Re: [homenet] HNCP security?
Mark Townsley <mark@townsley.net> Wed, 24 September 2014 12:01 UTC
Return-Path: <mark@townsley.net>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB6DF1A000A for <homenet@ietfa.amsl.com>; Wed, 24 Sep 2014 05:01:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRIdKcjuKxA9 for <homenet@ietfa.amsl.com>; Wed, 24 Sep 2014 05:01:38 -0700 (PDT)
Received: from mail-la0-f45.google.com (mail-la0-f45.google.com [209.85.215.45]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 445DB1A0008 for <homenet@ietf.org>; Wed, 24 Sep 2014 05:01:38 -0700 (PDT)
Received: by mail-la0-f45.google.com with SMTP id el20so4053524lab.18 for <homenet@ietf.org>; Wed, 24 Sep 2014 05:01:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:content-transfer-encoding :mime-version:subject:message-id:date:references:in-reply-to:to; bh=uk3XLI6lAG18Y0SFtYI7R1ioRYfBa7a/6REYQdg13fU=; b=Gh4P2L+SbNlfj+0e9CCSNwB1Co1/94M5y8CyNqVMXeTIK0eUadbIIQSIzQnyZ3CxB4 CI2cv/Lrwlj7mGAEzkk+IQzBwtLoZKhTuwQy6aIKm5iKCyzWW7dJcmJHzicbJqbL/TRh sxzN8aCWvsAXNzsvisgApxIt7mKVaD8lajoXAZlOap163G0wOrtjCzlS+uTwhsiQQHIO MSeW5OmyXctcDkNk6sRZzQ/i3ud3vk2+4+MOfB6+Xhdyhzvnu7lZgMWc8IszI1TglDWo K64S9JMJPsxr7f0exUW7cFyezIVRuqx36Y3akoxvpTfqwWTVDKYuvlZBvEmw+j8ZMRP1 QH3w==
X-Gm-Message-State: ALoCoQmTQSdoWrjdF087BlKx7dm+fpwq0Gf1w8sxi6dMjx0Wg5gfZhHn9kE7/024hvYeOOtxsmsi
X-Received: by 10.112.17.2 with SMTP id k2mr5827777lbd.28.1411560096146; Wed, 24 Sep 2014 05:01:36 -0700 (PDT)
Received: from [172.20.46.5] ([79.170.214.36]) by mx.google.com with ESMTPSA id v6sm5724068lbb.33.2014.09.24.05.01.35 for <homenet@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 24 Sep 2014 05:01:35 -0700 (PDT)
From: Mark Townsley <mark@townsley.net>
Content-Type: multipart/alternative; boundary="Apple-Mail-F120E6F6-0633-4819-88CC-6E75D0385B7B"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Message-Id: <D3AB1759-4070-4CB8-B1D2-292472BE3197@townsley.net>
Date: Wed, 24 Sep 2014 14:01:34 +0200
References: <7BDD2D54-1058-4196-9BAD-770544096C93@iki.fi> <830.1410875532@sandelman.ca> <47647B8C-E3E6-4291-9F31-FBEE5FF53BFC@ecs.soton.ac.uk> <EMEW3|ba68076a23b44efccb32951649dba30aq8FLVJ03tjc|ecs.soton.ac.uk|47647B8C-E3E6-4291-9F31-FBEE5FF53BFC@ecs.soton.ac.uk> <alpine.DEB.2.02.1409170820460.14735@uplift.swm.pp.se> <5419A19F.1030808@mtcc.com> <alpine.DEB.2.02.1409180643250.14735@uplift.swm.pp.se> <541A7C1E.6090005@openwrt.org> <2D09D61DDFA73D4C884805CC7865E61130E839B6@GAALPA1MSGUSRBF.ITServices.sbc.com> <FD0A639D-2B33-473C-9F91-5AD39B30BBF8@fugue.com> <0F4C6033-0D1F-4B5E-B47E-72F87F888C50@townsley.net> <alpine.DEB.2.02.1409240738210.14735@uplift.swm.pp.se>
In-Reply-To: <alpine.DEB.2.02.1409240738210.14735@uplift.swm.pp.se>
To: "homenet@ietf.org" <homenet@ietf.org>
X-Mailer: iPad Mail (11D201)
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/h6buXcM3Yfjz2UElYzqQmcJIXM4
Subject: Re: [homenet] HNCP security?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Sep 2014 12:01:40 -0000
Thank you for all of the discussion on this important topic. Without declaring consensus on how far we should go scope-wise in terms of overall homenet security just yet, I'd like to know if, in terms of HNCP itself from a bits-on-the-wire protocol perspective, can we adopt this proposal proposal from Mikael? If yes, please say so. If no, please say why not (and even better if you can propose text that would alleviate your concern). Mikael Abrahamsson wrote: > So my proposal is that we make HNCP capable of using several methods, one is unsecure, one is secure by means of a shared secret, and then add other optional methods using PKI that would enable the above mentioned "accept each device manually" more secure way.
- [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Brian E Carpenter
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Acee Lindem (acee)
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Brian E Carpenter
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Curtis Villamizar
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Brian E Carpenter
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Pierre Pfister
- Re: [homenet] Quality time with Mike Markus Stenberg
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Tim Chown
- Re: [homenet] HNCP security? Mark Baugher (mbaugher)
- Re: [homenet] HNCP security? Mikael Abrahamsson
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Brian E Carpenter
- Re: [homenet] HNCP security? Acee Lindem (acee)
- Re: [homenet] HNCP security? Brian E Carpenter
- Re: [homenet] HNCP security? Mikael Abrahamsson
- Re: [homenet] HNCP security? Steven Barth
- Re: [homenet] HNCP security? STARK, BARBARA H
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? STARK, BARBARA H
- Re: [homenet] HNCP security? Michael Sweet
- Re: [homenet] HNCP security? Rene Struik
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Steven Barth
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Rene Struik
- Re: [homenet] HNCP security? David R Oran
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? STARK, BARBARA H
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Randy Turner
- Re: [homenet] HNCP security? STARK, BARBARA H
- Re: [homenet] HNCP security? Mark Baugher
- Re: [homenet] HNCP security? Mark Baugher
- Re: [homenet] HNCP security? Mark Baugher
- Re: [homenet] HNCP security? Brian E Carpenter
- Re: [homenet] HNCP security? Randy Turner
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Mark Baugher
- Re: [homenet] HNCP security? Randy Turner
- Re: [homenet] HNCP security? Mark Townsley
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Mark Baugher
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Steven Barth
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Steven Barth
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Mark Baugher
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Douglas Otis
- Re: [homenet] HNCP security? Randy Turner
- Re: [homenet] HNCP security? Mark Baugher
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Brian E Carpenter
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Tim Chown
- Re: [homenet] HNCP security? Steven Barth
- Re: [homenet] HNCP security? Mark Baugher
- Re: [homenet] HNCP security? