On 10/05/2014 05:09 PM, Stephen Farrell wrote:
Hiya,
On 05/10/14 22:55, Brian E Carpenter wrote:
So, in my opinion, model #1 (a shared secret known to every device)
is pretty weak. It might be acceptable for a small home network
with a very careful human owner, but not beyond that limit. This is exactly
the kind of shared secret that people will write down and lose along with
their wallet, or simply throw out in their household garbage.
IMHO, for a network of any size or complexity, we need model #2.
Its not a question that needs to be answered now, but I don't see
how model #2 is consistent with the open-source model of doing
stuff. (I'm being intentionally vague there as many devices are
sort-of developed in an open-source manner.)
If there were a way to base things on a PKI for manufacturers that
worked for open-source communities that'd be really good, but I
don't think I've seen such a thing proposed so far.
I'm also very very unsure how model#2 might work in the face of
equipment being end-of-lifed by very small companies or what
happens after a teeny-tiny manufacturer goes bust.
Were the anima (or homenet) WG to try address those questions,
I think that'd be great. (And to repeat, I'm not looking for answers
right now, but just to see that a WG will commit to tackle this.)
Are you reading into Brian's message a big P PKI (ie, CA's, etc) for #2?
I didn't read it that way.
Mike, confused
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
