IETF Logo Mail Archive

Re: [Anima] [homenet] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 05 October 2014 21:55 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99C861A0070; Sun, 5 Oct 2014 14:55:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TtJ8p7iHPDRe; Sun, 5 Oct 2014 14:55:17 -0700 (PDT)
Received: from mail-pd0-x22e.google.com (mail-pd0-x22e.google.com [IPv6:2607:f8b0:400e:c02::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 201E11A006F; Sun, 5 Oct 2014 14:55:17 -0700 (PDT)
Received: by mail-pd0-f174.google.com with SMTP id y13so2266569pdi.19 for <multiple recipients>; Sun, 05 Oct 2014 14:55:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=WuqztmBnhucFyqX51iGDOYMBUbfbhp8M+wARmQh25c4=; b=WzWmOlhVFR/2tQpNx7hFX32V55HKMvOppjHjkTYx/K7WKvuuQ/E9geA8tSGB8h34Mq SHppDPWC7zjXkRZwpEB/GTK5R/6Yf6Trg5/6beCzVylEcYsE3ncL+x0MikAuRcjbkwUH kyEMkQuKnzn/CS0OUKNCmmRVTgtsVHrD4x9j5Zm19puyRXSfJ2qonoAt+ZPqPqC4XDZf 6qbhoaOl780kaGKQE4x9thu0oJqby3ZnyqWmgaw1Sx70xEGMwUzeeudVaaZiKD7FKoZ7 gSAOW4atNKMJlpnWInrMQkDnjHV4odNAUAcV8EJ8sVumzeiHYhUGfjDfvQXLW1oRstN0 cX0g==
X-Received: by 10.70.8.195 with SMTP id t3mr14657195pda.62.1412546116815; Sun, 05 Oct 2014 14:55:16 -0700 (PDT)
Received: from [192.168.178.23] (154.197.69.111.dynamic.snap.net.nz. [111.69.197.154]) by mx.google.com with ESMTPSA id ki1sm9351559pdb.59.2014.10.05.14.55.11 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 05 Oct 2014 14:55:15 -0700 (PDT)
Message-ID: <5431BE3E.4@gmail.com>
Date: Mon, 06 Oct 2014 10:55:10 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Acee Lindem (acee)" <acee@cisco.com>
References: <20141002144136.GA1847@cisco.com> <5D36713D8A4E7348A7E10DF7437A4B923AF5E248@nkgeml512-mbx.china.huawei.com> <D0541C19.4165%acee@cisco.com> <7A9C7BA6-E8DD-48F0-9B0E-CC2F36CBA05A@cisco.com> <D055CF54.4271%acee@cisco.com> <5430A9F4.3000802@gmail.com> <D0571620.4283%acee@cisco.com>
In-Reply-To: <D0571620.4283%acee@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/anima/R66yurgafX8MoWjhlSvzx6oeyZY
Cc: "Toerless Eckert (eckert)" <eckert@cisco.com>, "Leddy, John" <John_Leddy@cable.comcast.com>, "Michael Behringer (mbehring)" <mbehring@cisco.com>, "Mark Baugher (mbaugher)" <mbaugher@cisco.com>, Sheng Jiang <jiangsheng@huawei.com>, "homenet@ietf.org" <homenet@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "anima@ietf.org" <anima@ietf.org>, Ted Lemon <ted.lemon@nominum.com>
Subject: Re: [Anima] [homenet] Ted Lemon's Block on charter-ietf-anima-00-09: (with BLOCK)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Oct 2014 21:55:18 -0000

(cc's trimmed. I'm not sure the whole IESG wants this in their inboxen.)

On 06/10/2014 08:51, Acee Lindem (acee) wrote:
> 
> On 10/4/14, 10:16 PM, "Brian E Carpenter" <brian.e.carpenter@gmail.com>
> wrote:
> 
>> On 05/10/2014 09:24, Acee Lindem (acee) wrote:
>>> Right - but we still have to agree on the admin or, as you put it,
>>> ownership model. At least one of the proposal for autonomic networking
>>> is
>>> a centralized approach as opposed to configuring a single authentication
>>> password on each new device (as one with do with a WiFi network).
>> Let me check that I understand. Are you saying that there are two basic
>> models for enrollment?
>>
>> 1. "Hello, I am Brian. Please enrol me; the shared secret is *!&$£@."
>>
>> 2. "Hello, I am Brian. My public key is 12345, and should already
>> be in your list. [Signed with my private key.]"
> 
> That¹s basically the trade-off although there are many variations of #2.
> Here is one example:
> 
> http://www.ietf.org/id/draft-pritikin-bootstrapping-keyinfrastructures-01.txt
> 
> The question is what are we willing to accept in the homenet in terms of
> both device configuration and device requirements.

Right, thanks. And this is question Anima has to ask for the more general
case - of course draft-pritikin is a contender.

So, in my opinion, model #1 (a shared secret known to every device)
is pretty weak. It might be acceptable for a small home network
with a very careful human owner, but not beyond that limit. This is exactly
the kind of shared secret that people will write down and lose along with
their wallet, or simply throw out in their household garbage.
IMHO, for a network of any size or complexity, we need model #2.

   Brian

v2.23.0 | Report a Bug | By Email