Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
>>> Hmm. I've also setup many small PKIs and don't agree. I do think someone >>> could easily make all that quite usable within the home. >> Have you ever walked a non-specialist through the process? > I have not. I see. -- Juliusz ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
On 11/26/2015 08:49 AM, Juliusz Chroboczek wrote: Hmm. I've also setup many small PKIs and don't agree. I do think someone could easily make all that quite usable within the home. Have you ever walked a non-specialist through the process? I'm not Stephen, and I don't play Stephen on teevee, but anything you can do with pre-shared keys, you can do with with an asymmetric keying approach too. Pre-shared keys are pretty high touch form of enrollment, after all. If you can get away with leap-of-faith kinds of enrollment, it is even easier IMO because you don't have to remember messy and/or lousy keys/passphrases: New Thingy: "I'm blah and want to enroll! my public key is blah-blah-blah" Enroller: "Sure!" or "Nah, you look sketchy" Mike ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
On Thu, Nov 26, 2015 at 5:49 PM, Juliusz Chroboczekwrote: >> Hmm. I've also setup many small PKIs and don't agree. I do think someone >> could easily make all that quite usable within the home. > > Have you ever walked a non-specialist through the process? I wonder why this could not be fully automatic? Setup a "press button for first login" system similar to WPS for Wifi that deploys the certificate. No need for the user to do something complicated. Henning ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
On 26/11/15 16:49, Juliusz Chroboczek wrote: >> Hmm. I've also setup many small PKIs and don't agree. I do think someone >> could easily make all that quite usable within the home. > > Have you ever walked a non-specialist through the process? I have not. But as others said, the key idea would be to make it as invisible as possible, which is quite doable. And the tools are there these days (much moreso than even 5-6 years ago) in pretty much all platforms/languages. S. > > -- Juliusz > ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
> On 19.11.2015, at 16.21, Stephen Farrellwrote: > (Sorry for the N-th discuss, I quite like this protocol and > I'm sure we'll get 'em all cleared soon, but... ;-) > > I'd like to chat about whether or not the DTLS recommendations > are correct here. To me, the consensus stuff (from section 8.3 > of dncp) is not clearly baked (as I noted in iesg review of > dncp). The PKI stuff is well known, even if it it is a PITA from > many points of view. I don't think a SHOULD for the former and > a MAY for the latter is appropriate now. If the consensus based > stuff gets deployed and works, then it might be time to say > what you're now saying, but I don't think we're there yet. (I'd > be happy to look @ evidence that we are, and to change my > opinion accordingly.) Given bootstrapping PKI seems nigh impossible (home CA anyone?), I am not sure I agree with you. I have done that few of times and do not recommend it to anyone. Of course, I guess at some point some products may make it painless but I am not sure I will live long enough to see that. (Especially so that the control stays still within home, and does not stray to some American ‘cloud server’, cough cough.) > Please note that I think I like the consensus based scheme, I'm > just concerned it may not be ready for prime time. I'm also not > really convinced that all you need to do to get interop for > that is mention it and refer to dncp. But again, I could be > wrong and would appreciate being corrected if so. > > In summary, I think you should say "when using DTLS with > asymmetric keying, then you SHOULD support the PKI-based method > and MAY support the consensus based method, which is still > somewhat experimental.” SHOULD/MAY neither provide really interoperability anyway, so I am mostly interested about MUSTs. Current PSK MUST I find rather sad, as that is clearly _not_ elegantly bootstrappable. Trust consensus or even given some leap of faith about home CA <> cloudy CA the PKI-based method seem better in that regard. But I have not seen that much in the wild yet (see the ‘unproven’ argument in the other DISCUSS thread). So given the context (ideally zeroconf, at least littleconf) home network, what would you pick for the PSK / PKI / trust consensus? Apparently SHOULD/MAY for the two later, but is PSK really the MUST here or is it the PKI? > -Section 9: You should refer to HKDF and not HMAC-SHA256 though > the reference to RFC 6234 is still right. HMAC-SHA256 itself > is not a key derivation function, which is what you want here. Good catch, thanks, staged for -10[1]. Essentially instead of HMAC-SHA256 recommending HMAC-SHA256 based HKDF with the ‘info’ field the protocol being keyed. > - Please take a look at the secdir review [1] and respond to > that as it