Ted Lemon <mel...@fugue.com> wrote:
>> If, OTOH, you can say that you would in fact also require origin
>> authentication, then that is also of interest. (It'd mean that your
>> use case could not be met by the initially chartered work for DICE,
>> and that factoid could be helpful in figuring out how to handle the
>> DICE work.)
> I think we definitely need origin authentication, but I am skeptical
> that we need multicast TLS. I guess if we had it it might work,
> though. But I'm not convinced it's the right model. So I'd hate to
> have you guys go off and invent something cool that winds up not
> matching the eventual design.
I think that it useful if we have a simple way to authenticate the
multicast'ed communication, but I think it is acceptable to form point to
point (unicast) security associations to get the origin authentication.
The communication might go like:
MULTICAST DrNick: HEY EVERYBODY, I got a new PREFIX to share!
UNICAST Homer to DrNick: mmmm... PREFIXES.. can I have some?
UNICAST DrNick to Homer: sure, not a problem!
[If that sounds like DHCPv6....]
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgpUR0d2GQ6wI.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
