Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
On Oct 4, 2014, at 1:24 PM, Acee Lindem (acee) a...@cisco.com wrote: Right - but we still have to agree on the admin or, as you put it, ownership model. At least one of the proposal for autonomic networking is a centralized approach as opposed to configuring a single authentication password on each new device (as one with do with a WiFi network). Doesn't that assume that all network devices, ISP CPEs and retail gateways, use the centralized approach? Has the multi-authority issue been solved yet for autonomic systems? Has it been addressed? I don't know. Mark Acee On 10/3/14, 7:34 PM, Mark Baugher (mbaugher) mbaug...@cisco.com wrote: I voiced the opinion that someone has to own the homenet, as distinct from who might own the CPEs and routers on the homenet. In the same way that some ISP CPEs let the user set the Wi-Fi password, the user or an agent for the use needs to take homenet ownership (or in the case of autonomic devices, transfer ownership). This cannot be done plug and play, there needs to be some ceremony. It's encouraging that the vast majority of users in homes, small offices and small businesses manage to configure their Wi-Fi Protected Access. Some ceremonies work to improve privacy and security. The home network needs to be owned by the home user(s) or agent (could be the ISP or some over-the-top retail solution, etc.). Mark On Oct 3, 2014, at 6:39 AM, Acee Lindem (acee) a...@cisco.com wrote: One thing we need to do in homenet is agree on the network administration model. I believe many of us started with the assumption of plug and play but are now accepting the fact that minimal configuration will be required to vet devices on the homenet. If we can agree on similar network admin models and, as Ted pointed out, requirements on connecting devices, then we be may able to use similar solutions. Acee On 10/2/14, 9:33 PM, Sheng Jiang jiangsh...@huawei.com wrote: I also think ISP networks and enterprise networks are different from home networks. Although many requirements may looks similar, particularly considering the auto operation target, there are many preconditions are different. It could result on different solution though some components may be reusable among these networks. For ANIMA, we should surely study what homenet is working on and identify the differentia. Only after then, we can produce necessary solution with confusing the world. Best regards, Sheng From: homenet [homenet-boun...@ietf.org] on behalf of Toerless Eckert [eck...@cisco.com] Sent: 02 October 2014 22:41 To: Leddy, John Cc: Michael Behringer (mbehring); The IESG; homenet@ietf.org; Stephen Farrell; an...@ietf.org; Ted Lemon Subject: Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK) Fully agreed. But does this imply that we will make most progress by blocking out a working group that is actively chartered to look at the problems in the market segments Homenet is not addressing ? If the BLOCK is meant to suggest a charter improvements for anima to better define our mutual desire to share whatever is applicable and not reinvent unnecessarily, then where is the proposed charter text change ? Cheers Toerless P.S.: Also, if i may throw in some random tidbit of technology thoughts: I love home networks (and the WG for it), because it is the best place for IPv6 to eliminate IPv4 and start creating fresh, better IP network. I have a lot of doubt that we are anywhere close to going that route especially in larger enterprises, so the address management for IPv4 in those networks is going to be a crucial requirement where i don't think homenet could (or should) be any big help. And i am not sure if i would want to hold my breath for a lot of IPv4 adress complexity reduction in IoT either. But certainly autonomic processes cold rather help than hurt in that matter. On Thu, Oct 02, 2014 at 01:50:13PM +, Leddy, John wrote: My worry on this topic is that we are referring to ³the Home² and ³the Enterprise². It isn¹t that clear of a distinction. This isn¹t just a simple L2 flat home vs. a Fortune 1000 enterprise. The home is getting more complex and includes work from home; IOT, home security, hot spots, cloud services, policies, discovery etc. Large numbers of SMB¹s look like more high end residential than they do large enterprises. It would be ideal to have a solution that spans the range of size and complexity for both residential and enterprise. Perhaps enabling features/capabilities where required. Also, as far as IPV6 connectivity residential is probably ahead of enterprises in adopting V6 centric architectures and services. Residential doesn¹t have much of a choice, it just happens. 2cents, John On 10/2/14, 9:15 AM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: On 02/10/14 13:49, Michael
