Re: [homenet] Ted's security talk at IETF99: DNCP Security

Ted Lemon <mellon@fugue.com> Tue, 01 August 2017 20:53 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3593124B0A for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 13:53:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a8e_pUZysLmU for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 13:53:44 -0700 (PDT)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE0FC124217 for <homenet@ietf.org>; Tue, 1 Aug 2017 13:53:44 -0700 (PDT)
Received: by mail-pf0-x234.google.com with SMTP id o86so8982471pfj.1 for <homenet@ietf.org>; Tue, 01 Aug 2017 13:53:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UiAZ84248qY5iOg8dLY17dBHCBDAMy3ygk2U7bQ73rQ=; b=eeC2roV/CXXJVDTzXhsQurU6i/WIiSwETY7THM1c4mAunjr8REE/b/Ir9fLTFZO0t5 DotU1Vtmy5+PfhdqQISigO4U8jmcWUCYNm0LZYpJUlbuV4jo6VSLppSaYH/sJE3Oj+oj 7oqn3LqRYvxB24lbG6aC0bZDi12KH8tqFSUMPk5AnxZ4coy9G9AxOeDXVMpiC9rV2UCu TpLnbUe5qAxc+aA3pFmBkWCoasP25M7AoxbwwjEBo3t9C1BpgSpE6aQYatHaHQHdGbu0 gPWoPpRXdTPo9nm0fep9u0fyFqjQM9nE5P7/oQ6xV3Xz6YZJe8pPPr/m79gb/0TkG7bl 3CJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UiAZ84248qY5iOg8dLY17dBHCBDAMy3ygk2U7bQ73rQ=; b=IeNcISattKbhkO/HNk9arWoORFAgLUgTc6QA80yPOSz8gsH0pGannJi/LtH55MV3dH LuJ8KfaMSPmUgBwSQad75QmyBTOFjGh66pU40GvFqaOjxIj2nsplFrXAypRqWi9GRTum Gu58r7eIOcI8N7pndtrRVfPzL6w/yRBnsAte+GMKtb6vBLY49dR0w7LxXaodPKJOAZYg j5XuadSRM7KQF4KacR2mTPQ67c19IWHkntlTIMn+Didwe3GPV8wqN2MZ/LoJ1tPZ4u30 BKN9egknPnIzfi/xD4HuiJoK8n4d5E+9E7zkghXZf1i0f0eGuO++jtdMn8Y9nURJa/oW zn3Q==
X-Gm-Message-State: AIVw113+cldWiNvryHeEAm0ajWLAjHAHOfN/t+Eap/Jantyhtp6W3X6z GLaAAhIfJpyuds9zHHVTNX+emInCC991
X-Received: by 10.98.7.132 with SMTP id 4mr20840056pfh.216.1501620824280; Tue, 01 Aug 2017 13:53:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.180.131 with HTTP; Tue, 1 Aug 2017 13:53:03 -0700 (PDT)
In-Reply-To: <20840.1501620502@obiwan.sandelman.ca>
References: <3725.1501514462@obiwan.sandelman.ca> <52E1C5A0-FC0E-46A5-9016-AA95FB3DC1CB@fugue.com> <3184.1501522914@obiwan.sandelman.ca> <5A407EA3-AC8B-44A7-8EC2-8242480027FE@fugue.com> <27345.1501546823@obiwan.sandelman.ca> <AA5A4081-02A3-4A80-BF8B-10C003DE71D5@fugue.com> <10182.1501601902@obiwan.sandelman.ca> <6C42A593-3EBC-49BE-9A9F-0CF701FF68BF@fugue.com> <20840.1501620502@obiwan.sandelman.ca>
From: Ted Lemon <mellon@fugue.com>
Date: Tue, 1 Aug 2017 16:53:03 -0400
Message-ID: <CAPt1N1=P81Sqf8hCmv5LxdReCxFHNdrkwpAtFDTsGH9SeRkzUw@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: HOMENET <homenet@ietf.org>
Content-Type: multipart/alternative; boundary="001a1143ecf0d1a6b40555b7579c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/Twk86GP6DPoCXV9JoaQdKKSyYmU>
Subject: Re: [homenet] Ted's security talk at IETF99: DNCP Security
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 20:53:46 -0000

So what you're saying is ephemeral is the keying used for the initial
exchange?

On Tue, Aug 1, 2017 at 4:48 PM, Michael Richardson <mcr+ietf@sandelman.ca>;
wrote:

>
> Ted Lemon <mellon@fugue.com>; wrote:
>     > You agree that it's a different problem right?
>
>     mcr> The common part is that one might have a similar set of external
>     mcr> (physical) signals.
>
>     mcr> Should Dave bring his printer to the IETF network, and they
> happen to
>     mcr> discovery each other via privacy-enhanced dnssd magic (cf: Arthur
> Clark's
>     mcr> definition of magic), then it would be good that they can prove
> that it's
>     mcr> really them.
>
>     > To be honest, I probably missed the point you were making—I just
> went back
>     > and reviewed this exchange, and I don't actually understand what the
>     > distinction is that you are making between ephemeral and long-lived
>     > relationships.
>
> This thread started by being about the problem of getting devices in the
> home
> to securely join the homenet.  One sees a list of possible routers in the
> home, and identifies one that should belong, and tells your homenet that it
> should be allowed to join.  (And the router also is told to join your
> network).
>
> The short-term exchange is where you discover the new router and do the
> out-of-band secured exchange to establish initial trust.  Within that
> initial
> trust, longer-term credentials (asymmetric keys) are exchanged.
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>;, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
>