On 6/13/19 8:47 AM, Ted Lemon wrote:
On Jun 13, 2019, at 11:15 AM, Michael Thomas <[email protected]
<mailto:[email protected]>> wrote:
All of which require authentication of some form, which the router
itself doesn't have the credentials. But home routers do have a few
different characteristics: proximity and local addressing. Maybe your
work you pointed out might be applicable?
“how you are connected” plus “no conflict” is a fairy effective ad-hoc
method for establishing trust.
E.g., for a very long time, ISPs have used the fact that you are
connected to their network as a basis for authorizing your DHCP
transaction. If the ISP is doing the front-end naming, then that
mechanism could work here as well. If someone else is doing front-end
naming, then you probably have to have put a credit card in somewhere…
Yeah, the router clearly knows whether something is on the local net,
but it doesn't know if it's a visitor. Requiring that you put the
visitors on a guest net is not exactly ideal either.
I'm thinking that a lot of my hand-wringing here is only for adding
more devices to the router's list of devices that can log in. I'd assume
that the router would be in "peer mode" by default when it doesn't have
any enrolled devices. Worst case, you can always log into the router
with the primary device and press a button to permit other devices.
Which is to say, I may be overthinking this :)
Mike
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
