On 06/10/2014 13:15, Michael Thomas wrote: > On 10/05/2014 05:09 PM, Stephen Farrell wrote: >> Hiya, >> >> On 05/10/14 22:55, Brian E Carpenter wrote: >>> So, in my opinion, model #1 (a shared secret known to every device) >>> is pretty weak. It might be acceptable for a small home network >>> with a very careful human owner, but not beyond that limit. This is >>> exactly >>> the kind of shared secret that people will write down and lose along >>> with >>> their wallet, or simply throw out in their household garbage. >>> IMHO, for a network of any size or complexity, we need model #2. >> Its not a question that needs to be answered now, but I don't see >> how model #2 is consistent with the open-source model of doing >> stuff. (I'm being intentionally vague there as many devices are >> sort-of developed in an open-source manner.) >> >> If there were a way to base things on a PKI for manufacturers that >> worked for open-source communities that'd be really good, but I >> don't think I've seen such a thing proposed so far. >> >> I'm also very very unsure how model#2 might work in the face of >> equipment being end-of-lifed by very small companies or what >> happens after a teeny-tiny manufacturer goes bust. >> >> Were the anima (or homenet) WG to try address those questions, >> I think that'd be great. (And to repeat, I'm not looking for answers >> right now, but just to see that a WG will commit to tackle this.) >> >> > > Are you reading into Brian's message a big P PKI (ie, CA's, etc) for #2? > I didn't read it that way.
That is a correct non-reading ;-). I think the assumption is that there would be a local trust anchor of some kind which would be somewhat equivalent to a local CA. That's why the word 'bootstrap' figures in draft-pritikin-. Brian _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet