Re: [homenet] Please review security considerations of draft-homenet-babel-profile
Juliusz Chroboczek <jch@irif.fr> Tue, 25 July 2017 22:32 UTC
Return-Path: <jch@irif.fr>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6AC8131FAD for <homenet@ietfa.amsl.com>; Tue, 25 Jul 2017 15:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dQoX_A-P1Uhz for <homenet@ietfa.amsl.com>; Tue, 25 Jul 2017 15:32:43 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 405B6131F05 for <homenet@ietf.org>; Tue, 25 Jul 2017 15:32:43 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/56228) with ESMTP id v6PMWfrE028349; Wed, 26 Jul 2017 00:32:41 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 73ABEEB2CC; Wed, 26 Jul 2017 00:32:41 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id aDp7CSqEXWem; Wed, 26 Jul 2017 00:32:40 +0200 (CEST)
Received: from trurl.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 627D4EB274; Wed, 26 Jul 2017 00:32:40 +0200 (CEST)
Date: Wed, 26 Jul 2017 00:32:40 +0200
Message-ID: <87h8y0f8qf.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Mark Baugher <mark@mbaugher.com>
Cc: homenet@ietf.org
In-Reply-To: <2EB62874-CC8D-4E41-80A1-1EA3978912F2@mbaugher.com>
References: <874lu045zs.wl-jch@irif.fr> <2EB62874-CC8D-4E41-80A1-1EA3978912F2@mbaugher.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Wed, 26 Jul 2017 00:32:41 +0200 (CEST)
X-Miltered: at korolev with ID 5977C709.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5977C709.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5977C709.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/YKY8vW5dst_DkydCs2YgLGTSpkw>
Subject: Re: [homenet] Please review security considerations of draft-homenet-babel-profile
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2017 22:32:45 -0000
> ...one might recommend starting with "an upper-layer security protocol" > such as CMS, COSE, JOSE or some other layer-3 encapsulation. We're planning to use DTLS for both HNCP and Babel. But the authentication mechanism is not our main concern. This being Homenet, we need to generate keys automatically and distribute them securely with little or no user intervention. This is not trivial to do right, and requires carefully balancing the tradeoffs between security and usability. -- Juliusz
- [homenet] Please review security considerations o… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Stephen Farrell
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Ray Bellis
- Re: [homenet] Please review security consideratio… Mark Baugher
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Gert Doering
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Gert Doering