On Nov 25, 2011, at 3:42 AM, Ted Lemon wrote: > On Nov 24, 2011, at 7:46 PM, Lorenzo Colitti wrote: >> Ok, so it would seem to me that to support that case then we need to either >> a) support multiple simultaneous keys in the IGP or b) provide a mechanism >> to tell a number of homenet routers that "the key to the IGP is changing". >> Both are non-trivial. Any other ideas? > > I think a security model that doesn't have each router generating its own > keys, and using public key cryptography, is doomed. If you use a shared > secret, it's too easy to pwn your network because it has to be exchanged in > the clear. If the IGP protocol we want doesn't support this, then it pretty > much has to be fixed, or we just can't do this.
In the email I just sent, I'm making an argument for why this is not the case. An IGP in a homenet setting needs crypto security no more than DHCP, ND or mDNS would. It's just another configuration protocol within the home. Yes, this means that we need to trust L2 or physical security. But that's already very much the case today. If we add keys and crypto at every layer we are doomed before we start on usability alone. - Mark > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
