Not necessarily. It could centralized, it could be distributed or
collaborative. Generally most edge networks have an access policy; it is
rare to find a true open access network these days. If there is a
network access policy, a single node generally has to act as
authenticator for the purposes of network access (e.g. 802.1X/PANA/EAP
model). However, the capability to authenticate and authorize could be
distributed. Considering a ubiquitous model in the home now, there is an
access point which acts as authenticator based on nodes joining with a
pre-shared key/passphrase, so that is a centralized function. Consider
how to extend that model to other networks in the home; if the homeowner
essentially manages all the networks then other networks could simply
become subordinate and assume security parameters of the primary
network. If there is a need for another peer network, these could keep
their own security parameters and a common node would need to be
authenticated on both. When it comes to actual packet security, there
are also a number of possibilities, including group keying, network-wide
keying or, depending on the network topology, node to access point keying.
Robert
On 26/11/2011 6:24 PM, Ted Lemon wrote:
On Nov 26, 2011, at 4:52 AM, Robert Cragie wrote:
Network access control can set up secure channels to deliver keying
information.
It sounds like you're talking about some kind of central management
software/protocol here.
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
