Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

Stephen Farrell <> Fri, 20 November 2015 15:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0A34B1B3265; Fri, 20 Nov 2015 07:14:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.586
X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MANGLED_EMAIL=2.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ANwoAGHL_-7M; Fri, 20 Nov 2015 07:13:57 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 30E651B3227; Fri, 20 Nov 2015 07:13:57 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id A822FBE88; Fri, 20 Nov 2015 15:13:55 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RAVUR8u17S0q; Fri, 20 Nov 2015 15:13:52 +0000 (GMT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id B9B57BDCF; Fri, 20 Nov 2015 15:13:50 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1448032432; bh=dZRXTIiXWRAGSLoCMuAeM/OruRDrDyoecx159swXq38=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=vUaMTglQl3eOqDfGli8XhmUdvNbCrDFgSUlciVIhVGZiJBoLTo7iQnySB7IRqo/3H Ww34JdmeuiGUPxpg4eSlSIs8ftPohMwMc0ETrsf1GAZqgr9mOhQxPK1eVOZjt3IV1g tnuDomWjcUGQK0ehudcW+8aj0T9VSXqYaXC0c4mA=
To: Markus Stenberg <>
References: <> <>
From: Stephen Farrell <>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <>
Date: Fri, 20 Nov 2015 15:13:48 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: <>
Cc:,, Mark Townsley <>, The IESG <>,
Subject: Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 20 Nov 2015 15:14:04 -0000


On 20/11/15 14:58, Markus Stenberg wrote:
>> On 19.11.2015, at 16.21, Stephen Farrell
>> <> wrote: (Sorry for the N-th discuss, I
>> quite like this protocol and I'm sure we'll get 'em all cleared
>> soon, but... ;-)
>> I'd like to chat about whether or not the DTLS recommendations are
>> correct here. To me, the consensus stuff (from section 8.3 of dncp)
>> is not clearly baked (as I noted in iesg review of dncp). The PKI
>> stuff is well known, even if it it is a PITA from many points of
>> view. I don't think a SHOULD for the former and a MAY for the
>> latter is appropriate now. If the consensus based stuff gets
>> deployed and works, then it might be time to say what you're now
>> saying, but I don't think we're there yet. (I'd be happy to look @
>> evidence that we are, and to change my opinion accordingly.)
> Given bootstrapping PKI seems nigh impossible (home CA anyone?), I am
> not sure I agree with you.  I have done that few of times and do not
> recommend it to anyone. Of course, I guess at some point some
> products may make it painless but I am not sure I will live long
> enough to see that. (Especially so that the control stays still
> within home, and does not stray to some American ‘cloud server’,
> cough cough.)

Hmm. I've also setup many small PKIs and don't agree. I do
think someone could easily make all that quite usable within
the home. I agree that that hasn't happened to date though.
(Maybe being a co-author of rfc5280 I probably find all that
PKI nonsense easier to deal with than most developers;-)

>> Please note that I think I like the consensus based scheme, I'm 
>> just concerned it may not be ready for prime time. I'm also not 
>> really convinced that all you need to do to get interop for that is
>> mention it and refer to dncp. But again, I could be wrong and would
>> appreciate being corrected if so.
>> In summary, I think you should say "when using DTLS with asymmetric
>> keying, then you SHOULD support the PKI-based method and MAY
>> support the consensus based method, which is still somewhat
>> experimental.”
> SHOULD/MAY neither provide really interoperability anyway, so I am
> mostly interested about MUSTs. Current PSK MUST I find rather sad, as
> that is clearly _not_ elegantly bootstrappable.
> Trust consensus or even given some leap of faith about home CA <>
> cloudy CA the PKI-based method seem better in that regard. But I have
> not seen that much in the wild yet (see the ‘unproven’ argument in
> the other DISCUSS thread).
> So given the context (ideally zeroconf, at least littleconf) home
> network, what would you pick for the PSK / PKI / trust consensus?
> Apparently SHOULD/MAY for the two later, but is PSK really the MUST
> here or is it the PKI?

As you say, it's sad, but I think it's true. For now - it could
be that your consensus scheme might help there but I just don't
think we can be confident of that now. Whereas we do know that
the PKI thing will work, if someone has gone to the trouble to
setup such a PKI.

Summary: I think when using DTLS for this, support for PSK ought
be a MUST, PKI could be MUST or SHOULD and the consensus thing
probably has to remain as a MAY, since we've not got evidence
that it'd work well enough (yet).

>> -Section 9: You should refer to HKDF and not HMAC-SHA256 though the
>> reference to RFC 6234 is still right. HMAC-SHA256 itself is not a
>> key derivation function, which is what you want here.
> Good catch, thanks, staged for -10[1]. Essentially instead of
> HMAC-SHA256 recommending HMAC-SHA256 based HKDF with the ‘info’ field
> the protocol being keyed.
>> - Please take a look at the secdir review [1] and respond to that
>> as it raises one issue not (I think) otherwise mentioned. What is
>> the effect (on a home) of one compromised hncp router? Perhaps
>> you'll say that's obvious, or perhaps not, but I'm interested in
>> what you do say, in case it's not obvious:-)
>> [1]
> It essentially broadens a number of on-link attacks to network-wide
> ones. Notably you can redirect arbitrary traffic wherever you want
> (without HNCP, you do RA/DHCPv4 faster than router on the link ->
> MITM), and DoS of the network instead of on-link nodes.

The above may be worthwhile to add to the security considerations.
No harm to remind folks of such things.


> Additionally
> of course it also provides view of the topology and the services that
> use TLVs encoded in HNCP node data so that can be used for various
> nefarious things as well.
> Cheers,
> -Markus
> [1]
> homenet mailing list