IETF Logo Mail Archive

Re: [homenet] routing protocol comparison document and hncp

Michael Thomas <mike@mtcc.com> Tue, 03 March 2015 17:20 UTC

Return-Path: <mike@mtcc.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 896161A879B for <homenet@ietfa.amsl.com>; Tue, 3 Mar 2015 09:20:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.112
X-Spam-Level:
X-Spam-Status: No, score=-1.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RrsxvUqjtxkt for <homenet@ietfa.amsl.com>; Tue, 3 Mar 2015 09:20:30 -0800 (PST)
Received: from mtcc.com (mtcc.com [50.0.18.224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF1141A877D for <homenet@ietf.org>; Tue, 3 Mar 2015 09:20:30 -0800 (PST)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.7/8.14.7) with ESMTP id t23HKTN0028880 for <homenet@ietf.org>; Tue, 3 Mar 2015 09:20:29 -0800
Message-ID: <54F5ED5D.9000402@mtcc.com>
Date: Tue, 03 Mar 2015 09:20:29 -0800
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: homenet@ietf.org
References: <alpine.DEB.2.02.1503021452000.20507@uplift.swm.pp.se> <A782D466-C3D2-497F-A5C1-6ABD0CDBFB71@iki.fi> <3AA7118E69D7CD4BA3ECD5716BAF28DF22EE1EF9@xmb-rcd-x14.cisco.com> <54F4BC43.1090903@mtcc.com> <54F4BFE6.7020105@gmail.com> <54F4C43D.2020206@mtcc.com> <54F4D43E.1040508@gmail.com> <54F51706.7010103@mtcc.com> <2749579B-4D7F-4B0F-9ABC-8B15A81F713D@orandom.net> <54F5D3EC.2080307@mtcc.com> <20150303164345.GL98668@Space.Net>
In-Reply-To: <20150303164345.GL98668@Space.Net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/cYrewyZhPvjx3VSu-A_1zm-zAz8>
Subject: Re: [homenet] routing protocol comparison document and hncp
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2015 17:20:34 -0000

On 03/03/2015 08:43 AM, Gert Doering wrote:
> Hi,
>
> On Tue, Mar 03, 2015 at 07:31:56AM -0800, Michael Thomas wrote:
>> Considering that provisioning personal certificates is the almost the
>> polar opposite of zeroconf, the chances
>> of the normal schlub seeing an informative and/or trustworthy name are
>> really, really low.
> You might want to entertain you reading
>   
>    draft-behringer-homenet-trust-bootstrap
>
> which gives a good idea how this could work (the general ideas, maybe not
> the specific implementation).
>
> Of course the normal end user is not going to ever look at or manually
> generate a certificate.
>
>

I scanned this over (I think I've scanned Max's base doc too, but it's 
been a long time), and
don't think that the problem at hand has much to do with needing a CA of 
any sort. Binding
"human" names to cryptographic identities is fraught with trouble -- and 
if they're not intended
to be human consumable, they might as well be the fingerprint of a 
public key.

The big question i have is whether the non-interactive nature of certs 
is being taken advantage
of. For example, if I throw my root current CA in the trash what happens?

I have a lot of other questions, but I'm not sure whether this is right 
time to go through them.

Mike

v2.23.0 | Report a Bug | By Email