Re: [homenet] Stephen Farrell's No Objection on draft-ietf-homenet-hncp-10: (with COMMENT)

2015-12-04 Thread Stephen Farrell 

I had a peek at the diff and it's all good from my POV.

Isn't it amazing how you can look at a document for ages
and ages and not just see stuff like the hkdf thing? I do
it all the time;-(

S.


On 04/12/15 21:53, Markus Stenberg wrote:
>> On 4.12.2015, at 18.51, Stephen Farrell  wrote:
>> Thanks for addressing my discuss about the options for 
>> using DTLS. Sorry for being slow with this ballot update.
>>
>> The comments below are old, I didn't check if you've
>> made related changes. Happy to chat about that if you
>> want, (or not if you prefer not:-)
>>
>> - I agree with Kathleen's discuss that the implementation
>> requirements for DTLS need to be clarified, hopefully (from my
>> POV) to make that MTI but I'll leave that discussion to the
>> other thread.
> 
> We did some text clarification on this I believe in -10.
> 
>> -Section 9: You should refer to HKDF and not HMAC-SHA256 though
>> the reference to RFC 6234 is still right. HMAC-SHA256 itself
>> is not a key derivation function, which is what you want here.
> 
> Fixed in -10 (really sad failure on my part :-p)
> 
>> - Please take a look at the secdir review [1] and respond to
>> that as it raises one issue not (I think) otherwise mentioned.
>> What is the effect (on a home) of one compromised hncp router?
>> Perhaps you'll say that's obvious, or perhaps not, but I'm 
>> interested in what you do say, in case it's not obvious:-)
> 
> There's text about that in the security considerations, I believe. (Pointer 
> in the -09 DISCUSS thread IIRC).
> 
> Cheers,
> 
> -Markus
> ___
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
> 

___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Stephen Farrell's No Objection on draft-ietf-homenet-hncp-10: (with COMMENT)

2015-12-04 Thread Markus Stenberg 
> On 4.12.2015, at 18.51, Stephen Farrell  wrote:
> Thanks for addressing my discuss about the options for 
> using DTLS. Sorry for being slow with this ballot update.
> 
> The comments below are old, I didn't check if you've
> made related changes. Happy to chat about that if you
> want, (or not if you prefer not:-)
> 
> - I agree with Kathleen's discuss that the implementation
> requirements for DTLS need to be clarified, hopefully (from my
> POV) to make that MTI but I'll leave that discussion to the
> other thread.

We did some text clarification on this I believe in -10.

> -Section 9: You should refer to HKDF and not HMAC-SHA256 though
> the reference to RFC 6234 is still right. HMAC-SHA256 itself
> is not a key derivation function, which is what you want here.

Fixed in -10 (really sad failure on my part :-p)

> - Please take a look at the secdir review [1] and respond to
> that as it raises one issue not (I think) otherwise mentioned.
> What is the effect (on a home) of one compromised hncp router?
> Perhaps you'll say that's obvious, or perhaps not, but I'm 
> interested in what you do say, in case it's not obvious:-)

There's text about that in the security considerations, I believe. (Pointer in 
the -09 DISCUSS thread IIRC).

Cheers,

-Markus
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet