On 13.9.2014, at 23.30, Brian E Carpenter <brian.e.carpen...@gmail.com> wrote: > On 13/09/2014 17:40, Markus Stenberg wrote: >>>> 1) Can we assume secure L2 and/or appropriate device >>>> configuration by the manufacturer/ISP(/user)? (This is what I >>>> can assume in my own home.) >>> I'm not sure I fully understand this question, but certainly >>> there a vast numbers of insecure home 802.11 setups. This is >>> less prevalent than it was a few years ago, but it seems like a >>> dangerous assumption if homenet-compliant kit is mixed in with >>> older stuff such as wireless hubs that are open by default. >> From my point of view, if you’re exposing part of your home network via >> insecure wireless, only way to secure it would be to run mandatory crypto >> over it both to hosts and routers. I’m not sure this is really feasible >> either. Just securing router-router traffic (or parts of it) does not bring >> significant benefit from my point of view unless you also authenticate hosts >> in such a case. > All true (as are the subsequent comments by Acee and Michael). > But the fact remains that we can't assume L2 is secure in the > normal case, which is a much worse situation than we traditionally > assumed for wired networks.
Ok, so your stance is that we can’t assume secure L2, but neither can we do anything useful without fully encrypted traffic. As fully encrypted traffic is not an option (computational overhead, not-so-littleconf on routers and probably impossible on current hosts), what, exactly, do you propose then? Not deploy routed home networks at all until we can assume L2 security? Cheers, -Markus _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