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
On 10/4/14, 10:16 PM, Brian E Carpenter brian.e.carpen...@gmail.com wrote: On 05/10/2014 09:24, Acee Lindem (acee) wrote: Right - but we still have to agree on the admin or, as you put it, ownership model. At least one of the proposal for autonomic networking is a centralized approach as opposed to configuring a single authentication password on each new device (as one with do with a WiFi network). Let me check that I understand. Are you saying that there are two basic models for enrollment? 1. Hello, I am Brian. Please enrol me; the shared secret is *!$£@. 2. Hello, I am Brian. My public key is 12345, and should already be in your list. [Signed with my private key.] That¹s basically the trade-off although there are many variations of #2. Here is one example: http://www.ietf.org/id/draft-pritikin-bootstrapping-keyinfrastructures-01.t xt The question is what are we willing to accept in the homenet in terms of both device configuration and device requirements. Thanks, Acee Brian ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
(cc's trimmed. I'm not sure the whole IESG wants this in their inboxen.) On 06/10/2014 08:51, Acee Lindem (acee) wrote: On 10/4/14, 10:16 PM, Brian E Carpenter brian.e.carpen...@gmail.com wrote: On 05/10/2014 09:24, Acee Lindem (acee) wrote: Right - but we still have to agree on the admin or, as you put it, ownership model. At least one of the proposal for autonomic networking is a centralized approach as opposed to configuring a single authentication password on each new device (as one with do with a WiFi network). Let me check that I understand. Are you saying that there are two basic models for enrollment? 1. Hello, I am Brian. Please enrol me; the shared secret is *!$£@. 2. Hello, I am Brian. My public key is 12345, and should already be in your list. [Signed with my private key.] That¹s basically the trade-off although there are many variations of #2. Here is one example: http://www.ietf.org/id/draft-pritikin-bootstrapping-keyinfrastructures-01.txt The question is what are we willing to accept in the homenet in terms of both device configuration and device requirements. Right, thanks. And this is question Anima has to ask for the more general case - of course draft-pritikin is a contender. So, in my opinion, model #1 (a shared secret known to every device) is pretty weak. It might be acceptable for a small home network with a very careful human owner, but not beyond that limit. This is exactly the kind of shared secret that people will write down and lose along with their wallet, or simply throw out in their household garbage. IMHO, for a network of any size or complexity, we need model #2. Brian ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
Hiya, On 05/10/14 22:55, Brian E Carpenter wrote: So, in my opinion, model #1 (a shared secret known to every device) is pretty weak. It might be acceptable for a small home network with a very careful human owner, but not beyond that limit. This is exactly the kind of shared secret that people will write down and lose along with their wallet, or simply throw out in their household garbage. IMHO, for a network of any size or complexity, we need model #2. Its not a question that needs to be answered now, but I don't see how model #2 is consistent with the open-source model of doing stuff. (I'm being intentionally vague there as many devices are sort-of developed in an open-source manner.) If there were a way to base things on a PKI for manufacturers that worked for open-source communities that'd be really good, but I don't think I've seen such a thing proposed so far. I'm also very very unsure how model#2 might work in the face of equipment being end-of-lifed by very small companies or what happens after a teeny-tiny manufacturer goes bust. Were the anima (or homenet) WG to try address those questions, I think that'd be great. (And to repeat, I'm not looking for answers right now, but just to see that a WG will commit to tackle this.) S. ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
On 10/05/2014 05:09 PM, Stephen Farrell wrote: Hiya, On 05/10/14 22:55, Brian E Carpenter wrote: So, in my opinion, model #1 (a shared secret known to every device) is pretty weak. It might be acceptable for a small home network with a very careful human owner, but not beyond that limit. This is exactly the kind of shared secret that people will write down and lose along with their wallet, or simply throw out in their household garbage. IMHO, for a network of any size or complexity, we need model #2. Its not a question that needs to be answered now, but I don't see how model #2 is consistent with the open-source model of doing stuff. (I'm being intentionally vague there as many devices are sort-of developed in an open-source manner.) If there were a way to base things on a PKI for manufacturers that worked for open-source communities that'd be really good, but I don't think I've seen such a thing proposed so far. I'm also very very unsure how model#2 might work in the face of equipment being end-of-lifed by very small companies or what happens after a teeny-tiny manufacturer goes bust. Were the anima (or homenet) WG to try address those questions, I think that'd be great. (And to repeat, I'm not looking for answers right now, but just to see that a WG will commit to tackle this.) Are you reading into Brian's message a big P PKI (ie, CA's, etc) for #2? I didn't read it that way. Mike, confused ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
Right - but we still have to agree on the admin or, as you put it, ownership model. At least one of the proposal for autonomic networking is a centralized approach as opposed to configuring a single authentication password on each new device (as one with do with a WiFi network). Acee On 10/3/14, 7:34 PM, Mark Baugher (mbaugher) mbaug...@cisco.com wrote: I voiced the opinion that someone has to own the homenet, as distinct from who might own the CPEs and routers on the homenet. In the same way that some ISP CPEs let the user set the Wi-Fi password, the user or an agent for the use needs to take homenet ownership (or in the case of autonomic devices, transfer ownership). This cannot be done plug and play, there needs to be some ceremony. It's encouraging that the vast majority of users in homes, small offices and small businesses manage to configure their Wi-Fi Protected Access. Some ceremonies work to improve privacy and security. The home network needs to be owned by the home user(s) or agent (could be the ISP or some over-the-top retail solution, etc.). Mark On Oct 3, 2014, at 6:39 AM, Acee Lindem (acee) a...@cisco.com wrote: One thing we need to do in homenet is agree on the network administration model. I believe many of us started with the assumption of plug and play but are now accepting the fact that minimal configuration will be required to vet devices on the homenet. If we can agree on similar network admin models and, as Ted pointed out, requirements on connecting devices, then we be may able to use similar solutions. Acee On 10/2/14, 9:33 PM, Sheng Jiang jiangsh...@huawei.com wrote: I also think ISP networks and enterprise networks are different from home networks. Although many requirements may looks similar, particularly considering the auto operation target, there are many preconditions are different. It could result on different solution though some components may be reusable among these networks. For ANIMA, we should surely study what homenet is working on and identify the differentia. Only after then, we can produce necessary solution with confusing the world. Best regards, Sheng From: homenet [homenet-boun...@ietf.org] on behalf of Toerless Eckert [eck...@cisco.com] Sent: 02 October 2014 22:41 To: Leddy, John Cc: Michael Behringer (mbehring); The IESG; homenet@ietf.org; Stephen Farrell; an...@ietf.org; Ted Lemon Subject: Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK) Fully agreed. But does this imply that we will make most progress by blocking out a working group that is actively chartered to look at the problems in the market segments Homenet is not addressing ? If the BLOCK is meant to suggest a charter improvements for anima to better define our mutual desire to share whatever is applicable and not reinvent unnecessarily, then where is the proposed charter text change ? Cheers Toerless P.S.: Also, if i may throw in some random tidbit of technology thoughts: I love home networks (and the WG for it), because it is the best place for IPv6 to eliminate IPv4 and start creating fresh, better IP network. I have a lot of doubt that we are anywhere close to going that route especially in larger enterprises, so the address management for IPv4 in those networks is going to be a crucial requirement where i don't think homenet could (or should) be any big help. And i am not sure if i would want to hold my breath for a lot of IPv4 adress complexity reduction in IoT either. But certainly autonomic processes cold rather help than hurt in that matter. On Thu, Oct 02, 2014 at 01:50:13PM +, Leddy, John wrote: My worry on this topic is that we are referring to ³the Home² and ³the Enterprise². It isn¹t that clear of a distinction. This isn¹t just a simple L2 flat home vs. a Fortune 1000 enterprise. The home is getting more complex and includes work from home; IOT, home security, hot spots, cloud services, policies, discovery etc. Large numbers of SMB¹s look like more high end residential than they do large enterprises. It would be ideal to have a solution that spans the range of size and complexity for both residential and enterprise. Perhaps enabling features/capabilities where required. Also, as far as IPV6 connectivity residential is probably ahead of enterprises in adopting V6 centric architectures and services. Residential doesn¹t have much of a choice, it just happens. 