On Fri, 19 Sep 2014, Mark Townsley wrote:
My own experience attempting to use IPsec as an add-on security solution
(a.k.a. "pixie dust) for a protocol isn't all that positive. We tried
that with L2TP, and in the process failed to kill off PPTP on windows
clients. I can't tell you how many time
On Sep 23, 2014, at 7:57 PM, Douglas Otis wrote:
> Actually, it is better to assume there is a long list of vulnerable home
> routers being p0wned by entities beyond their ISP.
This is to some extent true, but not something we can really address in homenet.
_
On Sep 23, 2014, at 3:39 PM, Michael Thomas wrote:
>
> On 9/23/14, 1:07 PM, Michael Richardson wrote:
>> Michael Thomas wrote:
>> >> 2) ISP-provided router has to be willing to trust retail purchased
>> router,
>> >> or nothing works.
>>
>> > So what about the other way around? T
On 9/23/14, 1:07 PM, Michael Richardson wrote:
Michael Thomas wrote:
>> 2) ISP-provided router has to be willing to trust retail purchased
router,
>> or nothing works.
> So what about the other way around? To what degrees should my homenet
trust
> ISP-maintained CPE?
Tha
Late, but:
I have read draft-pfister-homenet-prefix-assignment. Adopt it.
I thought I read it before, but maybe not. It all seems familiar, but what's
with all the IPv4 stuff? I guess we are doing an IPv4 thing, because we can,
and it's useful to be able to turn off detect that have multiple p
Michael Thomas wrote:
>> 2) ISP-provided router has to be willing to trust retail purchased
router,
>> or nothing works.
> So what about the other way around? To what degrees should my homenet
trust
> ISP-maintained CPE?
That's up to you. Seriously.
Your ISP-maintained CPE to
STARK, BARBARA H wrote:
> If the concern is with a man-in-the-middle attack on HNCP messages,
> then point-to-point security, using encryption with any key that the 2
The concern is man-in-the-middle "attacks" on HNCP messages by an outsider,
not another member of the household. Or, mor
On 9/23/14, 10:59 AM, Michael Richardson wrote:
2) ISP-provided router has to be willing to trust retail purchased router,
or nothing works.
So what about the other way around? To what degrees should my homenet trust
ISP-maintained CPE?
Or more succinctly, what are the things the ISP and
Randy Turner wrote:
> Are we assuming that the home router is purchased retail, and not
> "fulfilled" or provided by an ISP? The method to establish trust
> relationships would hinge on the answer
1) if there only one home router from the ISP, then there is no problem.
2) ISP-provide
> >> I further suggest that if two routers have wireless that they might
> well
> >> have a WPA2/PSK available to them, and that they can and SHOULD use
> something
> >> derived from that key to authenticate each other. Could be over IKEv2,
> yes.
>
> > I _think_ we have to assu
On Sep 23, 2014, at 1:23 PM, Michael Richardson wrote:
> With respect, if you leave the trust scheme out of scope, what you are
> really doing is leaving all of the security out of scope, because it won't be
> deployable.
+1
___
homenet mailing list
h
Steven Barth wrote:
>> And it's extremely unlikely that
>> DTLS will be a one-sentence "solution" even if it gets adopted because
>> DTLS, IPsec, etc say nothing
>> about enrollment and authorization. Those are by far the hard problems
with
>> homenent security.
> I woul
Mark Townsley wrote:
> My own experience attempting to use IPsec as an add-on security
> solution (a.k.a. "pixie dust) for a protocol isn't all that
> positive. We tried that with L2TP, and in the process failed to kill
> off PPTP on windows clients. I can't tell you how many time
Markus Stenberg wrote:
markus> 1) Can we assume secure L2 and/or appropriate device
markus> configuration by the manufacturer/ISP(/user)? (This is what I can
markus> assume in my own home.)
>> I think that we can assume that wired links are secure.
>> The only time we care if
14 matches
Mail list logo