+1
And if the goal is just to identify the boundaries, I don't think that
passphrases and encryption are the right way to go about that. But to be
honest, I'm sort of fuzzy as to what the goals really are.
Barbara
An IGP in a homenet setting needs crypto security no more than DHCP, ND
or m
In my experience, there is no single mechanism for establishing what is
alternatively called 'pairing,' 'introduction,' 'enrollment,' on in the case
of the WiFi Protected Setup a 'mental model.' The techniques have been called
"ceremonies" by Carl Ellison and Jesse Walker, and they serve as a
Not necessarily. It could centralized, it could be distributed or
collaborative. Generally most edge networks have an access policy; it is
rare to find a true open access network these days. If there is a
network access policy, a single node generally has to act as
authenticator for the purpose
On Nov 28, 2011, at 3:49 AM, Lorenzo Colitti wrote:
> On Fri, Nov 25, 2011 at 17:43, Mark Townsley wrote:
> Before we decide that we must have an IGP, that it must be cryptographically
> secured, and that we have to tackle key distribution for it, I'd like to take
> a step or two back from the
On Fri, Nov 25, 2011 at 17:43, Mark Townsley wrote:
> Before we decide that we must have an IGP, that it must be
> cryptographically secured, and that we have to tackle key distribution for
> it, I'd like to take a step or two back from the routing protocol part of
> the equation.
>
I'm not sayi
On Nov 26, 2011, at 4:52 AM, Robert Cragie wrote:
> Network access control can set up secure channels to deliver keying
> information.
It sounds like you're talking about some kind of central management
software/protocol here.
___
homenet mailing list
I agree - once we have a threat document, this should one of the security
models on which we map the threats.
Thanks,
Acee
On Nov 26, 2011, at 4:52 AM, Robert Cragie wrote:
> I've been following this thread with interest. Some points (from someone who
> has a particular 802.15.4-based mesh netw
I've been following this thread with interest. Some points (from someone
who has a particular 802.15.4-based mesh networking viewpoint):
* There probably isn't any need to specify cryptographic security for
an IGP on the basis that the packets are link-local and can
therefore be protected
You maybe right about the equivalent key-management scope, however, I believe
any work in the key distribution area applied to the "integrity of routing
updates" would pay off more than expending this effort on the "confidentiality
of routing update" problem. One of the devices we are consider
On Nov 25, 2011, at 8:15 PM, Mark Townsley wrote:
> What's the common case at L2 in homes today?
Stuff that needs to be secure uses SSL. Gateways are trivially pwned by
whatever malware is running on your PC. I don't think we should feel
complacent about this.
__
On Sat, Nov 26, 2011 at 9:53 AM, Hans Liu wrote:
> Mark,
>
>> Actually, I suggested that wired wouldn't need any key handshake. Wireless
>> would, and such handshakes require UI. The UI is the problem if there are
>> two devices that are not used to having any serious UI. I'm not sure I know
>> ho
Mark,
> Actually, I suggested that wired wouldn't need any key handshake. Wireless
> would, and such handshakes require UI. The UI is the problem if there are
> two devices that are not used to having any serious UI. I'm not sure I know
> how to solve that, but I'm not sure it's our problem to sol
On Nov 25, 2011, at 6:28 PM, Ted Lemon wrote:
> On Nov 25, 2011, at 7:30 AM, Randy Turner wrote:
>> I think I agree that confidentiality of routing traffic is probably not an
>> issue for Homenet - however, I do think we should consider integrity of
>> routing traffic - ie, router A should "tru
On Nov 25, 2011, at 6:22 PM, Ted Lemon wrote:
> On Nov 25, 2011, at 3:50 AM, Mark Townsley wrote:
>> In the email I just sent, I'm making an argument for why this is not the
>> case. An IGP in a homenet setting needs crypto security no more than DHCP,
>> ND or mDNS would. It's just another conf
> "Similarly, a wired broadband or 3G/LTE wireless connection to an ISP router
> in the neighborhood has its own authentication and policy enforcement
> happening at L2. "
I'm curious if we want to "assume" a particular type of broadband connection is
in use, or do we want the Homenet solution
On Nov 25, 2011, at 7:30 AM, Randy Turner wrote:
> I think I agree that confidentiality of routing traffic is probably not an
> issue for Homenet - however, I do think we should consider integrity of
> routing traffic - ie, router A should "trust" that route updates from router
> B are correct.