2cents, John On 10/2/14, 9:15 AM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: On 02/10/14 13:49, Michael Behringer (mbehring) wrote: My personal goal is that what we do in ANIMA is fully compatible with and ideally used in homenet. It would feel wrong to me to have an infrastructure that doesn't work in a homenet. The security bootstrap is a good example of what we can achieve, with reasonable effort. FWIW
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
On 05/10/2014 09:24, Acee Lindem (acee) wrote: Right - but we still have to agree on the admin or, as you put it, ownership model. At least one of the proposal for autonomic networking is a centralized approach as opposed to configuring a single authentication password on each new device (as one with do with a WiFi network). Let me check that I understand. Are you saying that there are two basic models for enrollment? 1. Hello, I am Brian. Please enrol me; the shared secret is *!$£@. 2. Hello, I am Brian. My public key is 12345, and should already be in your list. [Signed with my private key.] Brian ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
One thing we need to do in homenet is agree on the network administration model. I believe many of us started with the assumption of plug and play but are now accepting the fact that minimal configuration will be required to vet devices on the homenet. If we can agree on similar network admin models and, as Ted pointed out, requirements on connecting devices, then we be may able to use similar solutions. Acee On 10/2/14, 9:33 PM, Sheng Jiang jiangsh...@huawei.com wrote: I also think ISP networks and enterprise networks are different from home networks. Although many requirements may looks similar, particularly considering the auto operation target, there are many preconditions are different. It could result on different solution though some components may be reusable among these networks. For ANIMA, we should surely study what homenet is working on and identify the differentia. Only after then, we can produce necessary solution with confusing the world. Best regards, Sheng From: homenet [homenet-boun...@ietf.org] on behalf of Toerless Eckert [eck...@cisco.com] Sent: 02 October 2014 22:41 To: Leddy, John Cc: Michael Behringer (mbehring); The IESG; homenet@ietf.org; Stephen Farrell; an...@ietf.org; Ted Lemon Subject: Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK) Fully agreed. But does this imply that we will make most progress by blocking out a working group that is actively chartered to look at the problems in the market segments Homenet is not addressing ? If the BLOCK is meant to suggest a charter improvements for anima to better define our mutual desire to share whatever is applicable and not reinvent unnecessarily, then where is the proposed charter text change ? Cheers Toerless P.S.: Also, if i may throw in some random tidbit of technology thoughts: I love home networks (and the WG for it), because it is the best place for IPv6 to eliminate IPv4 and start creating fresh, better IP network. I have a lot of doubt that we are anywhere close to going that route especially in larger enterprises, so the address management for IPv4 in those networks is going to be a crucial requirement where i don't think homenet could (or should) be any big help. And i am not sure if i would want to hold my breath for a lot of IPv4 adress complexity reduction in IoT either. But certainly autonomic processes cold rather help than hurt in that matter. On Thu, Oct 02, 2014 at 01:50:13PM +, Leddy, John wrote: My worry on this topic is that we are referring to ³the Home² and ³the Enterprise². It isn¹t that clear of a distinction. This isn¹t just a simple L2 flat home vs. a Fortune 1000 enterprise. The home is getting more complex and includes work from home; IOT, home security, hot spots, cloud services, policies, discovery etc. Large numbers of SMB¹s look like more high end residential than they do large enterprises. It would be ideal to have a solution that spans the range of size and complexity for both residential and enterprise. Perhaps enabling features/capabilities where required. Also, as far as IPV6 connectivity residential is probably ahead of enterprises in adopting V6 centric architectures and services. Residential doesn¹t have much of a choice, it just happens. 