Re: [homenet] security work items

I don't know what unmanaged enrollment really looks like, but sure.   We've mostly been talking about models for managed enrollment, and that seems to be the way the market has been going (with remarkable suck-itude, if the Google Home enrollment process is typical).   I think it might be worth having someone give a presentation on the anima enrollment model, if someone is willing to do that.

> On Jan 24, 2018, at 8:51 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
> Hiya,
> 
> On 24/01/18 13:32, Michael Richardson wrote:
>> 
>> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>> On 24/01/18 02:48, Michael Richardson wrote:
>>>> 
>>>> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > - Does this sound
>>>> roughly right or off the wall?
>>>> 
>>>> It sounds right.  I think that bootstrap of security should become an
>>>> recharter item in the future.  Some kind of BCP on interactions with
>>>> MUD, SUIT, etc. IN THE FUTURE. NOT NOW.
>> 
>>> Can you say more? Eg. what would be needed before you think it'd be
>>> sensible for homenet to start work in this space?
>> 
>> a) finish (really finish) Babel work, that might mean interacting with BABEL
>>   WG
>> 
>> b) DNS naming and delegation in Last Call.
>> 
>> c) ANIMA and related groups publish *managed* enrollment,
>>   so that HOMENET can consider how *unmanaged* enrollment might work.
> 
> Reasonable points. Do others (dis)agree?
> 
> Without a chair hat on, I'm not sure that some of those
> other bits of work need to be fully finished - if we know
> what kind of keying that'll be used in the final results,
> we could make some progress, but I do agree we'd need to
> know e.g. whether Babel implementations would plan to
> support what flavours of DTLS (e.g. pre-shared keys vs.
> bare public keys vs. certs if they do plan to use DTLS),
> and other similar things, so I tend to agree those bits
> of work would need to be at least nearly-done.
> 
>> 
>>>>> 2. We have this milestone in our charter:
>>>> 
>>>>> "Nov 2018 - Submission of the perimeter security draft > to the IESG
>>>> as Informational RFC"
>>>> 
>>>> Yes.  Are the authors still engaged?
>> 
>>> I'm not aware that we have authors;-( I guess someone could have
>>> volunteered in the past before I was helping out as chair (if so,
>>> please do let us know).
>> 
>> Ah, so it was Erik and some other people.  I see that the draft has even
>> expired.  I'm thinking about: https://datatracker.ietf.org/doc/draft-kline-homenet-default-perimeter/
>> Maybe you are thinking about something else?
> 
> Nope, I'd not seen that draft before.
> 
> Do others still consider we should work on this topic?
> (based on that draft or not) and we'd still like to know
> who's willing to do stuff, if so.
> 
> Cheers,
> S.
> 
>> 
>> --
>> ]               Never tell me the odds!                 | ipv6 mesh networks [
>> ]   Michael Richardson, Sandelman Software Works        | network architect  [
>> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>> 
>> 
>> --
>> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>> -= IPv6 IoT consulting =-
>> 
>> 
>> 
> 
> -- 
> PGP key change time for me.
> New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018.
> NewWithOld sigs in keyservers.
> Sorry if that mucks something up;-)
> <0x7B172BEA.asc>_______________________________________________
> homenet mailing list
> homenet@ietf.org <mailto:homenet@ietf.org>
> https://www.ietf.org/mailman/listinfo/homenet <https://www.ietf.org/mailman/listinfo/homenet>

Re: [homenet] security work items - what do we want to do?