Re: [homenet] Please review security considerations of draft-homenet-babel-profile

> On Jul 25, 2017, at 1:27 PM, Juliusz Chroboczek wrote: > > Dear all, > > All security wizards are kindly requested to carefully read and if > necessary criticise the following section: > > https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-02#section-4 Based on

Re: [homenet] OpenWRT hardware [was: A poll]

On Feb 20, 2015, at 2:22 PM, Dave Taht dave.t...@gmail.com wrote: On Fri, Feb 20, 2015 at 12:33 PM, Juliusz Chroboczek j...@pps.univ-paris-diderot.fr wrote: I'd be a bit curious to know what people are using for test hardware. The WNDR3800/WNDR3700v2 is still my favourite. I've still got

Re: [homenet] an early attempt at getting homenet stuff to work outside the lab

On Nov 23, 2014, at 9:38 AM, Dave Taht dave.t...@gmail.com wrote: I have seen on this list some sort of time related dependency possibly creeping into hnetd and its crypto, but if your time is, like, the build time of the firmware, how is that going to work? Sorry if I'm being dense, but

[homenet] Home-network support (was Re: [Anima] Homenet feedback on the ANIMA charter

On Oct 7, 2014, at 10:51 AM, Michael Richardson mcr+i...@sandelman.ca wrote: Mark Townsley m...@townsley.net wrote: I suggest that ANIMA focus on professionally-managed networks first, with Homenet being a secondary consideration, akin to IPv4 is in the homenet WG. I like that

Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)

, 7:34 PM, Mark Baugher (mbaugher) mbaug...@cisco.com wrote: I voiced the opinion that someone has to own the homenet, as distinct from who might own the CPEs and routers on the homenet. In the same way that some ISP CPEs let the user set the Wi-Fi password, the user or an agent for the use

Re: [homenet] [Anima] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)

I voiced the opinion that someone has to own the homenet, as distinct from who might own the CPEs and routers on the homenet. In the same way that some ISP CPEs let the user set the Wi-Fi password, the user or an agent for the use needs to take homenet ownership (or in the case of autonomic

Re: [homenet] HNCP security?

On Sep 20, 2014, at 12:57 AM, Steven Barth cy...@openwrt.org wrote: Am 20.09.2014 um 09:17 schrieb Tim Chown: I think it would be useful to do, and needn't hold up progress. It would give us a common understanding - hopefully - of which threats are being covered and which are not. And

Re: [homenet] HNCP security?

On Sep 19, 2014, at 3:25 AM, Ted Lemon mel...@fugue.com wrote: On Sep 18, 2014, at 6:46 PM, Mark Baugher m...@mbaugher.com wrote: The retail model works here. I can imagine a compliant CPE might allow the use to take ownership of an interior HNCP interface. That's only if the provider

Re: [homenet] HNCP security?

On Sep 19, 2014, at 8:54 AM, Ted Lemon mel...@fugue.com wrote: On Sep 19, 2014, at 10:52 AM, Steven Barth cy...@openwrt.org wrote: That was not my point. I'm totally happy with having a standardized way of doing this but I don't think that HNCP is the place where it should be defined since

Re: [homenet] HNCP security?

On Sep 18, 2014, at 8:57 AM, David R Oran daveo...@orandom.net wrote: On Sep 18, 2014, at 11:46 AM, Rene Struik rstruik@gmail.com wrote: It seems that the cryptographic literature needs to be rewritten now ... == Anything you can do with a cert, you can do with raw public keys, and

Re: [homenet] HNCP security?

And all of this was covered in the design for UPnP Device Protection that you referred to earlier and its progenitor UPnP Device Security. I consider HNCP security to be a small subset of the UPnP device requirements. Mark On Sep 18, 2014, at 2:10 PM, STARK, BARBARA H bs7...@att.com wrote:

Re: [homenet] HNCP security?

On Sep 18, 2014, at 2:37 PM, Randy Turner rtur...@amalfisystems.com wrote: How do you bootstrap trust relationships without an initial certificate (whether installed at manufacturing or during a customer fulfillment stage) ? One way is through a user security ceremony (viz. Walker and

Re: [homenet] HNCP security?

...@amalfisystems.com wrote: Are we assuming that the home router is purchased retail, and not fulfilled or provided by an ISP? The method to establish trust relationships would hinge on the answer Randy Original message From: Mark Baugher m...@mbaugher.com Date:09/18/2014 5

Re: [homenet] HNCP security?

On Sep 16, 2014, at 1:29 PM, Tim Chown t...@ecs.soton.ac.uk wrote: There’s obviously some interesting implications of this. One is that there are insecure wired links too! That's a good point. And I wonder about malware on end systems as well. Mark

Re: [homenet] New version draft-mglt-homenet-naming-architecture-dhc-options-02.txt

On Jul 15, 2014, at 11:45 AM, Markus Stenberg markus.stenb...@iki.fi wrote: On 15.7.2014, at 21.35, Juliusz Chroboczek j...@pps.univ-paris-diderot.fr wrote: I assume you mean that we need to recommend a default policy and also document the range of other policies that the end user might

Re: [homenet] Unicast DNS within the Homenet?

On Sep 11, 2012, at 4:53 PM, Curtis Villamizar wrote: We had a similar discussion before and I pointed out that for security some form of exchange of keys or certificates was needed. Having a factory configured root DNSSEC certificate gets one form of trust anchor. The browser

Re: [homenet] Creating a security association via physical link + button

In my experience, there is no single mechanism for establishing what is alternatively called 'pairing,' 'introduction,' 'enrollment,' on in the case of the WiFi Protected Setup a 'mental model.' The techniques have been called ceremonies by Carl Ellison and Jesse Walker, and they serve as a