On Sep 19, 2014, at 3:25 AM, Ted Lemon <mel...@fugue.com> wrote: > On Sep 18, 2014, at 6:46 PM, Mark Baugher <m...@mbaugher.com> wrote: >> The retail model works here. I can imagine a compliant CPE might allow the >> use to "take ownership" of an interior HNCP interface. That's only if the >> provider of that CPE wanted to be compliant to a future HNCP security >> standard. > > So to be clear, we are now talking about setting up a system where, with > HNCP, routers can be anointed by the manufacturer in a registry that ordinary > folks wouldn't have access to.
No, that's the exact opposite of what I think. It's what I meant to write as "...allow the use[r] to take ownership of the interior HNCP interface. > To put it as mildly as possible, I do not support this suggestion: I want > home routers to be under the control of the user, not the manufacturer. How could it be otherwise? If you have two service providers in a household, how would one take authority over the other? And what does the manufacturer have to do with it? There might be a device from a third or a other provider/authority in the household. For that reason, it is not realistic to define layer 4 or layer 3 security bindings and then "punt" on authorization. Unlike enterprise or public networks, there is no single authority with an IT department to insert pre-shared keys in the devices or set up a CA. My suggestion is to start with authorization, because there are potentially multiple owners of the routers, and there needs to be some means for the owner/user of the network to "Take Ownership," which is a term used by Walker and Ellison in their home network security work. This has all be designed and implemented before. Mark > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet