On 03/02/2015 01:21 PM, Brian E Carpenter wrote:
On 03/03/2015 09:12, Michael Thomas wrote:
I'm doubtful that routing protocols need PSK's. They almost certainly
would like to share a symmetric key(s) but
is not the same thing.
But they need to agree on the shared key(s) securely, and the only way
I know how to do that zero-touch is by starting with asymmetric keys
and certificates.
s/and certificates//
Well, I want certificates, because I don't believe someone who
says "Hi, I'm your friendly homenet router and here's my public
key."
so you're mollified if somebody's cert says "hi i'm
1232345245213452345...@lkajsdlfjasdfds.clasjdflakjsdfk.ladsjflakjsfdls.xxx"
instead?
the possession of a cert does nothing in and of itself to make an
enrollment decision.
Mike
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet