IETF Logo Mail Archive

Re: [Homenet-babel-sec] [babel] What's up with HNCP security?

Markus Stenberg <markus.stenberg@iki.fi> Sun, 28 May 2017 21:54 UTC

Return-Path: <fingon@kapsi.fi>
X-Original-To: homenet-babel-sec@ietfa.amsl.com
Delivered-To: homenet-babel-sec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A195129493; Sun, 28 May 2017 14:54:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.1
X-Spam-Level:
X-Spam-Status: No, score=0.1 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kapsi.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n5T0rU9LSO6U; Sun, 28 May 2017 14:54:01 -0700 (PDT)
Received: from mail.kapsi.fi (mail.kapsi.fi [IPv6:2001:1bc8:1004::1:25]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20C3A12941C; Sun, 28 May 2017 14:54:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version:Content-Type; bh=JZu79AjDKRt5ivCiLe50xDssK8aYKqOqqm7d7yKkiqc=; b=kGhEkipZIaupZCaU7F3hJrepbngQLhNGsxD5ie0ajyr15wUrzyOT8kbhpEF2QgLvioQbJyrMAEJRMTm44Cbukov4Ib7YbdcgzLzZvCkgAQiSFKxsVEf8zGxxySgaigh4HhVuNP/v8Dsbr74e0zbC+WziuTBng4t48GUA81UJ8oHMlMU452Ti89L8ART4M+kwHuK+ZyKvn0amK0lqra1CZDR2QCo2m1KEA5UA7MmUqYb50KIkA5eO6UHggKoIvQ0VD/tJW4KEce8Vji22beC3x/U63Z9MeqkLSDkk7F2X3SK0Hunz8jx3xEye1KkDiJJpAmmGbK3Rv6qItXQH70DO/w==;
Received: from a91-155-69-187.elisa-laajakaista.fi ([91.155.69.187] helo=poro.lan) by mail.kapsi.fi with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <markus.stenberg@iki.fi>) id 1dF68K-0007Q0-PD; Mon, 29 May 2017 00:53:56 +0300
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <87d1ask7d9.wl-jch@irif.fr>
Date: Mon, 29 May 2017 00:53:56 +0300
Cc: homenet-babel-sec@ietf.org, babel@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B67775FF-31CB-42F6-ABDF-BD47BEA1DB56@iki.fi>
References: <87d1ask7d9.wl-jch@irif.fr>
To: Juliusz Chroboczek <jch@irif.fr>
X-Mailer: Apple Mail (2.3273)
X-SA-Exim-Connect-IP: 91.155.69.187
X-SA-Exim-Mail-From: markus.stenberg@iki.fi
X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet-babel-sec/xj9fG1upmBFm_OyZpqNJGpFdFzQ>
X-Mailman-Approved-At: Mon, 29 May 2017 08:02:24 -0700
Subject: Re: [Homenet-babel-sec] [babel] What's up with HNCP security?
X-BeenThere: homenet-babel-sec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Homenet Babel Security <homenet-babel-sec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet-babel-sec>, <mailto:homenet-babel-sec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet-babel-sec/>
List-Post: <mailto:homenet-babel-sec@ietf.org>
List-Help: <mailto:homenet-babel-sec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet-babel-sec>, <mailto:homenet-babel-sec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 May 2017 21:54:03 -0000

On 29 May 2017, at 0.18, Juliusz Chroboczek <jch@irif.fr> wrote:
> There are two facets to Homenet security: HNCP and Babel.  We, at Babel
> towers, are planning to implement Stenberg-style security for Babel during
> the month of July (earlier is not possible due to my prospective interns
> having to sit their exams).  When we're done, we can compare this aproach
> to the existing HMAC security, and see which of the two approaches is more
> suitable for Homenet.
> 
> For the Babel work to be useful for Homenet security, HNCP needs to be
> extended with two features:
> 
>  - the ability to signal other HNCP nodes that a given link requires
>    authentication and/or encryption, and to securely signal any private
>    keys;

HNCP supports negotiating network-wide shared keys for arbitrary services (such as RPs). If my hncp_proto.h has valid values, TLV to look for is number 42, ironically enough.

hnetd the implementation does not implement this yet, as I am not convinced it is a good idea. I welcome merge requests though if someone wants to implement it. (it is one of the few missing parts of the spec from hnetd)

>  - the ability to protect HNCP traffic over an untrusted link.

hnetd supports this and it has even been tested at some point in distant past. No idea of current status of the code, as I nowadays use the Python HNCP implementation and not the C one. 

> Pierre has mentioned that HNCP already supports all or most of that, but
> somebody needs to write down the relevant protocol bits and check whether
> everything is implemented.
> 
> I'd much prefer that this work be done before we start extending Babel,
> since having the HNCP bits ready would help us ensure that we're meeting
> all of the Homenet requirements.

I am not holding my breath on my motivation to add support for the shared keys in HNCP to hnetd, as I still believe in security-by-l2-zones design that I am running in my home and not l3+ security for each protocol. However, I welcome merge requests on github :) (or very hefty bribe, smirk, but I am working on some other tinfoil hat stuff at the moment.)

Cheers,

-Markus

v2.23.0 | Report a Bug | By Email