[Anima] Re: [Add] Re: Hosting Encrypted Servers on CPEs / HTTPS for Local Domains

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 10 September 2024 18:21 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11EC5C18DB84; Tue, 10 Sep 2024 11:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vx47BVFGbHX5; Tue, 10 Sep 2024 11:21:02 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51173C1840FE; Tue, 10 Sep 2024 11:21:01 -0700 (PDT)
Authentication-Results: relay.sandelman.ca; dkim=pass (2048-bit key; secure) header.d=sandelman.ca header.i=@sandelman.ca header.a=rsa-sha256 header.s=dyas header.b=aal/1eF7; dkim-atps=neutral
Received: from dyas.sandelman.ca (unknown [24.48.10.190]) by relay.sandelman.ca (Postfix) with ESMTPS id 724B41F483; Tue, 10 Sep 2024 18:18:07 +0000 (UTC)
Received: by dyas.sandelman.ca (Postfix, from userid 1000) id 80A1EAB65C; Tue, 10 Sep 2024 14:20:42 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sandelman.ca; s=dyas; t=1725992442; bh=5iRm/kkycfdY9PP0e75olFiSZqxHSKGqSZska2k9QKg=; h=From:To:Subject:In-reply-to:References:Date:From; b=aal/1eF7HgEXImjHVsoh9lHK62bvzA7RLZOja2+h2kFcdX8Jztk/NFcPO2/eVs1J7 Pe/D2lq4uiu8K6g7+nplJXglqzCRF3xZFnunl0nQ6YXw/K5VILJvrigUDGWsJWE3Ih OrdVtQ7y9dWk/R9mLEL8lY26wPmI9E25z5nddKt0ZWI5MhZZ0b7N63lNH31yQA9c/+ sZYUydVt6Y+H75n1F23i3/4SvgfxzhbXJOjjrfFxdeanShBKcyJKOtMChRwOJ4w0dT G/phC0gQQmeC4IJ+ximmGrmK9nEt1ajINxfg+KhI70xIngXzcXhK48nOrDCO4SBtP7 B9ybLb08CqGQA==
Received: from dyas (localhost [127.0.0.1]) by dyas.sandelman.ca (Postfix) with ESMTP id 7E6CDA1466; Tue, 10 Sep 2024 14:20:42 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Toerless Eckert <tte@cs.fau.de>, "add@ietf.org" <add@ietf.org>, anima@ietf.org, iotops@ietf.org
In-reply-to: <ZuBviIVAlXUpgJNh@faui48e.informatik.uni-erlangen.de>
References: <6FCA933A-F329-4B45-9C72-32FFCAD289BE@gmail.com> <CACJ6M16MgxzE+8Yiebd9hbYC_tY2tt0Sroc4_izOnP3kO3e5fQ@mail.gmail.com> <MW4PR15MB437956E8735320FFE83037C7B3952@MW4PR15MB4379.namprd15.prod.outlook.com> <ZtpGfh15m58gId0Z@faui48e.informatik.uni-erlangen.de> <21866.1725908702@obiwan.sandelman.ca> <3B84302E-11BC-4695-9C31-9179AD32FDB3@gmail.com> <ZuBviIVAlXUpgJNh@faui48e.informatik.uni-erlangen.de>
Comments: In-reply-to Toerless Eckert <tte@cs.fau.de> message dated "Tue, 10 Sep 2024 18:10:48 +0200."
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 10 Sep 2024 14:20:42 -0400
Message-ID: <377615.1725992442@dyas>
Message-ID-Hash: 2KEBX2I2OMTEHKT4DCANB7LKTLEAUWU5
X-Message-ID-Hash: 2KEBX2I2OMTEHKT4DCANB7LKTLEAUWU5
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-anima.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Anima] Re: [Add] Re: Hosting Encrypted Servers on CPEs / HTTPS for Local Domains
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/C4TjlKh_FKNF4wYz-ZfDtrMU7bg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Owner: <mailto:anima-owner@ietf.org>
List-Post: <mailto:anima@ietf.org>
List-Subscribe: <mailto:anima-join@ietf.org>
List-Unsubscribe: <mailto:anima-leave@ietf.org>

Toerless Eckert <tte@cs.fau.de> wrote:
    > In the home automation IoT device vendor that had the largest market
    > share in germany, you could bootstrap devices a) via QR code. I did
    > that. So i had to use permanent marker to put some device name onto
    > each of my 50 devices as well as the same device name on the fitting QR
    > code piece of paper.  and scan / stash-away those QR code.

One attack that a few people realized about QR codes is the "Roomba attack"
they have cameras... they can drive up to the device and take a picture if
under malicious control.  Now, the device might need to be rebooted or have a
button pushed to go "back" into onboarding mode, so it's probably harder to
do this than some imagined.  Still.

    > Over the
    > past few years i had some incidents where i had to re-bootstrap some of
    > the devices. It's grizzly to think about what happens if my home
    > controller would fail and whether or not a full backup will actually
    > allow me to restore all existing device associations.

There are three lifecycle situations that matter here.
1) your device loses it's mind.  PHB has written about how many times he's
   had to climb up a 30ft ladder to re-init the light bulbs in the chandelier.

2) your home controller fails, or you want to upgrade it, or it's integrated
   with your home router, and you change ISPs and/or connection speeds.

3) you sell your home. Everything needs to be sensibly re-keyed.  I would
   expect the lawyers to escrow those keys along with the front-door key.

    > a) The vendor managed to put the QR codes ONLY onto their devices. Such
    > as in-wall light switches.  So, i simply have to shut off my mains
    > power to remove such a light switch from the wall would it ever need to

safety first.

    > be re-bootstrapped.  b) During bootstrap for magical reasons, the mesh
    > network connectivity (z-wave in this case) seems more picky as during
    > operations. So i can actually not enroll some of the devices from their
    > target deployment location. And/or have to take my RPI4 controller with
    > me, plug it into a nearby wall-socket to enroll such a device. (For the
    > QR-code free bootstrap option).

z-wave is a very challenged network.
Enough for on/off actions, but I'll bet bootstrap, there are many more
packets that have to get through.

    > So, all-in-all i think i would try to stay away from QR codes whenever
    > i can, home or industrial - but to make that work, the whole network
    > based solutions need a lot more detail improvement work.

QR codes won't fly in most industrial settings.
One of the driving forces for industry BRSKI was that the devices are in
places which are too hot/hostile for humans.  For instance, refiners.
Yet, the entire refinery stack is leased/sold a few times/year to a different
operator, and it has to be rekeyed.  But, it takes days to weeks to allow it
to cool enough.

    > Theoretically i think NFC would be a great option, but i have no actual
    > experience. But the idea of having a box of 50 devices, and the
    > reseller just has to type a button on the smartphone to register all 50
    > devices' NFC tags - that just sounds like an intriguing option. Would
    > also have solved my QR code experiences. But not sure if it would be
    > cheap enough for typical home automatin IOT devices.

Many people would like.


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-                      *I*LIKE*TRAINS*