Mark Townsley <m...@townsley.net> wrote: > Without declaring consensus on how far we should go scope-wise in terms > of overall homenet security just yet, I'd like to know if, in terms of > HNCP itself from a bits-on-the-wire protocol perspective, can we adopt > this proposal proposal from Mikael? If yes, please say so. If no, > please say why not (and even better if you can propose text that would > alleviate your concern).
It is essentially identical to what I am proposing. I would motify slightly: 1) the I in "PKI" is inappropriate. 2) not-yet-secure nodes should be able to listen to secured traffic. > Mikael Abrahamsson wrote: >> So my proposal is that we make HNCP capable of using several methods, >>one is unsecure, one is secure by means of a shared secret, and then add >>other optional methods using PKI that would enable the above mentioned >>"accept each device manually" more secure way. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
pgpq4E2ll1EUv.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet