On 2.3.2015, at 15.00, Juliusz Chroboczek <j...@pps.univ-paris-diderot.fr> wrote: >> One thing that has been mentioned to me is that IS-IS could be used >> (with proper TLV additions) to completely replace HNCP, if IS-IS were >> used as the homenet protocol. > I see that you've been speaking with Abrahamsson. Please let me give you > some background. > > Two years ago, there was a very animated discussion about whether the > configuration protocol and the routing protocol should be separate or not. > After a lot of energy was spent on the issue, Markus designed HNCP, which > went through a few iterations. The chairs judged that WG consensus was > achieved, and the configuration protocol is now separate from the routing > protocol. > > Since achieving consensus on this was a lot of work, some of us are > somewhat annoyed at Mikael bringing this argument back from the dead at > every opportunity.
Funny part is, the argument has changed substantially since. Originally I considered HNCP security to be strictly optional, but as there was push-back to have built-in security, I added it in. And now it is essentially more littleconf’able than any routing protocol security scheme I have ever met before. The current draft specifies only PSK based security; do you really want to bootstrap your home security either with well-known ‘IamGoodguy’ password, or perhaps by logging in to every router to do magic things? No, me neither. I am looking forward to hearing some of some relatively dynamic security protocol (think IKE, or TLS handshake) that runs on top of CLNP though that we can hook in to IS-IS. The current draft’s ’security’ requirements for (stand-alone) use of either routing protocol’s own security framework are inadequate to what the group has been discussing here (among other places) over the last year. Cheers, -Markus _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
