Re: [homenet] Ted's security talk at IETF99: DNCP Security

Ted Lemon <mellon@fugue.com> Mon, 31 July 2017 18:00 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13FAE132740 for <homenet@ietfa.amsl.com>; Mon, 31 Jul 2017 11:00:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jELWyNwrb_pk for <homenet@ietfa.amsl.com>; Mon, 31 Jul 2017 11:00:37 -0700 (PDT)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6716C132743 for <homenet@ietf.org>; Mon, 31 Jul 2017 11:00:36 -0700 (PDT)
Received: by mail-qk0-x231.google.com with SMTP id u139so90550830qka.1 for <homenet@ietf.org>; Mon, 31 Jul 2017 11:00:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=j+y/KjjsTn9NTjNkgQY/78IxUTg2lhmL73L0PQNAd30=; b=D344mWgfe2rFkQE4wMepiTGlGQw3NnNwaFofEJfpLvsGYlDWeRZqwPxYqB+c9OSrfW FZwWLwGO5JoH9tENI2a/kv99rwarvqRS8cTrIgeF+UD3ZpVk9BRBl57UbGErQjC3h8+6 LL8Mty4pt+K2HMAMKKIzK9yvRO4tusHw03Mj/0O+jXwiBaCK5U4kEYC7B9FXXQe4DpuK qycsSnVPi2BmfRuOLmzRHlyl+UYcgCjRZjjPR+qyQ/c0MdSe82WTxXIevP8v0oWFt9Lx R3Zf30VYMua17TUFYX9GvqUemMIPbhHlOACUaAuMCJ6a3w0Sn75Hkh62dXH/K/V0LrKR WRxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=j+y/KjjsTn9NTjNkgQY/78IxUTg2lhmL73L0PQNAd30=; b=Rxr7EE4t2INIzT90AJujrZMOOZTU0NpKcnlDkZ+MY630VH00ebUD2/wcSAhPzv9pud ymRCrRIWMwCVwi0FCgIRzuuq+zBVz/YEESWkaIQsleN4+l6fL2q/Z0+ge0P5JfEgT4OE Te2pCH8kHtWiiIC/a4AoIIom1jGUI5oc2iddSdePc+UflR8y6JTCN4gjjCP3oDniko19 i0v1oLqyk2dlele+uzI9y9asJPDUfRQW5/uaXvryeB3SGPI55+H4zyAggJnHMvejLuj2 r8NFN03ixiXtZERXWNcaYhRX9ItZwldjjRRj9t6O7P9jW39npamMyno+VRFwmXG2A+6O EQew==
X-Gm-Message-State: AIVw110EKqqKqg+0EpzbAvhmgdZgAGVuuruY1aHbKFCNgzRLORPuUjHf 22L/w2gwgNa5xniI
X-Received: by 10.55.74.133 with SMTP id x127mr20638502qka.9.1501524035346; Mon, 31 Jul 2017 11:00:35 -0700 (PDT)
Received: from [10.0.30.153] (c-73-167-64-188.hsd1.nh.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id s18sm21559101qts.77.2017.07.31.11.00.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 31 Jul 2017 11:00:34 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <5A407EA3-AC8B-44A7-8EC2-8242480027FE@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_24765BD2-FAFC-4A92-8972-08A407D6ADC4"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 31 Jul 2017 14:00:33 -0400
In-Reply-To: <3184.1501522914@obiwan.sandelman.ca>
Cc: homenet@ietf.org
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <3725.1501514462@obiwan.sandelman.ca> <52E1C5A0-FC0E-46A5-9016-AA95FB3DC1CB@fugue.com> <3184.1501522914@obiwan.sandelman.ca>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/RsCJswQ6UvOqWDfwUv4Pz6gVyoQ>
Subject: Re: [homenet] Ted's security talk at IETF99: DNCP Security
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jul 2017 18:00:45 -0000

On Jul 31, 2017, at 1:41 PM, Michael Richardson <mcr+ietf@sandelman.ca>; wrote:
> That partly gets rid of the security exception on each access to the
> web interface: provided the web browser loads the new trust anchor.

I don't know how to make that work without a fake domain tree.   Can't we just use ACME+letsencrypt.org <http://letsencrypt.org/>?

> This is where all the other pairing mechanisms come into play.
> You mentioned having a laundry list of them.

Sure.   The question is, what value does the PKI cert add here?   I agree that having a cert that validates is good for the web UI, but I don't see how it helps in establishing trust.

I would be tempted to do something like what Christian is doing with DNSSD privacy: print a QR code on the box, take pictures of all the QR codes with your smartphone, and then use your smartphone app to bootstrap trust using those QR codes.   You could do something similar by just flashing the front panel LEDs really fast when the "pair" button is pressed, and have the smartphone decode that, as is being done with exfiltration malware now.   I suspect there's code we could download... :)