2cents, John On 10/2/14, 9:15 AM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: On 02/10/14 13:49, Michael Behringer (mbehring) wrote: My personal goal is that what we do in ANIMA is fully compatible with and ideally used in homenet. It would feel wrong to me to have an infrastructure that doesn't work in a homenet. The security bootstrap is a good example of what we can achieve, with reasonable effort. FWIW, it is not clear to me that the reasonable requirements for provisioning device security information (or bootstrapping if we wanted to call it that) are the same. In enterprise environments we see fewer larger vendors of devices. In the home where we additionally have a large range of vendors many of whom are tiny and leverage a lot of OSS and who could perhaps not take part in the kind of provisioning infrastructure that is quite reasonable for enterprises and their vendors. I do think both want to end up in the same state, where devices are authorised for connection to the network and where there is some keying material usable for security, but I'd be surprised if one approach to getting there worked the same way for both homes and enterprises. S. ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
I voiced the opinion that someone has to own the homenet, as distinct from who might own the CPEs and routers on the homenet. In the same way that some ISP CPEs let the user set the Wi-Fi password, the user or an agent for the use needs to take homenet ownership (or in the case of autonomic devices, transfer ownership). This cannot be done plug and play, there needs to be some ceremony. It's encouraging that the vast majority of users in homes, small offices and small businesses manage to configure their Wi-Fi Protected Access. Some ceremonies work to improve privacy and security. The home network needs to be owned by the home user(s) or agent (could be the ISP or some over-the-top retail solution, etc.). Mark On Oct 3, 2014, at 6:39 AM, Acee Lindem (acee) a...@cisco.com wrote: One thing we need to do in homenet is agree on the network administration model. I believe many of us started with the assumption of plug and play but are now accepting the fact that minimal configuration will be required to vet devices on the homenet. If we can agree on similar network admin models and, as Ted pointed out, requirements on connecting devices, then we be may able to use similar solutions. Acee On 10/2/14, 9:33 PM, Sheng Jiang jiangsh...@huawei.com wrote: I also think ISP networks and enterprise networks are different from home networks. Although many requirements may looks similar, particularly considering the auto operation target, there are many preconditions are different. It could result on different solution though some components may be reusable among these networks. For ANIMA, we should surely study what homenet is working on and identify the differentia. Only after then, we can produce necessary solution with confusing the world. Best regards, Sheng From: homenet [homenet-boun...@ietf.org] on behalf of Toerless Eckert [eck...@cisco.com] Sent: 02 October 2014 22:41 To: Leddy, John Cc: Michael Behringer (mbehring); The IESG; homenet@ietf.org; Stephen Farrell; an...@ietf.org; Ted Lemon Subject: Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK) Fully agreed. But does this imply that we will make most progress by blocking out a working group that is actively chartered to look at the problems in the market segments Homenet is not addressing ? If the BLOCK is meant to suggest a charter improvements for anima to better define our mutual desire to share whatever is applicable and not reinvent unnecessarily, then where is the proposed charter text change ? Cheers Toerless P.S.: Also, if i may throw in some random tidbit of technology thoughts: I love home networks (and the WG for it), because it is the best place for IPv6 to eliminate IPv4 and start creating fresh, better IP network. I have a lot of doubt that we are anywhere close to going that route especially in larger enterprises, so the address management for IPv4 in those networks is going to be a crucial requirement where i don't think homenet could (or should) be any big help. And i am not sure if i would want to hold my breath for a lot of IPv4 adress complexity reduction in IoT either. But certainly autonomic processes cold rather help than hurt in that matter. On Thu, Oct 02, 2014 at 01:50:13PM +, Leddy, John wrote: My