[homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-dot-12: (with DISCUSS and COMMENT)

Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> Tue, 29 August 2017 19:47 UTC

Return-Path: <Kathleen.Moriarty.ietf@gmail.com>
X-Original-To: homenet@ietf.org
Delivered-To: homenet@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 837111321AA; Tue, 29 Aug 2017 12:47:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-homenet-dot@ietf.org, Ray Bellis <ray@bellis.me.uk>, homenet-chairs@ietf.org, ray@bellis.me.uk, homenet@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.59.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150403602253.32177.6734059019373307193.idtracker@ietfa.amsl.com>
Date: Tue, 29 Aug 2017 12:47:02 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/BneoC315B_PrdEPoI9biPvQ7DOs>
Subject: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-dot-12: (with DISCUSS and COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2017 19:47:02 -0000

Kathleen Moriarty has entered the following ballot position for
draft-ietf-homenet-dot-12: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-homenet-dot/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thanks for your work on this draft!  The SecDir review raised a few important
points I'd like to discuss that should be easy to resolve.  The first is adding
in privacy considerations in his comments for the Security considerations
section posted here for convenience (but a response to his full thread might be
best):

There are also some privacy issues associated to leaking names outside the
homenet boundaries. For example daniel_smith.home.arpa reveal the identity of
the member of the homenet, my_ipad.home.arpa reveals the devices you own, the
application.

home.arpa may also used in larger environment such as corporate / private.
going from one to the other may also leak such information.

The leak can be from the homenet to the outside world in which case one neeed
to control the queries sent. But in intruder (or guest) may also access the
homenet and proceed to discovery of the names. As a result even though homenet
is believe to be a trusted environment, care should be considered while
publishing under the home.arpa. as well as whose the information is accessible
to.

They might be collision as well. myprinter.home.arpa may be found in various
environments, and upon discovery you may also - in this example - print
confidential information to that printer. In some case you may not even be
aware, for example, if your printing information failed home, and is
re-activated once you are in another environment.

As information may be sensitive it may be encrypted using IPsec DTLS as
described by dprive for both authentication and confidentiality.

When the trust anchor is configured in the resolver, these must be able to
roll-over the key and should follows the requirements for DNSSEC validators. if
it is impossible for a resolver to see the difference between an attack and a
re-key we are in trouble.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

The other comments raised by the SecDir review should get a response,
especially those on section 4 as there are some wording suggestions to better
clarify what is intended in the document.

https://mailarchive.ietf.org/arch/msg/secdir/E7fjRdo94abFW5nqjVBbLspvkww