On Fri, Nov 25, 2011 at 17:43, Mark Townsley towns...@cisco.com wrote:
Before we decide that we must have an IGP, that it must be
cryptographically secured, and that we have to tackle key distribution for
it, I'd like to take a step or two back from the routing protocol part of
the equation.
In my experience, there is no single mechanism for establishing what is
alternatively called 'pairing,' 'introduction,' 'enrollment,' on in the case
of the WiFi Protected Setup a 'mental model.' The techniques have been called
ceremonies by Carl Ellison and Jesse Walker, and they serve as a
I've been following this thread with interest. Some points (from someone
who has a particular 802.15.4-based mesh networking viewpoint):
* There probably isn't any need to specify cryptographic security for
an IGP on the basis that the packets are link-local and can
therefore be
I agree - once we have a threat document, this should one of the security
models on which we map the threats.
Thanks,
Acee
On Nov 26, 2011, at 4:52 AM, Robert Cragie wrote:
I've been following this thread with interest. Some points (from someone who
has a particular 802.15.4-based mesh
On Nov 26, 2011, at 4:52 AM, Robert Cragie wrote:
Network access control can set up secure channels to deliver keying
information.
It sounds like you're talking about some kind of central management
software/protocol here.
___
homenet mailing list
Before we decide that we must have an IGP, that it must be cryptographically
secured, and that we have to tackle key distribution for it, I'd like to take a
step or two back from the routing protocol part of the equation.
First things first, we have to detect that there is a device present,
Similarly, a wired broadband or 3G/LTE wireless connection to an ISP router
in the neighborhood has its own authentication and policy enforcement
happening at L2.
I'm curious if we want to assume a particular type of broadband connection is
in use, or do we want the Homenet solution to be
On Nov 25, 2011, at 6:28 PM, Ted Lemon wrote:
On Nov 25, 2011, at 7:30 AM, Randy Turner wrote:
I think I agree that confidentiality of routing traffic is probably not an
issue for Homenet - however, I do think we should consider integrity of
routing traffic - ie, router A should trust that
Mark,
Actually, I suggested that wired wouldn't need any key handshake. Wireless
would, and such handshakes require UI. The UI is the problem if there are
two devices that are not used to having any serious UI. I'm not sure I know
how to solve that, but I'm not sure it's our problem to solve
On Tue, Nov 22, 2011 at 23:54, Ted Lemon mel...@fugue.com wrote:
Yeah, I don't think either device decides that it is the homenet; rather,
they are regularly dynamically discovering topology, and deciding what to
do based on whether they are connected to an edge. Possibly both devices
are
On Fri, Nov 25, 2011 at 01:27, Ted Lemon mel...@fugue.com wrote:
If one is a member of a homenet and an ISP connection already, and one has
a blank config, then you might assume that the one with the blank config
should join the existing homenet. What if they both have a config on them?
What
have to hit very
inexpensive price points...easily sub $50 to the NSPs
R.
Original message
Subject: Re: [homenet] Creating a security association via physical link +
button
From: Ted Lemon mel...@fugue.com
To: Howard, Lee lee.how...@twcable.com
CC: homenet@ietf.org homenet
On Nov 22, 2011, at 7:42 AM, Russ White wrote:
This is, generally speaking, how current home routers work... And, I
think, it might be the only way to make a homenet work. The primary key
beyond this is a device being able to figure out I'm an edge to the
outside world.
Yeah, I don't think
Home routers with a natural WAN interface such as DSL or Docsis are built from
reference designs that hardwire the internet interface, including any
firewall-like functionality
Randy
Original message
Subject: Re: [homenet] Creating a security association via physical link
] Creating a security association via physical link + button
It would be cool if I could plug in a new router into my homenet, press a
special button on it and on the router I plug it into, and have the new router
download the homenet config (at least the routing protocol key, but maybe other
15 matches
Mail list logo