On Nov 25, 2011, at 6:22 PM, Ted Lemon wrote: > On Nov 25, 2011, at 3:50 AM, Mark Townsley wrote: >> In the email I just sent, I'm making an argument for why this is not the >> case. An IGP in a homenet setting needs crypto security no more than DHCP, >> ND or mDNS would. It's just another configuration protocol within the home. > > I liked the email you just sent, and agree with most of it. However... > >> Yes, this means that we need to trust L2 or physical security. But that's >> already very much the case today. If we add keys and crypto at every layer >> we are doomed before we start on usability alone. > > As mcr pointed out, we have to make sure the thing we are talking on is > actually an L2 link, and not an L3 link, so the key handshake you're talking > about has to be done with some kind of 802.1x-ey protocol. But you admitted > that we need to be able to do this for wireless devices as well as wired.
Actually, I suggested that wired wouldn't need any key handshake. Wireless would, and such handshakes require UI. The UI is the problem if there are two devices that are not used to having any serious UI. I'm not sure I know how to solve that, but I'm not sure it's our problem to solve either. > If that's the case, there *has* to be a public/private key pair, or you might > as well not bother with a crypto key at all. What's the common case at L2 in homes today? > But the notion that having to have a public/private key pair is onerous > doesn't make sense anyway. Public keys are just as easy as shared secrets, > as long as you have space to store them. Why are we even debating this? You are debating the kind of keys to use, I'm not. I'm saying that once you need any more keys that we already have at L2, we've made the problem harder than it needs to be. - Mark > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
