Re: [homenet] HNCP
Ray Hunter <v6ops@globis.net> Wed, 05 March 2014 08:36 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CF271A00EC for <homenet@ietfa.amsl.com>; Wed, 5 Mar 2014 00:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.521
X-Spam-Level:
X-Spam-Status: No, score=-0.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_64=0.6, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rzQRDYQ-voxA for <homenet@ietfa.amsl.com>; Wed, 5 Mar 2014 00:36:04 -0800 (PST)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id DE07E1A023B for <homenet@ietf.org>; Wed, 5 Mar 2014 00:36:03 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id 834E58714A1; Wed, 5 Mar 2014 09:35:59 +0100 (CET)
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ABfCb3vpxmVL; Wed, 5 Mar 2014 09:35:59 +0100 (CET)
Received: from Rays-iMac.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id 6337A870F92; Wed, 5 Mar 2014 09:35:59 +0100 (CET)
Message-ID: <5316E1EE.7040200@globis.net>
Date: Wed, 05 Mar 2014 09:35:58 +0100
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.9 (Macintosh/20140129)
MIME-Version: 1.0
To: Steven Barth <cyrus@openwrt.org>
References: <58809B4D-CCE4-4DAC-9A1A-DD475584E65B@iki.fi> <6BF5B681-446C-4BCA-9B53-A05A9D4A9E38@townsley.net> <52FE480F.3030801@globis.net> <52FE6E9B.3060107@openwrt.org>
In-Reply-To: <52FE6E9B.3060107@openwrt.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/8bXOIiY3v5jGvMdqiR1AtK0fS3w
Cc: "homenet@ietf.org Group" <homenet@ietf.org>, markus.stenberg@iki.fi, Mark Townsley <mark@townsley.net>
Subject: Re: [homenet] HNCP
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 08:36:09 -0000
> Steven Barth <mailto:cyrus@openwrt.org> > 14 February 2014 20:29 > > I think your arguments about the downsides are valid and we have > thought about them as well. However the current approach seems to be > practical given the current situation that there is no common > consensus about an IGP or about there even being an IGP that fits all > use cases. Some people even argue that in some or many common cases an > IGP might be overkill. > > On top of that I even think if there would be a consensus in the near > future then we still need autoconfiguration and source+dest routing > standardized and adopted for that given IGP which will probably take > quite some time as well. > > So yes, there are limitations and hopefully this is not the final > stance on this topic and at some point there is some kind of > industry-consensus on an IGP. But honestly I don't see this happening > any time soon. > > > ------------------------------------------------------------------------ Thinking further about what should or should not be in HNCP. Is HNCP a useful place to standardise negotiation and maintenance of trust anchors? I know many pieces of kit support a 'peer now' button (Bluetooth audio, DECT phones, Powerline Ethernet), which triggers a leap of faith that direct neighbours in the same mode are trustworthy, but I'm not aware of any IETF standardised way that Homenet devices could negotiate e.g. a common encryption key or private root certificate. As a rough sketch: an external trigger [physical button, GUI command, first power on, factory specific action] places one or more devices into "leap of faith" mode each device generates a candidate encryption key or private key on the fly device detects direct neighbours in similar leap of faith negotiation mode two neighbouring devices establish a secure channel between the pair neighbouring devices exchange certificates or keys and optionally enter them into a store, so that the direct neighbors can authenticate each other in the future without entering leap of faith mode. Devices periodically flood a public key throughout the homenet, with the flooding being authenticated across each pair of neighbours using the trust established above, or a HNCP key or certificate that has been previously established. During the flooding, if A trusts B and B trusts C then A trusts C. All devices end up with a copy of every other device's public key. Each device has its own private key. For maintenance, a timer triggers key or certificate roll over of existing established neighbour trust relationships This HNCP established key or certificate can be used to authenticate future HNCP messages (e.g. between two devices that were not direct neighbours, but become neighbours, because one device has been replugged), or other messages in other protocols. -- Regards, RayH
- [homenet] Two new drafts (and third one 'soon') Markus Stenberg
- [homenet] HNCP Mark Townsley
- Re: [homenet] HNCP Townsley.net
- Re: [homenet] HNCP Dave Taht
- Re: [homenet] HNCP Ray Hunter
- Re: [homenet] HNCP Steven Barth
- Re: [homenet] HNCP Mikael Abrahamsson
- Re: [homenet] HNCP Ray Hunter
- Re: [homenet] HNCP Markus Stenberg
- Re: [homenet] HNCP Teco Boot