Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 20 November 2015 15:14 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A34B1B3265; Fri, 20 Nov 2015 07:14:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.586
X-Spam-Level:
X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MANGLED_EMAIL=2.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ANwoAGHL_-7M; Fri, 20 Nov 2015 07:13:57 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E651B3227; Fri, 20 Nov 2015 07:13:57 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A822FBE88; Fri, 20 Nov 2015 15:13:55 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAVUR8u17S0q; Fri, 20 Nov 2015 15:13:52 +0000 (GMT)
Received: from [10.87.48.91] (unknown [86.46.27.72]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B9B57BDCF; Fri, 20 Nov 2015 15:13:50 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1448032432; bh=dZRXTIiXWRAGSLoCMuAeM/OruRDrDyoecx159swXq38=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=vUaMTglQl3eOqDfGli8XhmUdvNbCrDFgSUlciVIhVGZiJBoLTo7iQnySB7IRqo/3H Ww34JdmeuiGUPxpg4eSlSIs8ftPohMwMc0ETrsf1GAZqgr9mOhQxPK1eVOZjt3IV1g tnuDomWjcUGQK0ehudcW+8aj0T9VSXqYaXC0c4mA=
To: Markus Stenberg <markus.stenberg@iki.fi>
References: <20151119142137.30137.298.idtracker@ietfa.amsl.com> <06BE7ED5-0D2F-4B0F-A8AB-B8E5CA562376@iki.fi>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <564F38AC.9090703@cs.tcd.ie>
Date: Fri, 20 Nov 2015 15:13:48 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <06BE7ED5-0D2F-4B0F-A8AB-B8E5CA562376@iki.fi>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/93j9n_Kj0jW4s0R9vnhXpyOuyho>
Cc: homenet-chairs@ietf.org, homenet@ietf.org, Mark Townsley <mark@townsley.net>, The IESG <iesg@ietf.org>, draft-ietf-homenet-hncp@ietf.org
Subject: Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2015 15:14:04 -0000

Hiya,

On 20/11/15 14:58, Markus Stenberg wrote:
>> On 19.11.2015, at 16.21, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie>; wrote: (Sorry for the N-th discuss, I
>> quite like this protocol and I'm sure we'll get 'em all cleared
>> soon, but... ;-)
>> 
>> I'd like to chat about whether or not the DTLS recommendations are
>> correct here. To me, the consensus stuff (from section 8.3 of dncp)
>> is not clearly baked (as I noted in iesg review of dncp). The PKI
>> stuff is well known, even if it it is a PITA from many points of
>> view. I don't think a SHOULD for the former and a MAY for the
>> latter is appropriate now. If the consensus based stuff gets
>> deployed and works, then it might be time to say what you're now
>> saying, but I don't think we're there yet. (I'd be happy to look @
>> evidence that we are, and to change my opinion accordingly.)
> 
> Given bootstrapping PKI seems nigh impossible (home CA anyone?), I am
> not sure I agree with you.  I have done that few of times and do not
> recommend it to anyone. Of course, I guess at some point some
> products may make it painless but I am not sure I will live long
> enough to see that. (Especially so that the control stays still
> within home, and does not stray to some American ‘cloud server’,
> cough cough.)

Hmm. I've also setup many small PKIs and don't agree. I do
think someone could easily make all that quite usable within
the home. I agree that that hasn't happened to date though.
(Maybe being a co-author of rfc5280 I probably find all that
PKI nonsense easier to deal with than most developers;-)

> 
>> Please note that I think I like the consensus based scheme, I'm 
>> just concerned it may not be ready for prime time. I'm also not 
>> really convinced that all you need to do to get interop for that is
>> mention it and refer to dncp. But again, I could be wrong and would
>> appreciate being corrected if so.
>> 
>> In summary, I think you should say "when using DTLS with asymmetric
>> keying, then you SHOULD support the PKI-based method and MAY
>> support the consensus based method, which is still somewhat
>> experimental.”
> 
> SHOULD/MAY neither provide really interoperability anyway, so I am
> mostly interested about MUSTs. Current PSK MUST I find rather sad, as
> that is clearly _not_ elegantly bootstrappable.
> 
> Trust consensus or even given some leap of faith about home CA <>
> cloudy CA the PKI-based method seem better in that regard. But I have
> not seen that much in the wild yet (see the ‘unproven’ argument in
> the other DISCUSS thread).
> 
> So given the context (ideally zeroconf, at least littleconf) home
> network, what would you pick for the PSK / PKI / trust consensus?
> Apparently SHOULD/MAY for the two later, but is PSK really the MUST
> here or is it the PKI?

As you say, it's sad, but I think it's true. For now - it could
be that your consensus scheme might help there but I just don't
think we can be confident of that now. Whereas we do know that
the PKI thing will work, if someone has gone to the trouble to
setup such a PKI.

Summary: I think when using DTLS for this, support for PSK ought
be a MUST, PKI could be MUST or SHOULD and the consensus thing
probably has to remain as a MAY, since we've not got evidence
that it'd work well enough (yet).

> 
>> -Section 9: You should refer to HKDF and not HMAC-SHA256 though the
>> reference to RFC 6234 is still right. HMAC-SHA256 itself is not a
>> key derivation function, which is what you want here.
> 
> Good catch, thanks, staged for -10[1]. Essentially instead of
> HMAC-SHA256 recommending HMAC-SHA256 based HKDF with the ‘info’ field
> the protocol being keyed.
> 
>> - Please take a look at the secdir review [1] and respond to that
>> as it raises one issue not (I think) otherwise mentioned. What is
>> the effect (on a home) of one compromised hncp router? Perhaps
>> you'll say that's obvious, or perhaps not, but I'm interested in
>> what you do say, in case it's not obvious:-)
>> 
>> [1]
>> https://www.ietf.org/mail-archive/web/secdir/current/msg06098.html
> 
> It essentially broadens a number of on-link attacks to network-wide
> ones. Notably you can redirect arbitrary traffic wherever you want
> (without HNCP, you do RA/DHCPv4 faster than router on the link ->
> MITM), and DoS of the network instead of on-link nodes.

The above may be worthwhile to add to the security considerations.
No harm to remind folks of such things.

Cheers,
S.

> Additionally
> of course it also provides view of the topology and the services that
> use TLVs encoded in HNCP node data so that can be used for various
> nefarious things as well.
> 
> Cheers,
> 
> -Markus
> 
> [1]
> https://github.com/fingon/ietf-drafts/commit/7a140efa2693d9b0138654f5ec71e5888caa6777
>
> 
_______________________________________________
> homenet mailing list homenet@ietf.org 
> https://www.ietf.org/mailman/listinfo/homenet
>