Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 20 November 2015 15:14 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A34B1B3265; Fri, 20 Nov 2015 07:14:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.586
X-Spam-Level:
X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MANGLED_EMAIL=2.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ANwoAGHL_-7M; Fri, 20 Nov 2015 07:13:57 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E651B3227; Fri, 20 Nov 2015 07:13:57 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A822FBE88; Fri, 20 Nov 2015 15:13:55 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAVUR8u17S0q; Fri, 20 Nov 2015 15:13:52 +0000 (GMT)
Received: from [10.87.48.91] (unknown [86.46.27.72]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B9B57BDCF; Fri, 20 Nov 2015 15:13:50 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1448032432; bh=dZRXTIiXWRAGSLoCMuAeM/OruRDrDyoecx159swXq38=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=vUaMTglQl3eOqDfGli8XhmUdvNbCrDFgSUlciVIhVGZiJBoLTo7iQnySB7IRqo/3H Ww34JdmeuiGUPxpg4eSlSIs8ftPohMwMc0ETrsf1GAZqgr9mOhQxPK1eVOZjt3IV1g tnuDomWjcUGQK0ehudcW+8aj0T9VSXqYaXC0c4mA=
To: Markus Stenberg <markus.stenberg@iki.fi>
References: <20151119142137.30137.298.idtracker@ietfa.amsl.com> <06BE7ED5-0D2F-4B0F-A8AB-B8E5CA562376@iki.fi>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <564F38AC.9090703@cs.tcd.ie>
Date: Fri, 20 Nov 2015 15:13:48 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <06BE7ED5-0D2F-4B0F-A8AB-B8E5CA562376@iki.fi>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/93j9n_Kj0jW4s0R9vnhXpyOuyho>
Cc: homenet-chairs@ietf.org, homenet@ietf.org, Mark Townsley <mark@townsley.net>, The IESG <iesg@ietf.org>, draft-ietf-homenet-hncp@ietf.org
Subject: Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2015 15:14:04 -0000
Hiya, On 20/11/15 14:58, Markus Stenberg wrote: >> On 19.11.2015, at 16.21, Stephen Farrell >> <stephen.farrell@cs.tcd.ie> wrote: (Sorry for the N-th discuss, I >> quite like this protocol and I'm sure we'll get 'em all cleared >> soon, but... ;-) >> >> I'd like to chat about whether or not the DTLS recommendations are >> correct here. To me, the consensus stuff (from section 8.3 of dncp) >> is not clearly baked (as I noted in iesg review of dncp). The PKI >> stuff is well known, even if it it is a PITA from many points of >> view. I don't think a SHOULD for the former and a MAY for the >> latter is appropriate now. If the consensus based stuff gets >> deployed and works, then it might be time to say what you're now >> saying, but I don't think we're there yet. (I'd be happy to look @ >> evidence that we are, and to change my opinion accordingly.) > > Given bootstrapping PKI seems nigh impossible (home CA anyone?), I am > not sure I agree with you. I have done that few of times and do not > recommend it to anyone. Of course, I guess at some point some > products may make it painless but I am not sure I will live long > enough to see that. (Especially so that the control stays still > within home, and does not stray to some American ‘cloud server’, > cough cough.) Hmm. I've also setup many small PKIs and don't agree. I do think someone could easily make all that quite usable within the home. I agree that that hasn't happened to date though. (Maybe being a co-author of rfc5280 I probably find all that PKI nonsense easier to deal with than most developers;-) > >> Please note that I think I like the consensus based scheme, I'm >> just concerned it may not be ready for prime time. I'm also not >> really convinced that all you need to do to get interop for that is >> mention it and refer to dncp. But again, I could be wrong and would >> appreciate being corrected if so. >> >> In summary, I think you should say "when using DTLS with asymmetric >> keying, then you SHOULD support the PKI-based method and MAY >> support the consensus based method, which is still somewhat >> experimental.” > > SHOULD/MAY neither provide really interoperability anyway, so I am > mostly interested about MUSTs. Current PSK MUST I find rather sad, as > that is clearly _not_ elegantly bootstrappable. > > Trust consensus or even given some leap of faith about home CA <> > cloudy CA the PKI-based method seem better in that regard. But I have > not seen that much in the wild yet (see the ‘unproven’ argument in > the other DISCUSS thread). > > So given the context (ideally zeroconf, at least littleconf) home > network, what would you pick for the PSK / PKI / trust consensus? > Apparently SHOULD/MAY for the two later, but is PSK really the MUST > here or is it the PKI? As you say, it's sad, but I think it's true. For now - it could be that your consensus scheme might help there but I just don't think we can be confident of that now. Whereas we do know that the PKI thing will work, if someone has gone to the trouble to setup such a PKI. Summary: I think when using DTLS for this, support for PSK ought be a MUST, PKI could be MUST or SHOULD and the consensus thing probably has to remain as a MAY, since we've not got evidence that it'd work well enough (yet). > >> -Section 9: You should refer to HKDF and not HMAC-SHA256 though the >> reference to RFC 6234 is still right. HMAC-SHA256 itself is not a >> key derivation function, which is what you want here. > > Good catch, thanks, staged for -10[1]. Essentially instead of > HMAC-SHA256 recommending HMAC-SHA256 based HKDF with the ‘info’ field > the protocol being keyed. > >> - Please take a look at the secdir review [1] and respond to that >> as it raises one issue not (I think) otherwise mentioned. What is >> the effect (on a home) of one compromised hncp router? Perhaps >> you'll say that's obvious, or perhaps not, but I'm interested in >> what you do say, in case it's not obvious:-) >> >> [1] >> https://www.ietf.org/mail-archive/web/secdir/current/msg06098.html > > It essentially broadens a number of on-link attacks to network-wide > ones. Notably you can redirect arbitrary traffic wherever you want > (without HNCP, you do RA/DHCPv4 faster than router on the link -> > MITM), and DoS of the network instead of on-link nodes. The above may be worthwhile to add to the security considerations. No harm to remind folks of such things. Cheers, S. > Additionally > of course it also provides view of the topology and the services that > use TLVs encoded in HNCP node data so that can be used for various > nefarious things as well. > > Cheers, > > -Markus > > [1] > https://github.com/fingon/ietf-drafts/commit/7a140efa2693d9b0138654f5ec71e5888caa6777 > > _______________________________________________ > homenet mailing list homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet >
- [homenet] Stephen Farrell's Discuss on draft-ietf… Stephen Farrell
- Re: [homenet] Stephen Farrell's Discuss on draft-… Markus Stenberg
- Re: [homenet] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [homenet] Stephen Farrell's Discuss on draft-… Markus Stenberg
- Re: [homenet] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [homenet] Stephen Farrell's Discuss on draft-… Michael Richardson
- Re: [homenet] Stephen Farrell's Discuss on draft-… Juliusz Chroboczek
- Re: [homenet] Stephen Farrell's Discuss on draft-… Michael Thomas
- Re: [homenet] Stephen Farrell's Discuss on draft-… Henning Rogge
- Re: [homenet] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [homenet] Stephen Farrell's Discuss on draft-… Juliusz Chroboczek