IETF Logo Mail Archive

Re: [homenet] webauthn for routers

Ted Lemon <mellon@fugue.com> Thu, 13 June 2019 19:51 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C07381206C5 for <homenet@ietfa.amsl.com>; Thu, 13 Jun 2019 12:51:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fzNdU2AHJL8s for <homenet@ietfa.amsl.com>; Thu, 13 Jun 2019 12:51:18 -0700 (PDT)
Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 328991206CC for <homenet@ietf.org>; Thu, 13 Jun 2019 12:51:12 -0700 (PDT)
Received: by mail-qk1-x72f.google.com with SMTP id p144so159077qke.11 for <homenet@ietf.org>; Thu, 13 Jun 2019 12:51:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=F2iMXSZdDKiq4FfuUgnUCdwDKtGMXgFAIkKCy4k7zxw=; b=Cix4BVJocUROkvU7wVuZlxeEYNwSI95VKMA6uNF20Zs+xlNLd+yTpe1Hd1nRs8DLJM B8tl31m3VCmLN5DS1slLKBiExt6fs8MmxYB8j6t1HAt2U2EXb5sH9K9K6uYWluGl5zYk QO6pPZGzC/pVl0+OcPN4CcAdT+rX4JjIHcNHVPbS2ECCc6QOII+JfgiPJwryN+ZzcUF7 WZ7hUv+2qUg7+VW2ieHJYElzhzHmlsIBeLgMq/3KugHHTSH9jqv9vThsZvjn+B7J/QH/ 65wG0eVk17yTtRXcrNXOrwz3SDHq07YNXfduXGIYpkLJJCU9kBpJd6ddr9zbSr1m45Gd i1zQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=F2iMXSZdDKiq4FfuUgnUCdwDKtGMXgFAIkKCy4k7zxw=; b=YdKWbDi1riHCiVUbUW6P7wTmK7kquPYUijK0rH5MgHtCjyQx/ASe7UH3HiqgFQxzMV pQs+3DTXmectgdY5LPJ4sBokfUkz5m7ohn8Pd5dYqRy/lCJSdlVHPqQa5yANRVp8SXn8 8jO90XJubFBQJTiftppfClBf/NDmKV7iFKoioU5zS14Ou54yXjB34K/mSKEV2ciG28TG xm+GYUUWHjwO3dMhjttspxz97XbZ5hEgSd6KfORWgXvHjpozV3RIo5812GIQCjRrZi8h BK/AO5SHsFPXoj5ew7Hzj06C6E7oe/nw27MM5b8CdsshPV4D0rcPYh91CvdBrj5zRnmD QJ0w==
X-Gm-Message-State: APjAAAVj3KtipW0CdUbdYda6+tGFxFmn3bl+/e03WPn/kRZvbnNrFM7v 5IpLoOmucvyXK+MKDxz6QvjVLA==
X-Google-Smtp-Source: APXvYqzdBtKWJZ/WWFlsE32E85qVAcotQjYNKohmI+ynn68iT/CxCVGUpcDq90GBqoJVU9zQonbeUw==
X-Received: by 2002:ae9:ebd1:: with SMTP id b200mr73274770qkg.152.1560455471348; Thu, 13 Jun 2019 12:51:11 -0700 (PDT)
Received: from [10.0.10.34] (c-73-186-137-119.hsd1.ma.comcast.net. [73.186.137.119]) by smtp.gmail.com with ESMTPSA id o38sm386213qto.96.2019.06.13.12.51.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Jun 2019 12:51:10 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <1F477030-124B-4BB7-8023-94017EF5648B@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5DEEB409-D7B1-4C3F-BEB4-DDBEBEF26E8A"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 13 Jun 2019 15:51:09 -0400
In-Reply-To: <3090e039-30d8-5304-d208-a009504acc58@fresheez.com>
Cc: Michael Richardson <mcr@sandelman.ca>, homenet@ietf.org
To: Michael Thomas <mike@fresheez.com>
References: <CADZyTkkgd8f49V+yoZvPZXx3b-_YRzpgUY1-obroq9QMLnFWNw@mail.gmail.com> <EC7FDA4F-1859-4B35-A8AC-D33E1A96F979@fugue.com> <ff7f2700-3862-59bd-abfb-22589562bddb@mtcc.com> <20218.1560366783@localhost> <288a310b-3b99-748d-74ce-a878ff43ee77@fresheez.com> <6179.1560377924@localhost> <604b4062-f2c5-30af-73ff-2e97b7541a9b@fresheez.com> <30470.1560435490@localhost> <cde3329b-cc06-b4eb-5d87-cf74f21368ea@fresheez.com> <496DBED4-24E6-49FE-B9D3-C2BFC7ACEE98@fugue.com> <20d72a3f-0b8f-c958-2482-25358854a96e@fresheez.com> <384451EC-7938-48B6-B167-1C246385C6D7@fugue.com> <fc40f26f-0dc3-91bb-03a0-7e7d8820e931@fresheez.com> <3461D44E-DD00-485D-B1CB-2F5356653403@fugue.com> <4167255a-9766-d155-cafa-44a27bec9a45@fresheez.com> <6B0BD10A-52A8-4DA6-82E2-BE4196041EE4@fugue.com> <d633bcce-cd61-6e86-ae7c-0aa26c7ed815@fresheez.com> <306AAFBA-39D0-489A-8698-F31A6C4BEC78@fugue.com> <8d490410-8ca4-0d74-488e-5c632f8a00b8@fresheez.com> <C3C5279A-14F6-42D2-B436-F2FD88CACC66@fugue.com> <3090e039-30d8-5304-d208-a009504acc58@fresheez.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/PicYSTkA55BN0xgfeQxD9FHICD8>
Subject: Re: [homenet] webauthn for routers
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 19:51:20 -0000

On Jun 13, 2019, at 3:46 PM, Michael Thomas <mike@fresheez.com> wrote:
> Possibly, but I think there are hardware based solutions (eg "press to pair") and pure software based ones. The main point is to have something to point vendors at. They are probably clueless that this is a possibility now.
> 
> 
Ah.  I don’t think that would be useful.  The “if we spec it, they will build it” approach has been an utter failure thus far.  We should have a clear use case and a clear solution that addresses that use case.  We should not specify the kitchen sink and let them pick.  If someone has a use case we didn’t address, then that’s demand to address another use case, and we can do it, but we have to be real about this.  Right now, the only use case that really matters is OpenWRT, because that is where _all_ of the running code is.   So a solution that works there is the place to start.

v2.23.0 | Report a Bug | By Email