Hiya, On 24/01/18 19:21, Michael Richardson wrote: > > Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > On 24/01/18 15:36, Ted Lemon wrote: > >> Yes, enrollment is the process by which trust is established. Google > >> home has an example, but it's rickety. It's actually not too bad for > >> actual Google devices, but the third party enrollment process could > >> really benefit from some open standards (imho). > > > While I don't disagree with you, I do still wonder if we'd > > not be better off using another term for cases where maybe > > all that are involved are a couple of routers in the home, > > and where there's no external party, such as google in the > > example you give. > > If you are suggesting we should write a clear problem statement with > new-fangled and terminology devoid of historical baggage, and then argue > about that for 6-10 months... well... we could start that now :-)
You are entirely correct that I'm not suggesting that:-) > Two routers exchanging some keys on a TOFU basis might qualify as (mutual) > enrollment, as the keys are stored someplace for the "second use". Sure. OTOH, using the term enrollment I think might confuse folks and perhaps the discussion as there's quite a bit of (mostly PKI;-) baggage associated with that term, for me anyway. Aside from terminology the main thing is the distinction between situations that do, or do not, involve a party external to the homenet, which makes a very big difference. Cheers, S. > > Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > Without a chair hat on, I'm not sure that some of those > > other bits of work need to be fully finished - if we know > > what kind of keying that'll be used in the final results, > > we could make some progress, but I do agree we'd need to > > the reason I said that things should be finished, is because I believe that a > 3/4 year problem statement discussion will distract the WG from actually > finishing that existing work > > -- > Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > -- PGP key change time for me. New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018. NewWithOld sigs in keyservers. Sorry if that mucks something up;-)
0x7B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet