> -----Original Message----- > From: homenet [mailto:homenet-boun...@ietf.org] On Behalf Of Michael > Thomas > Sent: 03 March 2015 18:20 > To: homenet@ietf.org > Subject: Re: [homenet] routing protocol comparison document and hncp > > On 03/03/2015 08:43 AM, Gert Doering wrote: > > Hi, > > > > On Tue, Mar 03, 2015 at 07:31:56AM -0800, Michael Thomas wrote: > >> Considering that provisioning personal certificates is the almost the > >> polar opposite of zeroconf, the chances of the normal schlub seeing > >> an informative and/or trustworthy name are really, really low. > > You might want to entertain you reading > > > > draft-behringer-homenet-trust-bootstrap > > > > which gives a good idea how this could work (the general ideas, maybe > > not the specific implementation). > > > > Of course the normal end user is not going to ever look at or manually > > generate a certificate. > > > > > > I scanned this over (I think I've scanned Max's base doc too, but it's been a > long time), and don't think that the problem at hand has much to do with > needing a CA of any sort. Binding "human" names to cryptographic > identities is fraught with trouble -- and if they're not intended to be human > consumable, they might as well be the fingerprint of a public key. > > The big question i have is whether the non-interactive nature of certs is > being taken advantage of. For example, if I throw my root current CA in the > trash what happens? > > I have a lot of other questions, but I'm not sure whether this is right time > to > go through them.
There are lots of questions which we should discuss. To the above question, easiest case would be that you create a new root CA and re-enrol devices there. Not perfect, but probably acceptable in a homenet, if the enrolment process is easy (which I believe we can make it). Should we set up an informal meeting in Dallas to discuss this? Find a slot that works for most, a quiet corner, and discuss? Michael > Mike > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet