Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

Michael Thomas <mike@mtcc.com> Thu, 26 November 2015 17:03 UTC

Return-Path: <mike@mtcc.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3F151B2C1E for <homenet@ietfa.amsl.com>; Thu, 26 Nov 2015 09:03:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.687
X-Spam-Level:
X-Spam-Status: No, score=-1.687 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, RP_MATCHES_RCVD=-0.585, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nm8jTBX3iBua for <homenet@ietfa.amsl.com>; Thu, 26 Nov 2015 09:03:29 -0800 (PST)
Received: from mtcc.com (mtcc.com [50.0.18.224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B39E1B2C1C for <homenet@ietf.org>; Thu, 26 Nov 2015 09:03:28 -0800 (PST)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.7/8.14.7) with ESMTP id tAQH3R2t014226 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for <homenet@ietf.org>; Thu, 26 Nov 2015 09:03:28 -0800
To: homenet@ietf.org
References: <20151119142137.30137.298.idtracker@ietfa.amsl.com> <06BE7ED5-0D2F-4B0F-A8AB-B8E5CA562376@iki.fi> <564F38AC.9090703@cs.tcd.ie> <7ifuzsemdl.wl-jch@pps.univ-paris-diderot.fr>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <56573B5F.5090808@mtcc.com>
Date: Thu, 26 Nov 2015 09:03:27 -0800
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <7ifuzsemdl.wl-jch@pps.univ-paris-diderot.fr>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/WIBSeJWzRrKkJS6w-eeLwQ7lz8E>
Subject: Re: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2015 17:03:30 -0000

On 11/26/2015 08:49 AM, Juliusz Chroboczek wrote:
>> Hmm. I've also setup many small PKIs and don't agree. I do think someone
>> could easily make all that quite usable within the home.
> Have you ever walked a non-specialist through the process?
>
>

I'm not Stephen, and I don't play Stephen on teevee, but anything you 
can do with pre-shared keys, you
can do with with an asymmetric keying approach too. Pre-shared keys are 
pretty high touch form of enrollment,
after all. If you can get away with leap-of-faith kinds of enrollment, 
it is even easier IMO because you don't have
to remember messy and/or lousy keys/passphrases:

New Thingy: "I'm blah and want to enroll! my public key is blah-blah-blah"
Enroller: "Sure!" or "Nah, you look sketchy"

Mike