IETF Logo Mail Archive

Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 16 March 2013 08:00 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69FE721F8B96 for <homenet@ietfa.amsl.com>; Sat, 16 Mar 2013 01:00:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.042
X-Spam-Level:
X-Spam-Status: No, score=-99.042 tagged_above=-999 required=5 tests=[AWL=-0.121, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RCVD_ILLEGAL_IP=1.908, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EJfiCqa06P72 for <homenet@ietfa.amsl.com>; Sat, 16 Mar 2013 01:00:38 -0700 (PDT)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 8FD3021F8B8A for <homenet@ietf.org>; Sat, 16 Mar 2013 01:00:38 -0700 (PDT)
Received: by mail-wi0-f175.google.com with SMTP id l13so1161779wie.14 for <homenet@ietf.org>; Sat, 16 Mar 2013 01:00:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:organization:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=6hNPSr5aVzwHK+HhEvaUzKDonmAkdQSeO2QdutpWrkk=; b=d2JQoZPBTOwlJgWPJQTYFvpr6jbfnEH5cDQOUSYn//JyhI4wdOkToakpCbkY8HFHNL +6I2zuXxr7LM0r9M5ez9q8XhxDVbAdOacSmMdwfNK/y88XZaAgK6e8AhNajuLHHZeLRR +JskVEXLwMXvNJrdE/cij+ah6INwIiWuk9P+9WVyC6fAqVFRXUtQ2SWWZMPlbtkgkX+S mDgA18xCVqJ3CS9a78isOUMF9Xet7MZzZdf+cD36MXalmtqy6dmqGOxXahnJrEHXI7li TJByq/G5KJXujHwvrlL9x7nqddgPAF9OIuuKHMcVC9VmxU/fasoTbUewxSJPXjMlS2O4 VEIw==
X-Received: by 10.194.172.71 with SMTP id ba7mr15215916wjc.26.1363420837735; Sat, 16 Mar 2013 01:00:37 -0700 (PDT)
Received: from [192.168.1.65] (host-2-101-188-149.as13285.net. [2.101.188.149]) by mx.google.com with ESMTPS id o8sm1958600wix.7.2013.03.16.01.00.35 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 16 Mar 2013 01:00:36 -0700 (PDT)
Message-ID: <514426B4.1050600@gmail.com>
Date: Sat, 16 Mar 2013 08:00:52 +0000
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Michael Thomas <mike@mtcc.com>
References: <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED6C6@xmb-rcd-x14.cisco.com> <5141F140.2070508@mtcc.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED79F@xmb-rcd-x14.cisco.com> <5142444E.10105@mtcc.com> <51430047.2020005@gridmerge.com> <51436D42.9070900@mtcc.com>
In-Reply-To: <51436D42.9070900@mtcc.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: robert.cragie@gridmerge.com, homenet@ietf.org
Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2013 08:00:39 -0000

On 15/03/2013 18:49, Michael Thomas wrote:
> On 03/15/2013 04:04 AM, Robert Cragie wrote:
>>
>> On 14/03/2013 9:42 PM, Michael Thomas wrote:
>>> On 03/14/2013 10:03 AM, Michael Behringer (mbehring) wrote:
>>>>> From: Michael Thomas [mailto:mike@mtcc.com]
>>>> [...]
>>>>> In today's world access control is gated at L2 via wpa or similar.
>>>>> Are you
>>>>> suggesting that we have a L3 equivalent? In addition? In replacement?
>>>> We need a solution to this problem. I think this is the first
>>>> important thing to note, and so far it isn't noted (or I missed it).
>>>> Which solution is open for discussion.
>>>>
>>>> Can we agree thus far?
>>>
>>> Well, it seems to me that we have a solution today at L2, at
>>> least for wireless which is the most pressing need. Am I missing
>>> something? Or are talking about remote access into your homenet?
>> L2 access is fine if the authenticator is one hop away. It won't work
>> otherwise. We had this issue with mesh networks using RPL where
>> authentication needs to be relayed through the existing network to the
>> authenticator and access control is performed by RPL routers on the
>> boundary of the network. We solved it using the PANA relay function
>> (RFC 6345). I also have some ideas for more complex network admission
>> using multiple authenticators in a mesh network which could apply
>> here. I will try and get the ideas down in a digestible form.
> 
> So I guess where this is going is "should AAA be a part of the homenet
> architecture". Yes? (fsvo: AAA).

Yes for Authorisation. It's much less clear to me that (cryptographic)
Authentication is a requirement, and fairly clear to me that Accounting
isn't.

    Brian

v2.23.0 | Report a Bug | By Email