worry on this topic is that we are referring to ³the Home² and ³the Enterprise². It isn¹t that clear of a distinction. This isn¹t just a simple L2 flat home vs. a Fortune 1000 enterprise. The home is getting more complex and includes work from home; IOT, home security, hot spots, cloud services, policies, discovery etc. Large numbers of SMB¹s look like more high end residential than they do large enterprises. It would be ideal to have a solution that spans the range of size and complexity for both residential and enterprise. Perhaps enabling features/capabilities where required. Also, as far as IPV6 connectivity residential is probably ahead of enterprises in adopting V6 centric architectures and services. Residential doesn¹t have much of a choice, it just happens. 2cents, John On 10/2/14, 9:15 AM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: On 02/10/14 13:49, Michael Behringer (mbehring) wrote: My personal goal is that what we do in ANIMA is fully compatible with and ideally used in homenet. It would feel wrong to me to have an infrastructure that doesn't work in a homenet. The security bootstrap is a good example of what we can achieve, with reasonable effort. FWIW, it is not clear to me that the reasonable requirements for provisioning device security information (or bootstrapping if we wanted to call it that) are the same. In enterprise environments we see fewer larger vendors of devices. In the home where we additionally have a large range of vendors many of whom are tiny and leverage a lot of OSS and who could perhaps
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
On 02/10/14 13:49, Michael Behringer (mbehring) wrote: My personal goal is that what we do in ANIMA is fully compatible with and ideally used in homenet. It would feel wrong to me to have an infrastructure that doesn't work in a homenet. The security bootstrap is a good example of what we can achieve, with reasonable effort. FWIW, it is not clear to me that the reasonable requirements for provisioning device security information (or bootstrapping if we wanted to call it that) are the same. In enterprise environments we see fewer larger vendors of devices. In the home where we additionally have a large range of vendors many of whom are tiny and leverage a lot of OSS and who could perhaps not take part in the kind of provisioning infrastructure that is quite reasonable for enterprises and their vendors. I do think both want to end up in the same state, where devices are authorised for connection to the network and where there is some keying material usable for security, but I'd be surprised if one approach to getting there worked the same way for both homes and enterprises. S. ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
My worry on this topic is that we are referring to ³the Home² and ³the Enterprise². It isn¹t that clear of a distinction. This isn¹t just a simple L2 flat home vs. a Fortune 1000 enterprise. The home is getting more complex and includes work from home; IOT, home security, hot spots, cloud services, policies, discovery etc. Large numbers of SMB¹s look like more high end residential than they do large enterprises. It would be ideal to have a solution that spans the range of size and complexity for both residential and enterprise. Perhaps enabling features/capabilities where required. Also, as far as IPV6 connectivity residential is probably ahead of enterprises in adopting V6 centric architectures and services. Residential doesn¹t have much of a choice, it just happens. 2cents, John On 10/2/14, 9:15 AM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: On 02/10/14 13:49, Michael Behringer (mbehring) wrote: My personal goal is that what we do in ANIMA is fully compatible with and ideally used in homenet. It would feel wrong to me to have an infrastructure that doesn't work in a homenet. The security bootstrap is a good example of what we can achieve, with reasonable effort. FWIW, it is not clear to me that the reasonable requirements for provisioning device security information (or bootstrapping if we wanted to call it that) are the same. In enterprise environments we see fewer larger vendors of devices. In the home where we additionally have a large range of vendors many of whom are tiny and leverage a lot of OSS and who could perhaps not take part in the kind of provisioning infrastructure that is quite reasonable for enterprises and their vendors. I do think both want to end up in the same state, where devices are authorised for connection to the network and where there is some keying material usable for security, but I'd be surprised if one approach to getting there worked the same way for both homes and enterprises. S. ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
