On 15/03/2013 18:49, Michael Thomas wrote:
> On 03/15/2013 04:04 AM, Robert Cragie wrote:
>>
>> On 14/03/2013 9:42 PM, Michael Thomas wrote:
>>> On 03/14/2013 10:03 AM, Michael Behringer (mbehring) wrote:
>>>>> From: Michael Thomas [mailto:m...@mtcc.com]
>>>> [...]
>>>>> In today's world access control is gated at L2 via wpa or similar.
>>>>> Are you
>>>>> suggesting that we have a L3 equivalent? In addition? In replacement?
>>>> We need a solution to this problem. I think this is the first
>>>> important thing to note, and so far it isn't noted (or I missed it).
>>>> Which solution is open for discussion.
>>>>
>>>> Can we agree thus far?
>>>
>>> Well, it seems to me that we have a solution today at L2, at
>>> least for wireless which is the most pressing need. Am I missing
>>> something? Or are talking about remote access into your homenet?
>> L2 access is fine if the authenticator is one hop away. It won't work
>> otherwise. We had this issue with mesh networks using RPL where
>> authentication needs to be relayed through the existing network to the
>> authenticator and access control is performed by RPL routers on the
>> boundary of the network. We solved it using the PANA relay function
>> (RFC 6345). I also have some ideas for more complex network admission
>> using multiple authenticators in a mesh network which could apply
>> here. I will try and get the ideas down in a digestible form.
>
> So I guess where this is going is "should AAA be a part of the homenet
> architecture". Yes? (fsvo: AAA).
Yes for Authorisation. It's much less clear to me that (cryptographic)
Authentication is a requirement, and fairly clear to me that Accounting
isn't.
Brian
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
