Re: [homenet] Securing HNCP - comments?

2014-06-30 Thread Ray Hunter
Markus Stenberg 30 June 2014 09:31 On 28.6.2014, at 10.43, Ray Hunter wrote: How could [4] be prevented then? In ascending order of complexity.. [S4-1] Manual configuration of categories overriding automated border discovery. Defining either in the actual router

Re: [homenet] Securing HNCP - comments?

2014-06-30 Thread Michael Richardson
Juliusz Chroboczek wrote: >> just use e.g. IPsec with manual keying > Vulnerable to replay if done naively. Not sure about the configuration > protocol, but definitely an issue for a routing protocol -- just capture > a default route announcement with a low metric, and you've wo

Re: [homenet] Securing HNCP - comments?

2014-06-30 Thread Juliusz Chroboczek
>> Powerline Ethernet devices have built in encryption, > Same thing with WPA* too of course. So I’m very tempted to assume L2 > takes care of security.. ;) Guest networks? However, I think it is premature to define a secure variant of HNCP before we have some operational experience with the pro

Re: [homenet] Securing HNCP - comments?

2014-06-30 Thread Markus Stenberg
On 28.6.2014, at 10.43, Ray Hunter wrote: >> How could [4] be prevented then? In ascending order of complexity.. >> >> [S4-1] Manual configuration of categories overriding automated border >> discovery. Defining either in the actual router product, or via >> configuration which interfaces to ta

Re: [homenet] Securing HNCP - comments?

2014-06-28 Thread Ray Hunter
inline Markus Stenberg wrote: (This could have been a draft too, but I’m starting my vacation soon and I don’t want to post any more of those. Sorry.-Markus) Current HNCP draft specifies security very vaguely, as it was originally based on just some napkin thoughts last year on ‘it would be n

Re: [homenet] Securing HNCP - comments?

2014-06-26 Thread Dave Taht
I have been watching this draft evolve now for a while, on authenticated routing exchanges. Perhaps it would provide some insight on 3 and 4 below. http://tools.ietf.org/html/draft-ovsienko-babel-hmac-authentication-09 running code (in quagga, only, at present). On Thu, Jun 26, 2014 at 11:34 PM,

[homenet] Securing HNCP - comments?

2014-06-26 Thread Markus Stenberg
(This could have been a draft too, but I’m starting my vacation soon and I don’t want to post any more of those. Sorry.-Markus) Current HNCP draft specifies security very vaguely, as it was originally based on just some napkin thoughts last year on ‘it would be nice to have authenticated TLVs’.