Steven Barth <cy...@openwrt.org> wrote:
>> And it's extremely unlikely that
>> DTLS will be a one-sentence "solution" even if it gets adopted because
>> DTLS, IPsec, etc say nothing
>> about enrollment and authorization. Those are by far the hard problems
with
>> homenent security.
> I wouldn't really want to lock HNCP to any trust scheme at this point
where
> we are not even sure what we want. I'd rather choose the underlying
> mechanism, either DTLS or IPsec/IKE and leave the rest out-of-scope. Maybe
> mention PSK-usage as baseline option and say various other
certificate-based
> approached are possible but out-of-scope of the HNCP draft itself.
With respect, if you leave the trust scheme out of scope, what you are
really doing is leaving all of the security out of scope, because it won't be
deployable.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgpf_Imlo3UTo.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