On Thu, Oct 2, 2014 at 6:50 AM, Leddy, John john_le...@cable.comcast.com wrote: My worry on this topic is that we are referring to ³the Home² and ³the Enterprise². I have always approached homenet as a place to get standards that also work for small business. Small business is the place (IMHO) where much of an ipv6 revolution could start to happen. It isn¹t that clear of a distinction. This isn¹t just a simple L2 flat home vs. a Fortune 1000 enterprise. +1 The home is getting more complex and includes work from home; IOT, home security, hot spots, cloud services, policies, discovery etc. Large numbers of SMB¹s look like more high end residential than they do large enterprises. +1 It would be ideal to have a solution that spans the range of size and complexity for both residential and enterprise. Perhaps enabling features/capabilities where required. Also, as far as IPV6 connectivity residential is probably ahead of enterprises in adopting V6 centric architectures and services. Residential doesn¹t have much of a choice, it just happens. Comcast's rollout has been quite impressive. Gfiber's also. Others, not so much. 2cents, John On 10/2/14, 9:15 AM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: On 02/10/14 13:49, Michael Behringer (mbehring) wrote: My personal goal is that what we do in ANIMA is fully compatible with and ideally used in homenet. It would feel wrong to me to have an infrastructure that doesn't work in a homenet. The security bootstrap is a good example of what we can achieve, with reasonable effort. FWIW, it is not clear to me that the reasonable requirements for provisioning device security information (or bootstrapping if we wanted to call it that) are the same. In enterprise environments we see fewer larger vendors of devices. In the home where we additionally have a large range of vendors many of whom are tiny and leverage a lot of OSS and who could perhaps not take part in the kind of provisioning infrastructure that is quite reasonable for enterprises and their vendors. I do think both want to end up in the same state, where devices are authorised for connection to the network and where there is some keying material usable for security, but I'd be surprised if one approach to getting there worked the same way for both homes and enterprises. S. ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet -- Dave Täht https://www.bufferbloat.net/projects/make-wifi-fast ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
I am fully agree with Brian and Kathleen. It is well understood that the new WG would study on existing solutions and ongoing proposals to make sure it is necessary to create new mechanisms. Coordination and awareness is essential for the ANIMA group. Best regards, Sheng From: homenet [homenet-boun...@ietf.org] on behalf of Brian E Carpenter [brian.e.carpen...@gmail.com] Sent: 03 October 2014 5:47 To: Kathleen Moriarty Cc: Michael Behringer (mbehring); The IESG; homenet@ietf.org; Stephen Farrell; an...@ietf.org; Ted Lemon Subject: Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK) On 03/10/2014 04:12, Kathleen Moriarty wrote: On Thu, Oct 2, 2014 at 9:15 AM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: On 02/10/14 13:49, Michael Behringer (mbehring) wrote: My personal goal is that what we do in ANIMA is fully compatible with and ideally used in homenet. It would feel wrong to me to have an infrastructure that doesn't work in a homenet. The security bootstrap is a good example of what we can achieve, with reasonable effort. FWIW, it is not clear to me that the reasonable requirements for provisioning device security information (or bootstrapping if we wanted to call it that) are the same. This is where we would have overlap with SACM and I2NSF. I've spoken in Ops and Dan R has helped to try to recruit some folks to help in SACM. It would be good to not solve this in multiple places. SACM and I2NSF are de-conflicting what they cover. Provisioning and assessing security information is part of those efforts already, hence my questions on the charter as well. In enterprise environments we see fewer larger vendors of devices. In the home where we additionally have a large range of vendors many of whom are tiny and leverage a lot of OSS and who could perhaps not take part in the kind of provisioning infrastructure that is quite reasonable for enterprises and their vendors. There is a push in the vendor space for this type of automation and I'm all for it, let's just coordinate on it so we don't wind up with too many ways to do it. Absolutely. It isn't surprising that Anima proponents are proposing specific approaches to security (or anything else), but there is an overriding sentence in the charter: Where suitable protocols, models or methods exist, they will be preferred over creating new ones. Clerarly that calls for coordination and awareness. Brian I do think both want to end up in the same state, where devices are authorised for connection to the network and where there is some keying material usable for security, but I'd be surprised if one approach to getting there worked the same way for both homes and enterprises. I'd like to see this discusses more, but maybe it's not in this group? Thanks, Kathleen S. ___ Anima mailing list an...