>> Powerline Ethernet devices have built in encryption, > Same thing with WPA* too of course. So I’m very tempted to assume L2 > takes care of security.. ;)
Guest networks? However, I think it is premature to define a secure variant of HNCP before we have some operational experience with the protocol. It's only after we've played with it for some time that will we get a feel for what are reasonable and unreasonable operations to perform. > just use e.g. IPsec with manual keying Vulnerable to replay if done naively. Not sure about the configuration protocol, but definitely an issue for a routing protocol -- just capture a default route announcement with a low metric, and you've won. > [S4-3] HNCP-level PSK shared among all routers. Same bootstrap issues as > [S4-2], may be able to get rid of manually keyed IPsec dependency. It appears that you are only looking at hop-to-hop security. I'm speaking off the top of my head here, so I'm probably saying something stupid. What about end-to-end solutions, where only routers with a trusted key can originate configuration information? This could perhaps be combined with a leap-of-faith model (a la ssh). > Looking at Babel, the routing protocol spec is 45 pages, and draft > specification of HMAC security scheme for it is 55 pages. Yeah, wouldn't it be nice if we had a common layer 3 security protocol? (We would make sure that it's actually usable before standardisation, of course.) -- Juliusz _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
