Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

2015-12-01 Thread Juliusz Chroboczek 
>>> Hmm. I've also setup many small PKIs and don't agree. I do think someone
>>> could easily make all that quite usable within the home.

>> Have you ever walked a non-specialist through the process?

> I have not.

I see.

-- Juliusz

___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

2015-11-26 Thread Michael Thomas 

On 11/26/2015 08:49 AM, Juliusz Chroboczek wrote:

Hmm. I've also setup many small PKIs and don't agree. I do think someone
could easily make all that quite usable within the home.

Have you ever walked a non-specialist through the process?




I'm not Stephen, and I don't play Stephen on teevee, but anything you 
can do with pre-shared keys, you
can do with with an asymmetric keying approach too. Pre-shared keys are 
pretty high touch form of enrollment,
after all. If you can get away with leap-of-faith kinds of enrollment, 
it is even easier IMO because you don't have

to remember messy and/or lousy keys/passphrases:

New Thingy: "I'm blah and want to enroll! my public key is blah-blah-blah"
Enroller: "Sure!" or "Nah, you look sketchy"

Mike

___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

2015-11-26 Thread Henning Rogge 
On Thu, Nov 26, 2015 at 5:49 PM, Juliusz Chroboczek
 wrote:
>> Hmm. I've also setup many small PKIs and don't agree. I do think someone
>> could easily make all that quite usable within the home.
>
> Have you ever walked a non-specialist through the process?

I wonder why this could not be fully automatic?

Setup a "press button for first login" system similar to WPS for Wifi
that deploys the certificate.

No need for the user to do something complicated.

Henning

___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

2015-11-26 Thread Stephen Farrell 


On 26/11/15 16:49, Juliusz Chroboczek wrote:
>> Hmm. I've also setup many small PKIs and don't agree. I do think someone
>> could easily make all that quite usable within the home.
> 
> Have you ever walked a non-specialist through the process?

I have not. But as others said, the key idea would be to make
it as invisible as possible, which is quite doable. And the
tools are there these days (much moreso than even 5-6 years
ago) in pretty much all platforms/languages.

S.

> 
> -- Juliusz
> 

___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

2015-11-20 Thread Markus Stenberg 
> On 19.11.2015, at 16.21, Stephen Farrell  wrote:
> (Sorry for the N-th discuss, I quite like this protocol and
> I'm sure we'll get 'em all cleared soon, but... ;-)
> 
> I'd like to chat about whether or not the DTLS recommendations
> are correct here. To me, the consensus stuff (from section 8.3
> of dncp) is not clearly baked (as I noted in iesg review of
> dncp). The PKI stuff is well known, even if it it is a PITA from
> many points of view. I don't think a SHOULD for the former and
> a MAY for the latter is appropriate now. If the consensus based
> stuff gets deployed and works, then it might be time to say
> what you're now saying, but I don't think we're there yet. (I'd
> be happy to look @ evidence that we are, and to change my
> opinion accordingly.)

Given bootstrapping PKI seems nigh impossible (home CA anyone?), I am not sure 
I agree with you.  I have done that few of times and do not recommend it to 
anyone. Of course, I guess at some point some products may make it painless but 
I am not sure I will live long enough to see that. (Especially so that the 
control stays still within home, and does not stray to some American ‘cloud 
server’, cough cough.)

> Please note that I think I like the consensus based scheme, I'm
> just concerned it may not be ready for prime time. I'm also not
> really convinced that all you need to do to get interop for
> that is mention it and refer to dncp. But again, I could be
> wrong and would appreciate being corrected if so.
> 
> In summary, I think you should say "when using DTLS with
> asymmetric keying, then you SHOULD support the PKI-based method
> and MAY support the consensus based method, which is still
> somewhat experimental.”

SHOULD/MAY neither provide really interoperability anyway, so I am mostly 
interested about MUSTs. Current PSK MUST I find rather sad, as that is clearly 
_not_ elegantly bootstrappable.

Trust consensus or even given some leap of faith about home CA <> cloudy CA the 
PKI-based method seem better in that regard. But I have not seen that much in 
the wild yet (see the ‘unproven’ argument in the other DISCUSS thread).

So given the context (ideally zeroconf, at least littleconf) home network, what 
would you pick for the PSK / PKI / trust consensus? Apparently SHOULD/MAY for 
the two later, but is PSK really the MUST here or is it the PKI?

> -Section 9: You should refer to HKDF and not HMAC-SHA256 though
> the reference to RFC 6234 is still right. HMAC-SHA256 itself
> is not a key derivation function, which is what you want here.

Good catch, thanks, staged for -10[1]. Essentially instead of HMAC-SHA256 
recommending HMAC-SHA256 based HKDF with the ‘info’ field the protocol being 
keyed.

