Steven Barth <cy...@openwrt.org> wrote: >> And it's extremely unlikely that >> DTLS will be a one-sentence "solution" even if it gets adopted because >> DTLS, IPsec, etc say nothing >> about enrollment and authorization. Those are by far the hard problems with >> homenent security.
> I wouldn't really want to lock HNCP to any trust scheme at this point where > we are not even sure what we want. I'd rather choose the underlying > mechanism, either DTLS or IPsec/IKE and leave the rest out-of-scope. Maybe > mention PSK-usage as baseline option and say various other certificate-based > approached are possible but out-of-scope of the HNCP draft itself. With respect, if you leave the trust scheme out of scope, what you are really doing is leaving all of the security out of scope, because it won't be deployable. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
pgpf_Imlo3UTo.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet