In message <159dbf45-107c-4c12-ae01-9bb494e8e...@fugue.com> Ted Lemon writes: > On Oct 11, 2011, at 9:03 PM, Michael Richardson wrote: > > However, I am thinking that we can perhaps bootstrap equipment that has > > never been configured (or has been factory reset) in some fashion such > > that if the equipment is "virginal" that it can essentially always try > > some default keys, and bring up enough networking to let all equipment > > be discovered and identified. There would be strong nag screens to get > > the user to up a network password. > > A pre-shared key that is pre-shared to every device is the same as no > key. So you might as well not bother with that complexity. > Conceivably CGA could be used to publish public/private key pairs > allowing devices to automatically recognize each other and present > their relationships in a UI for the end user to approve, but that's > not precisely plug and play.
Agree completely on this. For example, having bumping the factory default button on a wireless camera open access to everyone would really be a bad idea. > I think the simplest thing would be to require that each device be > able to talk to a USB drive. Each device collects all the public keys > on the USB drive, and stores their own there. Devices then share > their public key with other devices identified on the USB drive, so > that as each device joins the network, the other devices learn about > it. This isn't bulletproof=97an infected PC that's configured with > these keys could be used to gain access to the keys, for example. But > it's a lot better than a well-known key. > > Of course, this isn't quite as plug and play as you seem to want, and > it requires that each device have a USB port, which might not be > acceptable. Plus, it would mean that the IETF would have to talk > about hardware, which seems like a bit of a non-starter. But I think > it's the right way to solve the problem. Mandating USB is not practical. For example I have a set of DECT phones with a single SIP base station. You can bond the phone to the base station but you have to enter a menu on the phone and do something on the base station (through the web interface or otherwise) within 10 seconds. Not perfect, but it works. There are too many cases like bonding the garage door opener to the clicker, or bonding the speakers to the audio system, etc, don't need to store keys on a USB as a boot strap. For some things USB would be fine. And my water heater, as facinating as it might be to the electrical utility, need not have the key to my garage door opener or my audio speakers, even though I might want to turn the hot water up or down a few degrees through a remote device some day. I would say that reinventing the kerberos KDC with ticket granting tickets and service tickets is probably overkill and should be out of scope. But it would be a truly wonderful thing if the interface could be made simple enough for a consumer to set up. Curtis _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
