IETF Logo Mail Archive

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

"STARK, BARBARA H" <bs7652@att.com> Tue, 01 August 2017 14:48 UTC

Return-Path: <bs7652@att.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D33A4132192 for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 07:48:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.401
X-Spam-Level:
X-Spam-Status: No, score=-5.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WjY4RF9PYNMh for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 07:48:51 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94FB9132191 for <homenet@ietf.org>; Tue, 1 Aug 2017 07:48:50 -0700 (PDT)
Received: from pps.filterd (m0049462.ppops.net [127.0.0.1]) by m0049462.ppops.net-00191d01. (8.16.0.17/8.16.0.17) with SMTP id v71EjLRb025516; Tue, 1 Aug 2017 10:48:44 -0400
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049462.ppops.net-00191d01. with ESMTP id 2c2u4f9k52-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 01 Aug 2017 10:48:43 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v71Emg20019055; Tue, 1 Aug 2017 10:48:43 -0400
Received: from alpi134.aldc.att.com (alpi134.aldc.att.com [130.8.217.4]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v71EmVXD018667 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 1 Aug 2017 10:48:37 -0400
Received: from GAALPA1MSGHUBAH.ITServices.sbc.com (GAALPA1MSGHUBAH.itservices.sbc.com [130.8.218.157]) by alpi134.aldc.att.com (RSA Interceptor); Tue, 1 Aug 2017 14:48:24 GMT
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.219]) by GAALPA1MSGHUBAH.ITServices.sbc.com ([130.8.218.157]) with mapi id 14.03.0319.002; Tue, 1 Aug 2017 10:48:24 -0400
From: "STARK, BARBARA H" <bs7652@att.com>
To: Ted Lemon <mellon@fugue.com>, "Walter H." <walter.h@mathemainzel.info>
CC: "homenet@ietf.org" <homenet@ietf.org>
Thread-Topic: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt
Thread-Index: AQHTB92otx6a7dev+E6jYWNi3zasW6JuhxyAgAADOgCAAMBPAIAAexSA///KIVA=
Date: Tue, 01 Aug 2017 14:48:23 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114DBE4251@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <150127266271.25329.18484770769960144@ietfa.amsl.com> <597F7545.9000702@mathemainzel.info> <E51998F5-8EF9-4FC8-90BE-1D0BF1805339@fugue.com> <b562a9fd0ce2d8af63109aac47d1d47a.1501567308@squirrel.mail> <757C1755-AD78-43DE-93F0-E3D19BFE6C66@fugue.com>
In-Reply-To: <757C1755-AD78-43DE-93F0-E3D19BFE6C66@fugue.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.10.219.44]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-08-01_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1708010241
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/M9NnrArtl4-Gpkr4wBp9qZ4G5gI>
Subject: Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 14:48:53 -0000

> In order for a PKI solution to work, it has to be possible for any given cert to apply to a unique name, the ownership of which can be defended somehow.   The CABF has spoken unequivocally on this topic:
> https://www.digicert.com/internal-names.htm
> The point of having PKI in the homenet is so that we have secure connections between browsers and servers, and so that users aren't trained to click through certificate warnings just to get things working.   Any solution to this problem has to meet those two requirements.   And to achieve the second requirement, the CABF is going to want it to be the case that the cert identifies a specific endpoint for communication.
> When I say "I don't know how to do that," this is what I'm talking about.   Actually, I do know how to do it: get a public delegation.

The CABF is about "publicly trusted certificates". There is no need or applicability of "publicly trusted certificates" in the context of a home network. No certificate authority in the world is capable of certifying that a device inside a specific home network actually belongs there. The only entity capable of identifying devices that belong in the home network is the home (network) owner. This isn't about public trust. It's about private trust.

In reading Stephen's email about what he did wrt certificates, what stood out to me were:
 (1) The primary goal was to stop the annoying browser warnings. [note that neither HNCP nor Babel would be expected to check against CAs stored in browsers, so they would not be subjected to this annoyance; but the annoyance is something to prevent when considering the broader "naming architecture"]
 (2) Stephen (the home network owner) was the assigner of trust. He was the root certificate authority.

We had discussed (back in Chicago) that a first step should be to figure out first what our goals were wrt "security". From the perspective of the end user, here is my starter list of considerations:
1. End users would like to know that device software / firmware has no Trojans and is "good". This is not a good fit for X.509 certificates or PKI. This would be something for some logo-based certification program (like a UL, Good Housekeeping, IPv6 Ready, etc. stamp). I think this is outside the (current) scope of homenet and there are other orgs working on this sort of thing. In any case, it has nothing to do with encryption and X.509 certificates.
2. End users are the absolute (root) authority as to what does and doesn't belong on the home network. No one else. Even in the case of "unmanaged" home networks. Verisign and others are incapable of telling me whether or not a device belongs on my home network.
3. End users want it to be very easy to add devices/services to the home network. 
4. End users want it to be very easy to remove devices/services.
5. End users want to know when devices on the home network are misbehaving, and they want to easily identify such devices.
6. End users don't want annoying "untrusted" warnings for devices and services inside the home network that they have decided to add to it.

Does this seem like a reasonable list? Are there items y'all disagree with? Others to add?
Thanks,
Barbara

v2.23.0 | Report a Bug | By Email