On Nov 28, 2011, at 3:49 AM, Lorenzo Colitti wrote: > On Fri, Nov 25, 2011 at 17:43, Mark Townsley <towns...@cisco.com> wrote: > Before we decide that we must have an IGP, that it must be cryptographically > secured, and that we have to tackle key distribution for it, I'd like to take > a step or two back from the routing protocol part of the equation. > > I'm not saying we need to secure the IGP. I'm saying that we need homenet > devices to know if they're "part of the same homenet" or not. This is > important for border detection, among other things. > > One easy way to do this, if you have an IGP anyway, is to say that all the > devices that are part of the same IGP domain, (and thus share the same key), > are on the same homenet. It might - just - be possible for users to > understand that to "join the network" you need "the password for the > network". Then all you need to do is find a way to share a key. > > This simple solution falls over if a device needs to be part of two homenets > at the same time, or if you want to merge two homenets. > > Is that clearer now?
I think the confusion stems from the fact that people have different views on both the HOMENET security requirements and the associated security operations model. Acee > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet