IETF Logo Mail Archive

Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?

"Michael Behringer (mbehring)" <mbehring@cisco.com> Thu, 14 March 2013 15:40 UTC

Return-Path: <mbehring@cisco.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C486C11E8192 for <homenet@ietfa.amsl.com>; Thu, 14 Mar 2013 08:40:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qOKN9mb+1zow for <homenet@ietfa.amsl.com>; Thu, 14 Mar 2013 08:40:07 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id D44B811E8133 for <homenet@ietf.org>; Thu, 14 Mar 2013 08:40:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1907; q=dns/txt; s=iport; t=1363275607; x=1364485207; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=XbXwjqshorby3e+95/ktglXWRqyqo/mU/WIKh3oQVuY=; b=iX+52oTdtNFuG5bMGLtRJ8cOj/kaqfkmjAEyQm9NeBndHKDOCoHwJVwM 3mqDeptrdRI4xkpVSs5GmOeHkDD980zNrCBil9mDyhbMeT6R6JZNu0VUf HXY8B4CuwPd2zaTpU+9LXBzpTGT321+6RF1p9wsgMMwoAMlJEjJKVsyVI 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFALruQVGtJV2c/2dsb2JhbABDDsRqgWIWdIIqAQEBAwEBAQE3NBAHBgEIDgMBAwEBAQoUCS4LFAMGCQEEARIIiAYGDMFABI5fJhiCWWEDp1qCSz+CKA
X-IronPort-AV: E=Sophos;i="4.84,845,1355097600"; d="scan'208";a="187491569"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-8.cisco.com with ESMTP; 14 Mar 2013 15:40:06 +0000
Received: from xhc-rcd-x08.cisco.com (xhc-rcd-x08.cisco.com [173.37.183.82]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r2EFe646009890 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 14 Mar 2013 15:40:06 GMT
Received: from xmb-rcd-x14.cisco.com ([169.254.4.51]) by xhc-rcd-x08.cisco.com ([173.37.183.82]) with mapi id 14.02.0318.004; Thu, 14 Mar 2013 10:40:06 -0500
From: "Michael Behringer (mbehring)" <mbehring@cisco.com>
To: Tim Chown <tjc@ecs.soton.ac.uk>, "homenet@ietf.org Group" <homenet@ietf.org>
Thread-Topic: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?
Thread-Index: Ac4gyjI7rRa09jDESjm4TcI0Yw8B/Q==
Date: Thu, 14 Mar 2013 15:40:05 +0000
Message-ID: <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED6C6@xmb-rcd-x14.cisco.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.55.83.162]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 15:40:08 -0000

> -----Original Message-----
> From: homenet-bounces@ietf.org [mailto:homenet-bounces@ietf.org] On
> Behalf Of Tim Chown
> Sent: 13 March 2013 16:36
> To: homenet@ietf.org Group
> Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-
> bootstrap?
> 
> On 5 Mar 2013, at 17:52, Michael Behringer (mbehring)
> <mbehring@cisco.com> wrote:
> 
> > Our draft shows a way to do that in a relatively simple and secure way. I
> believe this is a fundamental requirement in a homenet; there are other
> ways to more or less achieve this goal - that needs to be discussed. But we
> should have the discussion.
> 
> If you have text to propose for the arch text, please do so.

There will be cases where two homenets are adjacent, or where a visitor plugs in a device that doesn't belong to the homenet. We need to be able to control that. 

I suggest a subsection in the security section (3.6) to address this. This could sound something like: 

--
3.6.6. Device ownership

There must be a way to administratively assert whether a device belongs to a homenet or not. The goal is to allow the establishment of borders, for example between two adjacent homenets or between the service provider and the homenet; and to avoid unauthorized devices from participating in the homenet. 

The homenet architecture MUST support a way for a homenet owner to claim ownership of his devices in a reasonably secure way. This could be achieved by a pairing mechanisms, by for example pressing buttons simultaneously on an authenticated and a new homenet device. Or by an enrolment process, as described in [draft-behringer-homenet-trust-bootstrap].
--

Thoughts? 
Michael 

 
> Tim
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet

v2.23.0 | Report a Bug | By Email