> - Please take a look at the secdir review [1] and respond to
> that as it raises one issue not (I think) otherwise mentioned.
> What is the effect (on a home) of one compromised hncp router?
> Perhaps you'll say that's obvious, or perhaps not, but I'm 
> interested in what you do say, in case it's not obvious:-)
> 
>   [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06098.html

It essentially broadens a number of on-link attacks to network-wide ones. 
Notably you can redirect arbitrary traffic wherever you want (without HNCP, you 
do RA/DHCPv4 faster than router on the link -> MITM), and DoS of the network 
instead of on-link nodes. Additionally of course it also provides view of the 
topology and the services that use TLVs encoded in HNCP node data so that can 
be used for various nefarious things as well. 

Cheers,

-Markus

[1] 
https://github.com/fingon/ietf-drafts/commit/7a140efa2693d9b0138654f5ec71e5888caa6777
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

2015-11-20 Thread Stephen Farrell 


On 20/11/15 15:35, Markus Stenberg wrote:
> 
> [1] 
> https://github.com/fingon/ietf-drafts/commit/f8275e165802a9c310f0bbde98e42087ecc891b1

Great, that's fine to sort my discuss point. I'll clear whenever
that's posted

Thanks,
S.

___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

2015-11-20 Thread Michael Richardson 

Markus Stenberg  wrote:
>> I'd like to chat about whether or not the DTLS recommendations
>> are correct here. To me, the consensus stuff (from section 8.3
>> of dncp) is not clearly baked (as I noted in iesg review of
>> dncp). The PKI stuff is well known, even if it it is a PITA from
>> many points of view. I don't think a SHOULD for the former and
>> a MAY for the latter is appropriate now. If the consensus based
>> stuff gets deployed and works, then it might be time to say
>> what you're now saying, but I don't think we're there yet. (I'd
>> be happy to look @ evidence that we are, and to change my
>> opinion accordingly.)

> Given bootstrapping PKI seems nigh impossible (home CA anyone?), I am
> not sure I agree with you.  I have done that few of times and do not
> recommend it to anyone. Of course, I guess at some point some products
> may make it painless but I am not sure I will live long enough to see
> that. (Especially so that the control stays still within home, and does
> not stray to some American ‘cloud server’, cough cough.)

The IETF has chartered a group, ANIMA, which might produce something useable.
I don't think that homenet needs to invent something on it's own.

As long as HNCP *CAN* accomodate a one-level deep (no chains of trust) PKI,
then it should be good.  So the security has to be MTI, but MAY configure.

I do agree with Markus' here at present.

--
Michael Richardson , Sandelman Software Works
 -= IPv6 IoT consulting =-





signature.asc
Description: PGP signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

[homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

2015-11-19 Thread Stephen Farrell 
Stephen Farrell has entered the following ballot position for
draft-ietf-homenet-hncp-09: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-homenet-hncp/



--
DISCUSS:
--


(Sorry for the N-th discuss, I quite like this protocol and
I'm sure we'll get 'em all cleared soon, but... ;-)
 
I'd like to chat about whether or not the DTLS recommendations
are correct here. To me, the consensus stuff (from section 8.3
of dncp) is not clearly baked (as I noted in iesg review of
dncp). The PKI stuff is well known, even if it it is a PITA from
many points of view. I don't think a SHOULD for the former and
a MAY for the latter is appropriate now. If the consensus based
stuff gets deployed and works, then it might be time to say
what you're now saying, but I don't think we're there yet. (I'd
be happy to look @ evidence that we are, and to change my
opinion accordingly.)

Please note that I think I like the consensus based scheme, I'm
just concerned it may not be ready for prime time. I'm also not
really convinced that all you need to do to get interop for
that is mention it and refer to dncp. But again, I could be
wrong and would appreciate being corrected if so.

In summary, I think you should say "when using DTLS with
asymmetric keying, then you SHOULD support the PKI-based method
and MAY support the consensus based method, which is still
somewhat experimental."


--
COMMENT:
--

- I agree with Kathleen's discuss that the implementation
requirements for DTLS need to be clarified, hopefully (from my
POV) to make that MTI but I'll leave that discussion to the
other thread.

-Section 9: You should refer to HKDF and not HMAC-SHA256 though
the reference to RFC 6234 is still right. HMAC-SHA256 itself
is not a key derivation function, which is what you want here.

- Please take a look at the secdir review [1] and respond to
that as it raises one issue not (I think) otherwise mentioned.
What is the effect (on a home) of one compromised hncp router?
Perhaps you'll say that's obvious, or perhaps not, but I'm 
interested in what you do say, in case it's not obvious:-)

   [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06098.html


___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet