Mark Townsley <m...@townsley.net> wrote:
> Without declaring consensus on how far we should go scope-wise in terms
> of overall homenet security just yet, I'd like to know if, in terms of
> HNCP itself from a bits-on-the-wire protocol perspective, can we adopt
> this proposal proposal from Mikael? If yes, please say so. If no,
> please say why not (and even better if you can propose text that would
> alleviate your concern).
It is essentially identical to what I am proposing.
I would motify slightly:
1) the I in "PKI" is inappropriate.
2) not-yet-secure nodes should be able to listen to secured traffic.
> Mikael Abrahamsson wrote:
>> So my proposal is that we make HNCP capable of using several methods,
>>one is unsecure, one is secure by means of a shared secret, and then add
>>other optional methods using PKI that would enable the above mentioned
>>"accept each device manually" more secure way.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgpq4E2ll1EUv.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
