IETF Logo Mail Archive

Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?

Michael Thomas <mike@mtcc.com> Fri, 15 March 2013 18:49 UTC

Return-Path: <mike@mtcc.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A361A21F86CE for <homenet@ietfa.amsl.com>; Fri, 15 Mar 2013 11:49:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.335
X-Spam-Level:
X-Spam-Status: No, score=-2.335 tagged_above=-999 required=5 tests=[AWL=0.264, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZ5LqBjuBjl1 for <homenet@ietfa.amsl.com>; Fri, 15 Mar 2013 11:49:47 -0700 (PDT)
Received: from mtcc.com (mtcc.com [IPv6:2001:5a8:4:9fe0:224:8cff:feaa:6d9b]) by ietfa.amsl.com (Postfix) with ESMTP id A20C421F86C4 for <homenet@ietf.org>; Fri, 15 Mar 2013 11:49:47 -0700 (PDT)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id r2FIncCq000589 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 15 Mar 2013 11:49:39 -0700
Message-ID: <51436D42.9070900@mtcc.com>
Date: Fri, 15 Mar 2013 11:49:38 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: robert.cragie@gridmerge.com
References: <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED6C6@xmb-rcd-x14.cisco.com> <5141F140.2070508@mtcc.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED79F@xmb-rcd-x14.cisco.com> <5142444E.10105@mtcc.com> <51430047.2020005@gridmerge.com>
In-Reply-To: <51430047.2020005@gridmerge.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1452; t=1363373379; x=1364237379; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[homenet]=20Next=20steps=20for=20draft- behringer-homenet-trust-bootstrap? |Sender:=20 |To:=20robert.cragie@gridmerge.com |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=MD3u/l4CbxER9Eowc9s2PDiYuWEij0Ut/+njKywxnOA=; b=WDxGArLoWpichItem7OgmQhPqW5hxZnf3sdcsapcbcDvp6oMwjUVvfLxhn gs02rC6klBo/aPRQtNUkN1+Nq+d1Y0EQF5nX52RXVKNZdATtU10DIM6lYMZq R8dodonVeQvLa/wEEKAdcoCrO00RmGiu08dHdY91pdP5P9OEkfIgk=;
Authentication-Results: mtcc.com; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; ); dkim-asp=pass header.From=mike@mtcc.com
Cc: homenet@ietf.org
Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 18:49:48 -0000

On 03/15/2013 04:04 AM, Robert Cragie wrote:
>
> On 14/03/2013 9:42 PM, Michael Thomas wrote:
>> On 03/14/2013 10:03 AM, Michael Behringer (mbehring) wrote:
>>>> From: Michael Thomas [mailto:mike@mtcc.com]
>>> [...]
>>>> In today's world access control is gated at L2 via wpa or similar. Are you
>>>> suggesting that we have a L3 equivalent? In addition? In replacement?
>>> We need a solution to this problem. I think this is the first important thing to note, and so far it isn't noted (or I missed it). Which solution is open for discussion.
>>>
>>> Can we agree thus far?
>>
>> Well, it seems to me that we have a solution today at L2, at
>> least for wireless which is the most pressing need. Am I missing
>> something? Or are talking about remote access into your homenet?
> L2 access is fine if the authenticator is one hop away. It won't work otherwise. We had this issue with mesh networks using RPL where authentication needs to be relayed through the existing network to the authenticator and access control is performed by RPL routers on the boundary of the network. We solved it using the PANA relay function (RFC 6345). I also have some ideas for more complex network admission using multiple authenticators in a mesh network which could apply here. I will try and get the ideas down in a digestible form.

So I guess where this is going is "should AAA be a part of the homenet
architecture". Yes? (fsvo: AAA).

Mike

v2.23.0 | Report a Bug | By Email