Re: [homenet] Follow-up on HNCP security / trust draft
Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 20 November 2014 21:47 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14561A6F92 for <homenet@ietfa.amsl.com>; Thu, 20 Nov 2014 13:47:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8M81IozLttj for <homenet@ietfa.amsl.com>; Thu, 20 Nov 2014 13:47:37 -0800 (PST)
Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC7D41A8768 for <homenet@ietf.org>; Thu, 20 Nov 2014 13:47:35 -0800 (PST)
Received: by mail-pa0-f50.google.com with SMTP id bj1so3375389pad.37 for <homenet@ietf.org>; Thu, 20 Nov 2014 13:47:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=5kn1/wdn8z27zhnR5Hx12I/6ymIzD9usx6RKT2EJ/4M=; b=mEXdBmlzjPDF5h/VHaVCXwltBWPARRbaNrTVXah2o/m2ZLFxZBU0RbFyUoANQVl2A7 159EXH/wTpDG80eTU3dEso0y4N9csP9x1sVUDdYxusJD65yfp54DcYXGK6y48Lj+GVHp g2Dz/eUPKSIUmJHXf9EVDFn43p6qk7ZzdrMquxhLtXGm93fYZCL++axTUTaXjy/eJdf2 JwuglsAQjejqFWNLBgtuzBdCggnA//UPDmEQcl2onQ4BCrpp8ICU06JDvXcfy73Al9YD 3+QvrlgUZrqmOlHG21HKyhmG85NopxgA7+0+qtv8EPtb+9Q2Pc9xEFZuAWP0H+l8Icdf i0Mw==
X-Received: by 10.70.133.72 with SMTP id pa8mr770749pdb.59.1416520055200; Thu, 20 Nov 2014 13:47:35 -0800 (PST)
Received: from [192.168.178.23] (231.199.69.111.dynamic.snap.net.nz. [111.69.199.231]) by mx.google.com with ESMTPSA id g3sm2904279pdh.33.2014.11.20.13.47.32 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 20 Nov 2014 13:47:34 -0800 (PST)
Message-ID: <546E617C.9020008@gmail.com>
Date: Fri, 21 Nov 2014 10:47:40 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Steven Barth <cyrus@openwrt.org>
References: <546DB4C6.8030401@openwrt.org>
In-Reply-To: <546DB4C6.8030401@openwrt.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/IVwtS74L3I8Qtng6Swknicn0sqE
Cc: "homenet@ietf.org Group" <homenet@ietf.org>
Subject: Re: [homenet] Follow-up on HNCP security / trust draft
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 21:47:40 -0000
Steven,
First, I'd like to repeat a comment I made about a month ago:
> So, what we *really* need is a full homenet threat analysis.
In other words I think there's a real risk of overlooking exposures
if we rely only on a threat analysis for HNCP itself.
More below:
On 20/11/2014 22:30, Steven Barth wrote:
> Hello Everyone,
>
> unfortunately the presentation of the security and trust draft was bit
> rushed in Hawaii.
>
> I intent to merge that draft with the main HNCP one if there are no
> blocking objections.
Certainly it's reasonable to include HNCP-specific security measures
in the HNCP protocol specification. However, I'm not yet convinced that
the mechanisms you describe really only apply to HNCP (see below).
> So if you have some time please review it so we can get any issues or
> unclarities out of the way soon.
>
>
> Here is a quick outline of the draft's contents:
>
> * Threats to homenet border determination (with focus on automatic
> algorithm)
> * Threats to HNCP payloads (multicast, unicast)
> * Ways to secure the unicast channel
> * 3 security models: PSK, PKI, Trust Consensus
> * Details about the Trust Consensus Mechanism
> * Means to bootstrap Trust Relationships
I have a feeling that these mechanisms need to apply more widely than
to HNCP transactions. If they are done well, they could be used for just
about anything. That remark could be transcribed directly into the anima
discussion, too, so we definitely need to coordinate here.
Brian
> * Dealing with additional (routing) protocols (lack of) security features
>
>
> Please see the slides for a short content summary.
> http://tools.ietf.org/agenda/91/slides/slides-91-homenet-6.pdf
>
> And the full draft for reference.
> http://tools.ietf.org/html/draft-barth-homenet-hncp-security-trust-01
>
>
>
> Cheers,
>
> Steven
>
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
>
- [homenet] Follow-up on HNCP security / trust draft Steven Barth
- Re: [homenet] Follow-up on HNCP security / trust … Brian E Carpenter
- Re: [homenet] Follow-up on HNCP security / trust … Steven Barth