Re: [Homenet-babel-sec] [babel] What's up with HNCP security?

Ted Lemon <mellon@fugue.com> Mon, 29 May 2017 13:22 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet-babel-sec@ietfa.amsl.com
Delivered-To: homenet-babel-sec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D085C128854 for <homenet-babel-sec@ietfa.amsl.com>; Mon, 29 May 2017 06:22:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9h5c1yc0pacf for <homenet-babel-sec@ietfa.amsl.com>; Mon, 29 May 2017 06:22:38 -0700 (PDT)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F7A612957B for <homenet-babel-sec@ietf.org>; Mon, 29 May 2017 06:22:31 -0700 (PDT)
Received: by mail-qk0-x22e.google.com with SMTP id a72so47827363qkj.2 for <homenet-babel-sec@ietf.org>; Mon, 29 May 2017 06:22:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=PXipNigPfuCUjcKt13iGIHrN78IRfBI5AeB2b9WwqJ0=; b=sRNxfOOR8gqKHg6o1f08L2P4qlAQLFEJQrfhtiuvdVAYkae12lS6ZvoFawh2LZFqua ChHEGUmbRxCvVXsoHapj7wjgVTlARAQbus0EKGjaId4YutQtXGm1djw6H4x2hlwdtHvJ IOy2/lHPoNT5nOXoyUW5m1tkpfias5OuNFIzHv33b+n6T6QNZG843stbSTgJ2voD+c7/ w/h9md3Li0nmZ7/fkptPTpSUXXUvnflaDjBy6iE0lI9VZW0x6/dbbhQihoGW/eyuMRSe X7RMl9TJ8vu3P6oe49FVl/cjiPF9/Q1IDFngANd1d8gA43oPhcbJTOGsEpj2xsNryAnW 8Q5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=PXipNigPfuCUjcKt13iGIHrN78IRfBI5AeB2b9WwqJ0=; b=p29Y/4G0nK3MmwFIh8PFqrvvyEDoG2iZ86Bp1quZHryBtiyCQCtulmmOM1uLBMvWSW GSv9vCYt2SEGhCPVbRVu6GucvNXb3EGQlmm2k5UZmC2J7tLKadTNp9kiTle4p/ST0ib1 sqgnIZn8UZ/PI+AC8afoIrFVn6ftfUJcloSqk3PIY6KVoh2qI7sz4V1fuS99W7LwkXKh 5GfAxCh0PpY067RMcIRxACt80oweD6uGRN2NQT3HjnKHITwnRGNTxIvbuUMNQzsxZpT7 WqCypmADs54bMPoHoYxoe/9P/bPXqCqBQUcODg1dW0jXLsywejK7QznqmKVgIOytyc2i YJRA==
X-Gm-Message-State: AODbwcA7srpEZtklNh3azG8yqWrCU8uHchVhlYs5OwBwZO2MAxFMxyF9 lcAg8zG7WY0aYAh7fqzQYg==
X-Received: by 10.55.161.209 with SMTP id k200mr2510831qke.28.1496064150570; Mon, 29 May 2017 06:22:30 -0700 (PDT)
Received: from [10.0.30.228] (c-73-167-64-188.hsd1.ma.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id a126sm6291752qkc.15.2017.05.29.06.22.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 May 2017 06:22:27 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <EE254C72-2E3C-4316-B0A0-9B9133E2F3C6@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6526D244-397F-4D7F-9643-F38CFCC106FA"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 29 May 2017 09:22:24 -0400
In-Reply-To: <EC469E5B-4E9A-4A6F-818F-EA52E654DE4C@iki.fi>
Cc: Juliusz Chroboczek <jch@irif.fr>, homenet-babel-sec@ietf.org, babel@ietf.org
To: Markus Stenberg <markus.stenberg@iki.fi>
References: <87d1ask7d9.wl-jch@irif.fr> <B67775FF-31CB-42F6-ABDF-BD47BEA1DB56@iki.fi> <1F8BA8E0-7518-4288-B679-749906B1B19F@fugue.com> <87shjoihnz.wl-jch@irif.fr> <416AD4BB-7A24-41D4-9C91-96B23BE65EF3@fugue.com> <EC469E5B-4E9A-4A6F-818F-EA52E654DE4C@iki.fi>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet-babel-sec/EoAJOdG3_oDYKGdUcF6h8Vslt2I>
Subject: Re: [Homenet-babel-sec] [babel] What's up with HNCP security?
X-BeenThere: homenet-babel-sec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Homenet Babel Security <homenet-babel-sec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet-babel-sec>, <mailto:homenet-babel-sec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet-babel-sec/>
List-Post: <mailto:homenet-babel-sec@ietf.org>
List-Help: <mailto:homenet-babel-sec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet-babel-sec>, <mailto:homenet-babel-sec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 May 2017 13:22:40 -0000

On May 29, 2017, at 3:14 AM, Markus Stenberg <markus.stenberg@iki.fi> wrote:
> My _home_ network has plenty of network-wide shared keys (e.g. SSID PSKs) and I do not consider them useless; while they are low barrier to entry, I am not aware of any good alternatives that most of my devices would support (and SSID per device is not realistic).

Shared pre-shared-keys are useful if the need for trust is minimal.   We use them all the time at IETF, and my home network uses WPA2/PSK, not WPA2/enterprise.   But the point is that there is no expectation of privacy or authenticity in this case.

In the case we are talking about, a shared key doesn't work because if any device on the network is pwned, it can masquerade as any other device to escape detection.   You or I could do a fault isolation process to figure out which device has been pwned, but we can't expect homenet users to be able to do that.