Markus Stenberg <[email protected]> wrote: >> I'd like to chat about whether or not the DTLS recommendations >> are correct here. To me, the consensus stuff (from section 8.3 >> of dncp) is not clearly baked (as I noted in iesg review of >> dncp). The PKI stuff is well known, even if it it is a PITA from >> many points of view. I don't think a SHOULD for the former and >> a MAY for the latter is appropriate now. If the consensus based >> stuff gets deployed and works, then it might be time to say >> what you're now saying, but I don't think we're there yet. (I'd >> be happy to look @ evidence that we are, and to change my >> opinion accordingly.)
> Given bootstrapping PKI seems nigh impossible (home CA anyone?), I am
> not sure I agree with you. I have done that few of times and do not
> recommend it to anyone. Of course, I guess at some point some products
> may make it painless but I am not sure I will live long enough to see
> that. (Especially so that the control stays still within home, and does
> not stray to some American ‘cloud server’, cough cough.)
The IETF has chartered a group, ANIMA, which might produce something useable.
I don't think that homenet needs to invent something on it's own.
As long as HNCP *CAN* accomodate a one-level deep (no chains of trust) PKI,
then it should be good. So the security has to be MTI, but MAY configure.
I do agree with Markus' here at present.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