On Nov 25, 2011, at 3:50 AM, Mark Townsley wrote:
> In the email I just sent, I'm making an argument for why this is not the
> case. An IGP in a homenet setting needs crypto security no more than DHCP, ND
> or mDNS would. It's just another configuration protocol within the home.
I liked the ema
I agree. Given that the routing protocols under considerations use IPv6
link-local addresses and are confined to a packet exchanges between routers on
the same link, this model seems appropriate.
Thanks,
Acee
On Nov 25, 2011, at 3:43 AM, Mark Townsley wrote:
>
> Before we decide that we must
ve feeling regarding security
- maybe we need someone to work on a threat analysis and what the implications
could be to the types of applications we anticipate
Randy
Original message
Subject: Re: [homenet] Creating a security association via physical link +
button
From: Mar
On Nov 25, 2011, at 3:42 AM, Ted Lemon wrote:
> On Nov 24, 2011, at 7:46 PM, Lorenzo Colitti wrote:
>> Ok, so it would seem to me that to support that case then we need to either
>> a) support multiple simultaneous keys in the IGP or b) provide a mechanism
>> to tell a number of homenet routers
Before we decide that we must have an IGP, that it must be cryptographically
secured, and that we have to tackle key distribution for it, I'd like to take a
step or two back from the routing protocol part of the equation.
First things first, we have to detect that there is a device present, whe
On Nov 24, 2011, at 7:46 PM, Lorenzo Colitti wrote:
> Ok, so it would seem to me that to support that case then we need to either
> a) support multiple simultaneous keys in the IGP or b) provide a mechanism to
> tell a number of homenet routers that "the key to the IGP is changing". Both
> are n
On Fri, Nov 25, 2011 at 01:27, Ted Lemon wrote:
> If one is a member of a homenet and an ISP connection already, and one has
> a blank config, then you might assume that the one with the blank config
> should join the existing homenet. What if they both have a config on them?
> What if you're ac
On Nov 24, 2011, at 4:44 AM, Lorenzo Colitti wrote:
> If one is a member of a homenet and an ISP connection already, and one has a
> blank config, then you might assume that the one with the blank config
> should join the existing homenet. What if they both have a config on them?
> What if you'
On Tue, Nov 22, 2011 at 23:54, Ted Lemon wrote:
> Yeah, I don't think either device decides that it is the homenet; rather,
> they are regularly dynamically discovering topology, and deciding what to
> do based on whether they are connected to an edge. Possibly both devices
> are connected to a
boxes probably have to hit very
inexpensive price points...easily sub $50 to the NSPs
R.
Original message
Subject: Re: [homenet] Creating a security association via physical link +
button
From: Ted Lemon
To: "Howard, Lee"
CC: "homenet@ietf.org" ,Lor
On Nov 22, 2011, at 5:19 PM, Howard, Lee wrote:
> I don’t want to do mechanical engineering here. And buttons are expensive.
Great, let's just do a USB port then! :)
Seriously, if you make a device cheap enough, it simply won't be able to do
homenet. The question is, how cheap is that?
__
ilto:homenet@ietf.org>
Subject: [homenet] Creating a security association via physical link + button
It would be cool if I could plug in a new router into my homenet, press a
special button on it and on the router I plug it into, and have the new router
download the homenet config (at least the rout
menet] Creating a security association via physical link + button
It would be cool if I could plug in a new router into my homenet, press a
special button on it and on the router I plug it into, and have the new router
download the homenet config (at least the routing protocol key, but maybe
Home routers with a natural WAN interface such as DSL or Docsis are built from
reference designs that "hardwire" the "internet" interface, including any
firewall-like functionality
Randy
Original message ----
Subject: Re: [homenet] Creating a security associati
On Nov 22, 2011, at 7:42 AM, Russ White wrote:
> This is, generally speaking, how current home routers work... And, I
> think, it might be the only way to make a homenet work. The primary key
> beyond this is a device being able to figure out "I'm an edge to the
> outside world."
Yeah, I don't thi
> It would be cool if I could plug in a new router into my homenet, press
> a special button on it and on the router I plug it into, and have the
> new router download the homenet config (at least the routing protocol
> key, but maybe other things like the wifi SSID) from the existing router.
Thi
It would be cool if I could plug in a new router into my homenet, press a
special button on it and on the router I plug it into, and have the new
router download the homenet config (at least the routing protocol key, but
maybe other things like the wifi SSID) from the existing router.
The button w
33 matches
Mail list logo