Ted Lemon <mel...@fugue.com> wrote: >> If, OTOH, you can say that you would in fact also require origin >> authentication, then that is also of interest. (It'd mean that your >> use case could not be met by the initially chartered work for DICE, >> and that factoid could be helpful in figuring out how to handle the >> DICE work.)
> I think we definitely need origin authentication, but I am skeptical > that we need multicast TLS. I guess if we had it it might work, > though. But I'm not convinced it's the right model. So I'd hate to > have you guys go off and invent something cool that winds up not > matching the eventual design. I think that it useful if we have a simple way to authenticate the multicast'ed communication, but I think it is acceptable to form point to point (unicast) security associations to get the origin authentication. The communication might go like: MULTICAST DrNick: HEY EVERYBODY, I got a new PREFIX to share! UNICAST Homer to DrNick: mmmm... PREFIXES.. can I have some? UNICAST DrNick to Homer: sure, not a problem! [If that sounds like DHCPv6....] -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
pgpUR0d2GQ6wI.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet