Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS)

Markus Stenberg <markus.stenberg@iki.fi> Fri, 20 November 2015 15:07 UTC

Return-Path: <markus.stenberg@iki.fi>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 359C81B3226; Fri, 20 Nov 2015 07:07:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOHrGf3SRdrA; Fri, 20 Nov 2015 07:07:22 -0800 (PST)
Received: from julia1.inet.fi (mta-out1.inet.fi [62.71.2.231]) by ietfa.amsl.com (Postfix) with ESMTP id 118021B3221; Fri, 20 Nov 2015 07:07:22 -0800 (PST)
Received: from poro.lan (80.220.86.47) by julia1.inet.fi (9.0.002.03-2-gbe5d057) (authenticated as stenma-47) id 5613C7B1013BDCB8; Fri, 20 Nov 2015 17:05:38 +0200
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
From: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <CAHbuEH57=mi4qh55qb+JTRUg4sS7=vxaQtSFEALm6JVOuOfP1w@mail.gmail.com>
Date: Fri, 20 Nov 2015 17:07:19 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D309D1D9-4DA7-43F0-B17F-713974A3AF2F@iki.fi>
References: <20151117235034.24927.22561.idtracker@ietfa.amsl.com> <87poz7qw2k.wl-jch@pps.univ-paris-diderot.fr> <1447858576159-79d51c78-b96c8c38-55ec1307@fugue.com> <C9FD778E-4F0B-420A-911D-D225F23FFF98@iki.fi> <CAHbuEH57=mi4qh55qb+JTRUg4sS7=vxaQtSFEALm6JVOuOfP1w@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/UyXZ0xD-JjsFmH0_NoAgjc5JNzY>
Cc: "homenet@ietf.org" <homenet@ietf.org>, Ted Lemon <mellon@fugue.com>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2015 15:07:23 -0000

On 20.11.2015, at 16.47, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>; wrote:
>> It is question of threats <-> risks  <-> mitigation analysis. Only thing HNCP security really brings is _in case of insecure L2_ _some_ security for routing/psk state. If we assume every other protocol is secured (e.g. SEND, DHCPv6 ’secure mode’) it may be actually worthwhile, but as long as e.g. DHCPv4 is not secure (and it will never be I suspect), the amount of threats you actually take out of the picture by forcing ’securing’ HNCP alone is not really significant.
>> 
>> To sum it up: I recommend still SHOULD MTI, MUST MTU _if and only if_ L2, but at least _my_ home does not _have_ any insecure L2, or at least insecure in a sense that HNCP running there would be my greatest worry.
> If MTI is not a MUST, how can you MUST the MTU?

The MUST MTU here is only for (relatively small) subset of U cases. Therefore, if a product (or a network) does not see those cases happening, broad MTI/MTU causes extra bloat without any benefit (like my home network case I mentioned).

For example, given Markus’ Home Network product does not support insecure (L2-wise) network, having MTI DTLS/TLS causes bloat and solves nothing and makes product harder to ship.

> I think my question on what is "secure mode" and request for a
> reference is still outstanding.

Ah, sorry, simply too much mail backlog. ’secure mode’ in that context should be probably just secure _transport_ enabled on that particular link/for a particular remote endpoint, that is,  the {TLS,DTLS} based one described in the rest of the text.

I wonder if we should edit dncp too, I don’t think that term appears anywhere elsewhere in the document.

Cheers,

-Markus