Re: [homenet] Please review security considerations of draft-homenet-babel-profile

2017-07-25 Thread Juliusz Chroboczek
> 1) The first sentence seems to not say what to do if a packet comes > from a 1918 IPv4 address. Even if that's not supposed to happen, it > could be attempted. What's an implementation supposed to do then? Both HNCP and Babel use IPv6 for carrying control data. There's no way an IPv4 packet

Re: [homenet] Please review security considerations of draft-homenet-babel-profile

2017-07-25 Thread Ray Bellis
On 25/07/2017 22:58, Stephen Farrell wrote: > I suggest asking the chairs to hit the "request directorate" review > (iirc only they can see that button?) for an early secdir review. Good idea - I've just done this. Ray ___ homenet mailing list

Re: [homenet] Please review security considerations of draft-homenet-babel-profile

2017-07-25 Thread Mark Baugher
> On Jul 25, 2017, at 1:27 PM, Juliusz Chroboczek wrote: > > Dear all, > > All security wizards are kindly requested to carefully read and if > necessary criticise the following section: > > https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-02#section-4 Based on

Re: [homenet] Please review security considerations of draft-homenet-babel-profile

2017-07-25 Thread Juliusz Chroboczek
> ...one might recommend starting with "an upper-layer security protocol" > such as CMS, COSE, JOSE or some other layer-3 encapsulation. We're planning to use DTLS for both HNCP and Babel. But the authentication mechanism is not our main concern. This being Homenet, we need to generate keys

[homenet] Please review security considerations of draft-homenet-babel-profile

2017-07-25 Thread Juliusz Chroboczek
Dear all, All security wizards are kindly requested to carefully read and if necessary criticise the following section: https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-02#section-4 Nasty comments on list, please, compliments by private mail ;-) Thanks, -- Juliusz

Re: [homenet] Please review security considerations of draft-homenet-babel-profile

2017-07-25 Thread Stephen Farrell
Hiya, I suggest asking the chairs to hit the "request directorate" review (iirc only they can see that button?) for an early secdir review. For myself, I've not read the draft yet (I will over the next few weeks) but have two questions while I'm here: 1) The first sentence seems to not say