raises one issue not (I think) otherwise mentioned. > What is the effect (on a home) of one compromised hncp router? > Perhaps you'll say that's obvious, or perhaps not, but I'm > interested in what you do say, in case it's not obvious:-) > > [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06098.html It essentially broadens a number of on-link attacks to network-wide ones. Notably you can redirect arbitrary traffic wherever you want (without HNCP, you do RA/DHCPv4 faster than router on the link -> MITM), and DoS of the network instead of on-link nodes. Additionally of course it also provides view of the topology and the services that use TLVs encoded in HNCP node data so that can be used for various nefarious things as well. Cheers, -Markus [1] https://github.com/fingon/ietf-drafts/commit/7a140efa2693d9b0138654f5ec71e5888caa6777 ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
On 20/11/15 15:35, Markus Stenberg wrote: > > [1] > https://github.com/fingon/ietf-drafts/commit/f8275e165802a9c310f0bbde98e42087ecc891b1 Great, that's fine to sort my discuss point. I'll clear whenever that's posted Thanks, S. ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
Markus Stenbergwrote: >> I'd like to chat about whether or not the DTLS recommendations >> are correct here. To me, the consensus stuff (from section 8.3 >> of dncp) is not clearly baked (as I noted in iesg review of >> dncp). The PKI stuff is well known, even if it it is a PITA from >> many points of view. I don't think a SHOULD for the former and >> a MAY for the latter is appropriate now. If the consensus based >> stuff gets deployed and works, then it might be time to say >> what you're now saying, but I don't think we're there yet. (I'd >> be happy to look @ evidence that we are, and to change my >> opinion accordingly.) > Given bootstrapping PKI seems nigh impossible (home CA anyone?), I am > not sure I agree with you. I have done that few of times and do not > recommend it to anyone. Of course, I guess at some point some products > may make it painless but I am not sure I will live long enough to see > that. (Especially so that the control stays still within home, and does > not stray to some American ‘cloud server’, cough cough.) The IETF has chartered a group, ANIMA, which might produce something useable. I don't think that homenet needs to invent something on it's own. As long as HNCP *CAN* accomodate a one-level deep (no chains of trust) PKI, then it should be good. So the security has to be MTI, but MAY configure. I do agree with Markus' here at present. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- signature.asc Description: PGP signature ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
[homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
Stephen Farrell has entered the following ballot position for draft-ietf-homenet-hncp-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-homenet-hncp/ -- DISCUSS: -- (Sorry for the N-th discuss, I quite like this protocol and I'm sure we'll get 'em all cleared soon, but... ;-) I'd like to chat about whether or not the DTLS recommendations are correct here. To me, the consensus stuff (from section 8.3 of dncp) is not clearly baked (as I noted in iesg review of dncp). The PKI stuff is well known, even if it it is a PITA from many points of view. I don't think a SHOULD for the former and a MAY for the latter is appropriate now. If the consensus based stuff gets deployed and works, then it might be time to say what you're now saying, but I don't think we're there yet. (I'd be happy to look @ evidence that we are, and to change my opinion accordingly.) Please note that I think I like the consensus based scheme, I'm just concerned it may not be ready for prime time. I'm also not really convinced that all you need to do to get interop for that is mention it and refer to dncp. But again, I could be wrong and would appreciate being corrected if so. In summary, I think you should say "when using DTLS with asymmetric keying, then you SHOULD support the PKI-based method and MAY support the consensus based method, which is still somewhat experimental." -- COMMENT: -- - I agree with Kathleen's discuss that the implementation requirements for DTLS need to be clarified, hopefully (from my POV) to make that MTI but I'll leave that discussion to the other thread. -Section 9: You should refer to HKDF and not HMAC-SHA256 though the reference to RFC 6234 is still right. HMAC-SHA256 itself is not a key derivation function, which is what you want here. - Please take a look at the secdir review [1] and respond to that as it raises one issue not (I think) otherwise mentioned. What is the effect (on a home) of one compromised hncp router? Perhaps you'll say that's obvious, or perhaps not, but I'm interested in what you do say, in case it's not obvious:-) [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06098.html ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet