On Wed, 17 Sep 2014, Michael Thomas wrote:
If we were to do that, it might be nice to have a distributed
database of homenet devices such that I only had to enroll it on one
of my homenet devices, and then it's distributed to the rest.
That is exactly what I tried to propose.
I agree, if we are going to do define some sort of asymmetric crypto
scheme for HNCP, we need to have an automated PKI management. However I
don't think this should be a part of HNCP itself but instead a separate
protocol.
Personally I would probably go with something IPSec-based as main
security mechanism for HNCP for now until we have a clear view of how
that PKI-scheme and the trust-management should look like taken into
account that we have a some special issues here, i.e. how to do
revocation if devices potentially don't have network access / an
accurate clock at the time of authentication.
Also even if we define them I'm not sure as to how much complex
PKI-based crypto-schemes will be actually implemented in practice.
Regards,
Steven
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet