Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS)

Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr> Wed, 18 November 2015 15:57 UTC

Return-Path: <jch@pps.univ-paris-diderot.fr>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2881F1B386A; Wed, 18 Nov 2015 07:57:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.15
X-Spam-Level: *
X-Spam-Status: No, score=1.15 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_FR=0.35] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PG6Z4Fd4jXlA; Wed, 18 Nov 2015 07:57:47 -0800 (PST)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A25DD1B3835; Wed, 18 Nov 2015 07:57:46 -0800 (PST)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/56228) with ESMTP id tAIFvhOS006400; Wed, 18 Nov 2015 16:57:43 +0100
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id B759961F9D; Wed, 18 Nov 2015 16:57:43 +0100 (CET)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id XWYNXL-Y4H3E; Wed, 18 Nov 2015 16:57:41 +0100 (CET)
Received: from trurl.pps.univ-paris-diderot.fr (col75-1-78-194-40-74.fbxo.proxad.net [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id B1D5661FA6; Wed, 18 Nov 2015 16:57:41 +0100 (CET)
Date: Wed, 18 Nov 2015 16:57:43 +0100
Message-ID: <8737w3qozs.wl-jch@pps.univ-paris-diderot.fr>
From: Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr>
To: Ted Lemon <mellon@fugue.com>
In-Reply-To: <1447858576159-79d51c78-b96c8c38-55ec1307@fugue.com>
References: <20151117235034.24927.22561.idtracker@ietfa.amsl.com> <87poz7qw2k.wl-jch@pps.univ-paris-diderot.fr> <1447858576159-79d51c78-b96c8c38-55ec1307@fugue.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Wed, 18 Nov 2015 16:57:43 +0100 (CET)
X-Miltered: at korolev with ID 564C9FF7.003 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 564C9FF7.003 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@pps.univ-paris-diderot.fr>
X-j-chkmail-Score: MSGID : 564C9FF7.003 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/aEnT6KMA9-wxTL4OprD4kWfsJ6c>
Cc: homenet@ietf.org, iesg@ietf.org
Subject: Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2015 15:57:48 -0000

>> HNCP is an amazingly flexible protocol, and one that will hopefully be
>> used well beyond it's original area of application.  Many of the possible
>> applications of HNCP don't require DTLS, either because the network is
>> secured at a lower layer, or because they use a different application
>> layer mechanism.

> Which possible applications of HNCP don't require security?

It's not about not requiring security -- it's about mandating this
particular security mechanism.

> If you do have a reason for thinking that DTLS shouldn't be MTI, please
> state it plainly

The mesh community has been using a wide range of techniques for
configuring routers, static configuration, configuration protocols built
into routing protocols, AHCP, etc.  I am currently working on promoting
the use of a subset of HNCP instead.

This work is made difficult by the way the HNCP draft is written -- it is
not immediately obvious that HNCP is a small and elegant protocol, and
that most of the messy baggage is optional.  The general perception is "we
don't need the complexity of HNCP, let's do something ad hoc".  See for
example

  http://mid.gmane.org/87fv09u7uq.wl-jch@pps.univ-paris-diderot.fr

Adding MTI DTLS to HNCP will only make this situation worse: either HNCP
will be ignored by the communities, or the DTLS requirement will be
ignored.  The latter will enforce the (widely held) belief that the IETF
is a fossilised bureaucracy more interested in following its bureaucratic
rules than producing useful documents.  Neither is a desirable outcome.

-- Juliusz