On 20/09/2014 08:05, Michael Thomas wrote: > > On 9/19/14, 12:38 PM, Ted Lemon wrote: >> On Sep 19, 2014, at 1:22 PM, Mark Baugher <m...@mbaugher.com> wrote: >>> AFAICT, we've been discussing key format or DLTS vs IPsec. That >>> discussion presumes that you have some way for a CPE from ISP-a to >>> securely accept HNCP from ISP-b, or the user's new AP/router, and so >>> forth. How does that happen? >> Michael Richardson had some suggestions back on the 17th. There's >> definitely been more talk of keys than mechanisms since then, but that >> is precisely why I said what I did about the HNCP key discussion. >> > > I think the larger implication is that if HNCP has implications of > needing to deal with > multiple different trust boundaries and how they interact, asking > whether we need "IPsec > or DTLS and then are we done?" is profoundly premature. A home network > is a vulnerable > and very complicated environment even today, and adding a lot more > functionality without > plumbing the depths of the security implications will only make a bad > situation much worse.
I agree. I think there are a number of steps to consider, and how to secure an individual point-to-point communication is late in the list. Even without a threat analysis, I can see: 1. Establish the boundary (and Tim's recent power-line story underlines that this isn't trivial). 2. Establish the trust anchor (you're bound to need one). 3. Establish (trusted identity + public key) for every device. 4. Authorise each device for selected roles. 5. Distribute public keys accordingly. Do that, and it becomes a relatively minor point which crypto protocol you choose. Brian _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