@ietf.org https://www.ietf.org/mailman/listinfo/anima ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
I also think ISP networks and enterprise networks are different from home networks. Although many requirements may looks similar, particularly considering the auto operation target, there are many preconditions are different. It could result on different solution though some components may be reusable among these networks. For ANIMA, we should surely study what homenet is working on and identify the differentia. Only after then, we can produce necessary solution with confusing the world. Best regards, Sheng From: homenet [homenet-boun...@ietf.org] on behalf of Toerless Eckert [eck...@cisco.com] Sent: 02 October 2014 22:41 To: Leddy, John Cc: Michael Behringer (mbehring); The IESG; homenet@ietf.org; Stephen Farrell; an...@ietf.org; Ted Lemon Subject: Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK) Fully agreed. But does this imply that we will make most progress by blocking out a working group that is actively chartered to look at the problems in the market segments Homenet is not addressing ? If the BLOCK is meant to suggest a charter improvements for anima to better define our mutual desire to share whatever is applicable and not reinvent unnecessarily, then where is the proposed charter text change ? Cheers Toerless P.S.: Also, if i may throw in some random tidbit of technology thoughts: I love home networks (and the WG for it), because it is the best place for IPv6 to eliminate IPv4 and start creating fresh, better IP network. I have a lot of doubt that we are anywhere close to going that route especially in larger enterprises, so the address management for IPv4 in those networks is going to be a crucial requirement where i don't think homenet could (or should) be any big help. And i am not sure if i would want to hold my breath for a lot of IPv4 adress complexity reduction in IoT either. But certainly autonomic processes cold rather help than hurt in that matter. On Thu, Oct 02, 2014 at 01:50:13PM +, Leddy, John wrote: My worry on this topic is that we are referring to ³the Home² and ³the Enterprise². It isn¹t that clear of a distinction. This isn¹t just a simple L2 flat home vs. a Fortune 1000 enterprise. The home is getting more complex and includes work from home; IOT, home security, hot spots, cloud services, policies, discovery etc. Large numbers of SMB¹s look like more high end residential than they do large enterprises. It would be ideal to have a solution that spans the range of size and complexity for both residential and enterprise. Perhaps enabling features/capabilities where required. Also, as far as IPV6 connectivity residential is probably ahead of enterprises in adopting V6 centric architectures and services. Residential doesn¹t have much of a choice, it just happens. 2cents, John On 10/2/14, 9:15 AM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: On 02/10/14 13:49, Michael Behringer (mbehring) wrote: My personal goal is that what we do in ANIMA is fully compatible with and ideally used in homenet. It would feel wrong to me to have an infrastructure that doesn't work in a homenet. The security bootstrap is a good example of what we can achieve, with reasonable effort. FWIW, it is not clear to me that the reasonable requirements for provisioning device security information (or bootstrapping if we wanted to call it that) are the same. In enterprise environments we see fewer larger vendors of devices. In the home where we additionally have a large range of vendors many of whom are tiny and leverage a lot of OSS and who could perhaps not take part in the kind of provisioning infrastructure that is quite reasonable for enterprises and their vendors. I do think both want to end up in the same state, where devices are authorised for connection to the network and where there is some keying material usable for security, but I'd be surprised if one approach to getting there worked the same way for both homes and enterprises. S. ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
