Re: [homenet] HNCP
Teco Boot <teco@inf-net.nl> Wed, 05 March 2014 10:19 UTC
Return-Path: <teco@inf-net.nl>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 171521A039E for <homenet@ietfa.amsl.com>; Wed, 5 Mar 2014 02:19:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_64=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GSgZBcpDNRuz for <homenet@ietfa.amsl.com>; Wed, 5 Mar 2014 02:19:24 -0800 (PST)
Received: from mail-we0-f174.google.com (mail-we0-f174.google.com [74.125.82.174]) by ietfa.amsl.com (Postfix) with ESMTP id 85FB51A039D for <homenet@ietf.org>; Wed, 5 Mar 2014 02:19:23 -0800 (PST)
Received: by mail-we0-f174.google.com with SMTP id t60so917526wes.5 for <homenet@ietf.org>; Wed, 05 Mar 2014 02:19:20 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=wNCe/bVbWVXJQRKHcFYm+1GLfbDUgOko9eEBhI4I3cE=; b=JnaT4WH+62sLz032vGLh+D4abJVUTFB4oQhTjBw5mkZ2RE/BD/UmTJm/KQryhlJEZz b8wupqqkHwDaxBxdYqDtS2VFqHm755Gri/ZsecCONeBN/0mRmC0sWDsBf8VYD3JSM/dz iUdgbz13iXy9+LxBiIFIae+ZVNrUUUMcdWAjfrr9yyPEZOcgS7g2mvbxbFp2hT88zHOC iG+zGvWoYXwUw0PgYW4yIyxmQwemW8XHe8pqJWFW9s2DqIFb0az8i55oPwq8dWXmm/PU ki0N+D68akyRIybNEEEWmPCZUwC8yMX9FK3GgH49v42FwlfvRJm8UonL8UcnqPpppZGi mz1g==
X-Gm-Message-State: ALoCoQnInd4x6AqhCTxWXKjjtzSPzE8vr//RIhjxm9nfqehvNbK0tM264IR0TW3MGQ7M3kUXHKiN
X-Received: by 10.195.13.103 with SMTP id ex7mr7120591wjd.3.1394014760024; Wed, 05 Mar 2014 02:19:20 -0800 (PST)
Received: from dhcp-a727.meeting.ietf.org (dhcp-a727.meeting.ietf.org. [31.133.167.39]) by mx.google.com with ESMTPSA id uq2sm9508685wjc.5.2014.03.05.02.19.12 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 05 Mar 2014 02:19:19 -0800 (PST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Teco Boot <teco@inf-net.nl>
In-Reply-To: <5316E1EE.7040200@globis.net>
Date: Wed, 05 Mar 2014 11:19:08 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <25A6B6D6-DFBE-4BE8-AAF8-479FD3E15494@inf-net.nl>
References: <58809B4D-CCE4-4DAC-9A1A-DD475584E65B@iki.fi> <6BF5B681-446C-4BCA-9B53-A05A9D4A9E38@townsley.net> <52FE480F.3030801@globis.net> <52FE6E9B.3060107@openwrt.org> <5316E1EE.7040200@globis.net>
To: Ray Hunter <v6ops@globis.net>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/WjR5UhOs7KMHLFbrhETXJ3_9kSk
Cc: Steven Barth <cyrus@openwrt.org>, Markus Stenberg <markus.stenberg@iki.fi>, Mark Townsley <mark@townsley.net>, "homenet@ietf.org Group" <homenet@ietf.org>
Subject: Re: [homenet] HNCP
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 10:19:27 -0000
Op 5 mrt. 2014, om 09:35 heeft Ray Hunter <v6ops@globis.net> het volgende geschreven: >> Steven Barth <mailto:cyrus@openwrt.org> >> 14 February 2014 20:29 >> >> I think your arguments about the downsides are valid and we have thought about them as well. However the current approach seems to be practical given the current situation that there is no common consensus about an IGP or about there even being an IGP that fits all use cases. Some people even argue that in some or many common cases an IGP might be overkill. >> >> On top of that I even think if there would be a consensus in the near future then we still need autoconfiguration and source+dest routing standardized and adopted for that given IGP which will probably take quite some time as well. >> >> So yes, there are limitations and hopefully this is not the final stance on this topic and at some point there is some kind of industry-consensus on an IGP. But honestly I don't see this happening any time soon. >> >> >> ------------------------------------------------------------------------ > Thinking further about what should or should not be in HNCP. > > Is HNCP a useful place to standardise negotiation and maintenance of trust anchors? > > I know many pieces of kit support a 'peer now' button (Bluetooth audio, DECT phones, Powerline Ethernet), which triggers a leap of faith that direct neighbours in the same mode are trustworthy, but I'm not aware of any IETF standardised way that Homenet devices could negotiate e.g. a common encryption key or private root certificate. > > As a rough sketch: > > an external trigger [physical button, GUI command, first power on, factory specific action] places one or more devices into "leap of faith" mode > each device generates a candidate encryption key or private key on the fly > device detects direct neighbours in similar leap of faith negotiation mode > two neighbouring devices establish a secure channel between the pair > neighbouring devices exchange certificates or keys and optionally enter them into a store, so that the direct neighbors can authenticate each other in the future without entering leap of faith mode. > > Devices periodically flood a public key throughout the homenet, with the flooding being authenticated across each pair of neighbours using the trust established above, or a HNCP key or certificate that has been previously established. > During the flooding, if A trusts B and B trusts C then A trusts C. > All devices end up with a copy of every other device's public key. Each device has its own private key. > > For maintenance, a timer triggers key or certificate roll over of existing established neighbour trust relationships > > This HNCP established key or certificate can be used to authenticate future HNCP messages (e.g. between two devices that were not direct neighbours, but become neighbours, because one device has been replugged), or other messages in other protocols. On user friendly trust maintenance, I would use by mobile to let my new devices join my homenet. Also, I would use the app for excluding devices I don’t own anymore. I’m not sure the mechanism needs to be build on a distributed database or has a more centralized approach. Perhaps use the zero dependency rule and avoid SPOF. Having my portable gear be part of HNCP would introduce additional requirements on merge of the distributed database, on for example conflict resolving. Teco > > -- > Regards, > RayH > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet
- [homenet] Two new drafts (and third one 'soon') Markus Stenberg
- [homenet] HNCP Mark Townsley
- Re: [homenet] HNCP Townsley.net
- Re: [homenet] HNCP Dave Taht
- Re: [homenet] HNCP Ray Hunter
- Re: [homenet] HNCP Steven Barth
- Re: [homenet] HNCP Mikael Abrahamsson
- Re: [homenet] HNCP Ray Hunter
- Re: [homenet] HNCP Markus Stenberg
- Re: [homenet] HNCP Teco Boot