IETF Logo Mail Archive

Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?

Robert Cragie <robert.cragie@gridmerge.com> Fri, 15 March 2013 11:04 UTC

Return-Path: <robert.cragie@gridmerge.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B60F721F8D26 for <homenet@ietfa.amsl.com>; Fri, 15 Mar 2013 04:04:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7LcnkfGjP-fr for <homenet@ietfa.amsl.com>; Fri, 15 Mar 2013 04:04:27 -0700 (PDT)
Received: from mail41.extendcp.co.uk (mail41.extendcp.co.uk [79.170.44.41]) by ietfa.amsl.com (Postfix) with ESMTP id 219FD21F8D0A for <homenet@ietf.org>; Fri, 15 Mar 2013 04:04:27 -0700 (PDT)
Received: from host86-151-9-162.range86-151.btcentralplus.com ([86.151.9.162] helo=[192.168.0.2]) by mail41.extendcp.com with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) id 1UGSQy-0007yA-LQ for homenet@ietf.org; Fri, 15 Mar 2013 11:04:24 +0000
Message-ID: <51430047.2020005@gridmerge.com>
Date: Fri, 15 Mar 2013 11:04:39 +0000
From: Robert Cragie <robert.cragie@gridmerge.com>
Organization: Gridmerge Ltd.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: homenet@ietf.org
References: <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED6C6@xmb-rcd-x14.cisco.com> <5141F140.2070508@mtcc.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED79F@xmb-rcd-x14.cisco.com> <5142444E.10105@mtcc.com>
In-Reply-To: <5142444E.10105@mtcc.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms050008020704060908000402"
X-Authenticated-As: robert.cragie@gridmerge.com
Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert.cragie@gridmerge.com
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 11:04:28 -0000

On 14/03/2013 9:42 PM, Michael Thomas wrote:
> On 03/14/2013 10:03 AM, Michael Behringer (mbehring) wrote:
>>> From: Michael Thomas [mailto:mike@mtcc.com]
>> [...]
>>> In today's world access control is gated at L2 via wpa or similar. 
>>> Are you
>>> suggesting that we have a L3 equivalent? In addition? In replacement?
>> We need a solution to this problem. I think this is the first 
>> important thing to note, and so far it isn't noted (or I missed it). 
>> Which solution is open for discussion.
>>
>> Can we agree thus far?
>
> Well, it seems to me that we have a solution today at L2, at
> least for wireless which is the most pressing need. Am I missing
> something? Or are talking about remote access into your homenet?
L2 access is fine if the authenticator is one hop away. It won't work 
otherwise. We had this issue with mesh networks using RPL where 
authentication needs to be relayed through the existing network to the 
authenticator and access control is performed by RPL routers on the 
boundary of the network. We solved it using the PANA relay function (RFC 
6345). I also have some ideas for more complex network admission using 
multiple authenticators in a mesh network which could apply here. I will 
try and get the ideas down in a digestible form.

Robert

v2.23.0 | Report a Bug | By Email