Re: [homenet] Stephen Farrell's No Objection on draft-ietf-homenet-hncp-10: (with COMMENT)

Markus Stenberg <markus.stenberg@iki.fi> Fri, 04 December 2015 21:53 UTC

Return-Path: <markus.stenberg@iki.fi>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 359B01A9252; Fri, 4 Dec 2015 13:53:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nUpHWFKLQS4I; Fri, 4 Dec 2015 13:53:45 -0800 (PST)
Received: from julia1.inet.fi (mta-out1.inet.fi [62.71.2.231]) by ietfa.amsl.com (Postfix) with ESMTP id E16F71A9248; Fri, 4 Dec 2015 13:53:44 -0800 (PST)
Received: from [172.16.0.192] (5.148.131.34) by julia1.inet.fi (9.0.002.03-2-gbe5d057) (authenticated as stenma-47) id 5613C7B101B89DAE; Fri, 4 Dec 2015 23:51:25 +0200
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
From: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <20151204165147.5335.55921.idtracker@ietfa.amsl.com>
Date: Fri, 4 Dec 2015 23:53:31 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <8C402EF7-6D2C-48E4-AA65-3FFC3A336E58@iki.fi>
References: <20151204165147.5335.55921.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/dhRsb2Kb0oo5Owqi6Ts5Rel3g9Q>
Cc: homenet-chairs@ietf.org, homenet@ietf.org, Mark Townsley <mark@townsley.net>, The IESG <iesg@ietf.org>, draft-ietf-homenet-hncp@ietf.org
Subject: Re: [homenet] Stephen Farrell's No Objection on draft-ietf-homenet-hncp-10: (with COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 21:53:47 -0000

> On 4.12.2015, at 18.51, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> Thanks for addressing my discuss about the options for 
> using DTLS. Sorry for being slow with this ballot update.
> 
> The comments below are old, I didn't check if you've
> made related changes. Happy to chat about that if you
> want, (or not if you prefer not:-)
> 
> - I agree with Kathleen's discuss that the implementation
> requirements for DTLS need to be clarified, hopefully (from my
> POV) to make that MTI but I'll leave that discussion to the
> other thread.

We did some text clarification on this I believe in -10.

> -Section 9: You should refer to HKDF and not HMAC-SHA256 though
> the reference to RFC 6234 is still right. HMAC-SHA256 itself
> is not a key derivation function, which is what you want here.

Fixed in -10 (really sad failure on my part :-p)

> - Please take a look at the secdir review [1] and respond to
> that as it raises one issue not (I think) otherwise mentioned.
> What is the effect (on a home) of one compromised hncp router?
> Perhaps you'll say that's obvious, or perhaps not, but I'm 
> interested in what you do say, in case it's not obvious:-)

There's text about that in the security considerations, I believe. (Pointer in the -09 DISCUSS thread IIRC).

Cheers,

-Markus