Re: [homenet] Stephen Farrell's No Objection on draft-ietf-homenet-hncp-10: (with COMMENT)
I had a peek at the diff and it's all good from my POV. Isn't it amazing how you can look at a document for ages and ages and not just see stuff like the hkdf thing? I do it all the time;-( S. On 04/12/15 21:53, Markus Stenberg wrote: >> On 4.12.2015, at 18.51, Stephen Farrell wrote: >> Thanks for addressing my discuss about the options for >> using DTLS. Sorry for being slow with this ballot update. >> >> The comments below are old, I didn't check if you've >> made related changes. Happy to chat about that if you >> want, (or not if you prefer not:-) >> >> - I agree with Kathleen's discuss that the implementation >> requirements for DTLS need to be clarified, hopefully (from my >> POV) to make that MTI but I'll leave that discussion to the >> other thread. > > We did some text clarification on this I believe in -10. > >> -Section 9: You should refer to HKDF and not HMAC-SHA256 though >> the reference to RFC 6234 is still right. HMAC-SHA256 itself >> is not a key derivation function, which is what you want here. > > Fixed in -10 (really sad failure on my part :-p) > >> - Please take a look at the secdir review [1] and respond to >> that as it raises one issue not (I think) otherwise mentioned. >> What is the effect (on a home) of one compromised hncp router? >> Perhaps you'll say that's obvious, or perhaps not, but I'm >> interested in what you do say, in case it's not obvious:-) > > There's text about that in the security considerations, I believe. (Pointer > in the -09 DISCUSS thread IIRC). > > Cheers, > > -Markus > ___ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] Stephen Farrell's No Objection on draft-ietf-homenet-hncp-10: (with COMMENT)
> On 4.12.2015, at 18.51, Stephen Farrell wrote: > Thanks for addressing my discuss about the options for > using DTLS. Sorry for being slow with this ballot update. > > The comments below are old, I didn't check if you've > made related changes. Happy to chat about that if you > want, (or not if you prefer not:-) > > - I agree with Kathleen's discuss that the implementation > requirements for DTLS need to be clarified, hopefully (from my > POV) to make that MTI but I'll leave that discussion to the > other thread. We did some text clarification on this I believe in -10. > -Section 9: You should refer to HKDF and not HMAC-SHA256 though > the reference to RFC 6234 is still right. HMAC-SHA256 itself > is not a key derivation function, which is what you want here. Fixed in -10 (really sad failure on my part :-p) > - Please take a look at the secdir review [1] and respond to > that as it raises one issue not (I think) otherwise mentioned. > What is the effect (on a home) of one compromised hncp router? > Perhaps you'll say that's obvious, or perhaps not, but I'm > interested in what you do say, in case it's not obvious:-) There's text about that in the security considerations, I believe. (Pointer in the -09 DISCUSS thread IIRC). Cheers, -Markus ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
[homenet] Stephen Farrell's No Objection on draft-ietf-homenet-hncp-10: (with COMMENT)
Stephen Farrell has entered the following ballot position for draft-ietf-homenet-hncp-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-homenet-hncp/ -- COMMENT: -- Thanks for addressing my discuss about the options for using DTLS. Sorry for being slow with this ballot update. The comments below are old, I didn't check if you've made related changes. Happy to chat about that if you want, (or not if you prefer not:-) - I agree with Kathleen's discuss that the implementation requirements for DTLS need to be clarified, hopefully (from my POV) to make that MTI but I'll leave that discussion to the other thread. -Section 9: You should refer to HKDF and not HMAC-SHA256 though the reference to RFC 6234 is still right. HMAC-SHA256 itself is not a key derivation function, which is what you want here. - Please take a look at the secdir review [1] and respond to that as it raises one issue not (I think) otherwise mentioned. What is the effect (on a home) of one compromised hncp router? Perhaps you'll say that's obvious, or perhaps not, but I'm interested in what you do say, in case it's not obvious:-) [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06098.html ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet