On March 12, 2014 at 6:41:55 AM, Martin Sustrik (sustrik@xxxxxxxxxx) wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Alex, Very good analysis. It nicely demonstrates the point that building security on SP level is a non-trivial problem. Agreed. In many respects parallel to the problems faced with IPsec, etc. Defining your threats is key. It may be that we have to step back an look at the problem from 10,000 feet perspective: What is a topology? An interconnected cloud of clients. What does security mean is such environment? Declining unauthorised people to access the topology? Something more fine-grained? Etc. I think the transport-layer security stuff some of us (me?) have been talking about is targetted primarily at protecting the fabric/topology, or at least some parts of it. That is unauthorized parties ought neither to be able to see the content of exchanges nor to be able to inject messages of their own. Nothing I’m proposing tries to hide the identities of the parties who are talking. I’ve also proposed that for some classes of applications, the work we’d have done to secure access to the fabric could be extended to provide knowledge to applications about the participants, to be used for application specific purposes (authorization checks). Its not clear that it would be easy to make this work in the face of all the patterns we’d wish it to — particularly those where there is a device or other party in the middle, but I think there are is a rather large set of applications where it *would* be useful. (I suspect that deployments involving devices are less common than those without. But I have no market analysis to support that guess.) Anyway, I think it’s probably time to stop talking about all this, and show some code. I need some more time, but its coming. :-) - Garrett