Re: [homenet] Ted's security talk at IETF99: DNCP Security

Ted Lemon <mellon@fugue.com> Wed, 02 August 2017 00:56 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3241131714 for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 17:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j_1whFt0IQsH for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 17:56:18 -0700 (PDT)
Received: from mail-pg0-x22e.google.com (mail-pg0-x22e.google.com [IPv6:2607:f8b0:400e:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15B9812EB8C for <homenet@ietf.org>; Tue, 1 Aug 2017 17:56:18 -0700 (PDT)
Received: by mail-pg0-x22e.google.com with SMTP id v77so8790515pgb.3 for <homenet@ietf.org>; Tue, 01 Aug 2017 17:56:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Spht8q1GevahW9XVXszjlC6KwZBfXXbLOMA+FKYJDrU=; b=VrrhfKCE+UNZE8sWHD8gBw4J3/qZNdR2m97HVnHDBegM4JENkyPHXaE+DA5xcba+AT mAa9A04JRqee1Xgex/Ea4ESHJTf6xlinQ6gAHnVApEYbAdFQsWa7WgP5sfVIuXGNEjcq 8uGPz/goKp0c8STRSqaBjGYndfZ5GfuydNLnx3y1BMzbEz3Oe3mm+NItE9mToWY/MfIc v8txfCd9gPGUlqB6isWKlJjinXuJwTQ8aUDbgNtL9Pt15uu42pM/C/0Fb/W5v2rQ4Qpm xutBAB6nv4wcSIcXG/YgwLeQRzm0dcwImr71qvL7wixLowYkkjrLIcQpToog4BDkbA+T 6yfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Spht8q1GevahW9XVXszjlC6KwZBfXXbLOMA+FKYJDrU=; b=YYd69dW2gl4451RbWuipp3gVC1fPSZx3F7e5301TK0xBAiX5XWjQeHD3L7+vx+5jjZ pBXDcs49pihPjrEdPUUKWC8vKWdWP0QvIzYFjKqUT0jCHZuwDtKJhi9k7QxlVcB/o/gy i6VHCM8HN0+U99h/7+xZIQegpvQR4kxcSuVRG+wNaSgV5hm8mTaRDDkXvPXsTQEE53hH Jhiv1msjvqii3tFZjtQcc9YtRC8aCQ+A+5H2WFzEm5YKYB8EZWtdE48ZVur9hLcqTfzm zTuKnS1xtM0oKfsu8dnMq7Zd9dC8o8/Ctjby5sAE+3OIu+T5x2I5VvvTT11GoXFGGFlU SooQ==
X-Gm-Message-State: AIVw1131vtixVwhxWwR2bJjlQMCi4J8zw0B5GZLVIY7q9xxXjcEIxy0D neP1vmXhLwYHFb60gHJtDzluhxPWPXVu
X-Received: by 10.84.238.138 with SMTP id v10mr23285806plk.335.1501635377571; Tue, 01 Aug 2017 17:56:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.180.131 with HTTP; Tue, 1 Aug 2017 17:55:37 -0700 (PDT)
In-Reply-To: <9927.1501634533@obiwan.sandelman.ca>
References: <3725.1501514462@obiwan.sandelman.ca> <52E1C5A0-FC0E-46A5-9016-AA95FB3DC1CB@fugue.com> <3184.1501522914@obiwan.sandelman.ca> <5A407EA3-AC8B-44A7-8EC2-8242480027FE@fugue.com> <27345.1501546823@obiwan.sandelman.ca> <AA5A4081-02A3-4A80-BF8B-10C003DE71D5@fugue.com> <10182.1501601902@obiwan.sandelman.ca> <6C42A593-3EBC-49BE-9A9F-0CF701FF68BF@fugue.com> <20840.1501620502@obiwan.sandelman.ca> <CAPt1N1=P81Sqf8hCmv5LxdReCxFHNdrkwpAtFDTsGH9SeRkzUw@mail.gmail.com> <9927.1501634533@obiwan.sandelman.ca>
From: Ted Lemon <mellon@fugue.com>
Date: Tue, 1 Aug 2017 20:55:37 -0400
Message-ID: <CAPt1N1nxhuG9pBD5g4ZmzK9+tx41KjY5d6AZ0-6KU4HTq8msww@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: HOMENET <homenet@ietf.org>
Content-Type: multipart/alternative; boundary="f403045ff902433bff0555babbde"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/TG8S4m9Ba-grvnJ7H-VyVQAu8Do>
Subject: Re: [homenet] Ted's security talk at IETF99: DNCP Security
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2017 00:56:19 -0000

OK.   So I think the comparison with me and my printer is probably a red
herring. :)

What I was getting at when talking about Christian's work is that the
process of validating the initial leap of faith for homenet could be
similar to the process that Christian is using for validating the pairing
process in private service discovery.

On Tue, Aug 1, 2017 at 8:42 PM, Michael Richardson <mcr+ietf@sandelman.ca>;
wrote:

>
> Ted Lemon <mellon@fugue.com>; wrote:
>     > So what you're saying is ephemeral is the keying used for the initial
>     > exchange?
>
> yes, it's probably more about authenticating the initial (DH/TLS/etc.)
> exchange.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>;, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
>