanism when we figure out how we want to do that. I think there's a pretty strong case to be made that the security mechanism will require public key cryptography. If that's the case, then DTLS will work as an encryption/authentication layer. The fact that the current draft refers to DTLS and makes it mandatory to use when transmitting pre-shared keys means that we've already got consensus that DTLS is a necessary option for encryption/authentication. That being the case, I actually don't see any argument against making DTLS mandatory to implement. You didn't give a reason for your opinion that we should not. If you do have a reason for thinking that DTLS shouldn't be MTI, please state it plainly--your opinion may well be correct, but if we don't know why you have that opinion, we have no way to evaluate it other than to trust you or not, and that's not a good way to do standards work. If the concern is whether there's a good DTLS implementation that can be used, I don't know how good it is but tinydtls looks like it might work. It uses a license that is GPL-compatible. -- Sent from Whiteout Mail - https://whiteout.io My PGP key: https://keys.whiteout.io/mel...@fugue.com
pgpebceVopOW5.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
