> Hmm, so do you think it's possible that HOMENET could land in the "uses
> secure link layers" bucket?
No opinion on the above. I'll only state that HNCP supports running over
DTLS (this is implemented in hnetd, the reference implementation of HNCP).
Section 8.3 of RFC 7787 describes a distributed algorithm for
semi-autonomously choosing a set of trusted DTLS keys.
> (It sounds like it's also possibl e it would use babel-hmac or babel-dtls.)
If Homenet ends up running HNCP in a secure mode, then it could be used as
a trust anchor for Babel. We could do either of the following:
- use HNCP to elect a single Babel-HMAC key for the network;
- generate random Babel-DTLS keypairs and flood the public part
over HNCP;
- reuse HNCP keypairs in Babel-DTLS.
Of course, if HNCP runs insecure, then it would be somewhat doubtful to
use it for key distribution.
-- Juliusz
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
