IETF Logo Mail Archive

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

Ted Lemon <mellon@fugue.com> Tue, 01 August 2017 21:15 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 038D6131C98 for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 14:15:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VFVnX2AK6yej for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 14:15:55 -0700 (PDT)
Received: from mail-pg0-x22d.google.com (mail-pg0-x22d.google.com [IPv6:2607:f8b0:400e:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0313F129B40 for <homenet@ietf.org>; Tue, 1 Aug 2017 14:15:55 -0700 (PDT)
Received: by mail-pg0-x22d.google.com with SMTP id u185so12701616pgb.1 for <homenet@ietf.org>; Tue, 01 Aug 2017 14:15:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=oHYnDfRCsvHYAQ8GclU26+06oDCqy61HEObmo8HSvKs=; b=UBfTVUFrUidi7kj0e6cXP3HhC0u9Tsa3hvjx7h62OMdMTOpSWpn7dlh/aVmZJyQIB2 EVuljW+mBur1c4MwB/z77+c1QuZV/eoa+5yl/DsJxInLt7J22RnubQwmg4yG+yjivLJJ CjA3GNdZlQW0I1goe8/DFRSqVikbE/uoER26kKNeulh/XNMQ41zQZvTvN6l3rIdqoBxI lKp5tEXpkawt4ydqID7jMHoGFNIJQAi31oOtzMpbSevfWAVcuEzZtIyozxbxp4uaDBec fgcCuAv02V1EbljMoOaoDhKx3Ta5LaGCl6cvybNaXptDoibvqjK3jP26kWKD4DKDDdi4 rQFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=oHYnDfRCsvHYAQ8GclU26+06oDCqy61HEObmo8HSvKs=; b=OoIcSm44uxgklrIAIJeeUcLO7KclL6KEnMkNHf3z9KTUADb4jUToSVhuI2OiBKdQMp QXEfb70GIoThJeKaMYwri21WCfwBgg9ehQ7kX7XWB7LYxXkNhPSbtFnUg3ETfrNOogi1 3dJcvUwglQ7peyJsnVTWBvcqDgax9llJBllNBYnxTLXtL/usPh7me89KDGoUM+Mmyqex xD6DujUeX7TgzN14kushse2yrGrvSuJj22RrA2YqR9PnsAElvavO+LZCaMwquy6iSPJE zN7qiOoLqekraDx1vH33inZni+fGq57eYpgYH0ftVqrJD+tLLACfhjO2fKBOKz5kJcBU PKXg==
X-Gm-Message-State: AIVw111ZvwfVNNLZ0aKQbIkVvfc79OTWJJpllQ1G6iwHUzEb5KTsyxfZ +q1lP/Hd6AC9F+AA6/5tCcjeoi8mmTOy
X-Received: by 10.99.54.201 with SMTP id d192mr7967431pga.310.1501622154366; Tue, 01 Aug 2017 14:15:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.180.131 with HTTP; Tue, 1 Aug 2017 14:15:13 -0700 (PDT)
In-Reply-To: <25096.1501621596@obiwan.sandelman.ca>
References: <150127266271.25329.18484770769960144@ietfa.amsl.com> <597F7545.9000702@mathemainzel.info> <E51998F5-8EF9-4FC8-90BE-1D0BF1805339@fugue.com> <b562a9fd0ce2d8af63109aac47d1d47a.1501567308@squirrel.mail> <757C1755-AD78-43DE-93F0-E3D19BFE6C66@fugue.com> <2D09D61DDFA73D4C884805CC7865E6114DBE4251@GAALPA1MSGUSRBF.ITServices.sbc.com> <3A5D69EE-3F32-4773-90ED-D189E7523D9F@fugue.com> <25096.1501621596@obiwan.sandelman.ca>
From: Ted Lemon <mellon@fugue.com>
Date: Tue, 01 Aug 2017 17:15:13 -0400
Message-ID: <CAPt1N1ntJtQy4qhunveMLLqsUMNwENsmBWbTW2jpqys38PjJ+w@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "homenet@ietf.org" <homenet@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0de54c1925bf0555b7a7ce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/NY-kysMiCX6re3cc9GHd-35YCAo>
Subject: Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 21:15:57 -0000

I addressed that question in a previous reply.   Your home network does not
have the equivalent security to letsencrypt.org's certificate signing
infrastructure (I hope!!).   Installing a trust anchor means that trust
anchor has signing authority for any name—there's no way to install one
that doesn't.   So now you've opened all those hosts to attack.   Plus, you
have to install the trust anchor on a bunch of hosts.   Aside from the bit
about our charter saying the host needn't be modified, that's an IT problem
that would challenge a lot of fairly computer-literate people, and if apps
are trusted to do it, that's a major security vulnerability waiting to be
exploited.   If you mean install a cert for every device that presents a
web browser, well, eep.   Aside from the "trusted app" issue and the
"that's hard for end-users" issue, I guess that isn't quite as scary, but
I'd really like an operational model that doesn't require it.

I mean, honestly, if it were possible to get a CA to just issue
certificates for "www.home.arpa" on request with no validation, I think
that would be a better answer both from a security perspective and a
usability perspective, but it's not a *good* answer, and I don't think it's
possible anyway.

On Tue, Aug 1, 2017 at 5:06 PM, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Ted Lemon <mellon@fugue.com> wrote:
>     barbara> The CABF is about "publicly trusted certificates". There is
> no need or
>
> ...
>     > (2) the issue with browser warnings isn't that they are annoying.
> It's that
>     > if we train users to click through them when managing the homenet,
> we are
>     > also training them to click through them at other times. This
> creates an
>     > attack surface in the user that we'd rather not create.
>
> I was trying to understand how CABF was relevant.
>
> I guess the point was how to get a new trust anchor added *globally* that
> would somehow be able to issue certificates that were relevant/bound to
> home.arpa names?
>
> I don't think that this is an immediate concern; if we had some useful
> experiment that we could do we could do it with a sub-CA or with a private
> anchor.
>
> I think that Windows, OSX, and Android have system-wide ways to install new
> trust anchors that browser will generally trust.  libnss on many Linux
> distros provides something similiar.  I assume iOS does too.  As such, it
> should be possible for an application/app on a home desktop to exist that
> would interact with all the devices involved (providing certificates from a
> private trust anchor), and to install the private trust anchor.
> How one spreads that trust anchor to the rest of the family, relatives,
> etc. is an issue.
>
> but, none of this is really relevant to delegation of home.arpa, I think.
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
>
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
>
>

v2.23.0 | Report a Bug | By Email