Re: [homenet] [DNSOP] Fwd: New Version Notification for draft-mglt-homenet-dnssec-validator-dhc-options-02.txt

Tue, 22 Oct 2013 13:23:21 -0700 

On 10/22/13 1:08 PM, Ted Lemon wrote:

On Oct 22, 2013, at 4:01 PM, Michael Thomas <[email protected]> wrote:

It's isn't "well known", it's just a group secret. And you certainly could use 
it to make
a leap of faith: ssh does it without a group secret at all, so it's actually 
somewhat better:
I at least know that the thing that I'm doing the leap of faith with has 
knowledge of the
group secret.

It's not a secret if it is shared by more than two hosts.   It is a well known 
token, which is not widely known.   Any device connected to the network can 
pretend to be the server if you allow that token to be used to authenticate the 
server.


Whatever you say. You win.



Ssh has a public/private key pair on the server.   The leap of faith there is based on 
that key pair, not on a "group secret."


If you'd pause a moment from winning, I said that requiring knowledge of the 
group secret
to do the leap of faith is somewhat better than the straight leap of faith that 
ssh uses.

But we're far afield  from my original point: that I'd rather use a server on 
my home
network to get my configuration, rather than trusting some random ISP who I 
happen
to be connected to at any point in time. That doesn't work for roaming, and 
it's questionable
whether it's an especially good idea even when I'm not.


This problem can be solved, but I am strongly opposed to handwaving.   If you 
want to assert that we can have a secure system, even based on a leap of faith, 
I do not disagree with that, but you need to tell me what the system _is_.   
Otherwise the discussion is completely hypothetical, and we can't draw any real 
conclusions at all.

So before the working group has any conversations about technologies that 
depend on a security solution that doesn't yet exist, I would like us to have a 
security solution upon which to base those technologies.   Until we do, 
proposals like this one just sound like security snake oil, and we shouldn't be 
entertaining them.


This is in the context of extant draft not of my making. Are you suggesting 
that we
shouldn't comment on that draft?

Mike
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

























					Reply via email to