I agree with this direction. This will also let the work HCNP and Security Threats/Requirements to go on in parallel. Of course, HCNP security may need to be revisited once the latter is agreed upon. Thanks, Acee
On 9/21/14, 3:22 PM, "Mark Baugher" <m...@mbaugher.com> wrote: > >On Sep 20, 2014, at 12:57 AM, Steven Barth <cy...@openwrt.org> wrote: > >> >> Am 20.09.2014 um 09:17 schrieb Tim Chown: >>> I think it would be useful to do, and needn't hold up progress. It >>>would give us a common understanding - hopefully - of which threats are >>>being covered and which are not. And which are handled by >>>layers/protocols outside the scope of homenet's charter. >> We started a similar thread about 3 months ago here: >>http://www.ietf.org/mail-archive/web/homenet/current/msg03694.html maybe >>this can be used as a starting point. > >It would be good to limit the scope of HNCP security (the subject of this >thread) and consider IETF homenet security in a companion specification >that addresses the two differentiators of homenets: Multiple authorities >and absence of active management complicate authorization. These >differentiators mean there's a different set of problems for >authorization than what we ordinarily have in IETF protocols. So HNCP >might punt the authorization issue like IETF protocols typically do, e.g. >assume in the worst case that an authorized person installs a shared key. > But this is not a reasonable assumption in homenets, however, owing to >the differences of homenets from enterprise, government, military and >other environments where there typically is a single authority and active >management of the network. Thus, authorization is an unavoidable topic >for Homenet, but the HNCP draft is probably not the place for that. > >What I'm suggesting is more than a threats or requirements document. > >Mark > >> >> >> Cheers, >> >> Steven >> >> _______________________________________________ >> homenet mailing list >> homenet@ietf.org >> https://www.ietf.org/mailman/listinfo/homenet >> > >_______________________________________________ >homenet mailing list >homenet@ietf.org >https://www.ietf.org/mailman/listinfo/homenet _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet