On 9/19/14, 12:38 PM, Ted Lemon wrote:
On Sep 19, 2014, at 1:22 PM, Mark Baugher <m...@mbaugher.com> wrote:
AFAICT, we've been discussing key format or DLTS vs IPsec. That discussion
presumes that you have some way for a CPE from ISP-a to securely accept HNCP
from ISP-b, or the user's new AP/router, and so forth. How does that happen?
Michael Richardson had some suggestions back on the 17th. There's definitely
been more talk of keys than mechanisms since then, but that is precisely why I
said what I did about the HNCP key discussion.
I think the larger implication is that if HNCP has implications of
needing to deal with
multiple different trust boundaries and how they interact, asking
whether we need "IPsec
or DTLS and then are we done?" is profoundly premature. A home network
is a vulnerable
and very complicated environment even today, and adding a lot more
functionality without
plumbing the depths of the security implications will only make a bad
situation much worse.
Mike
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet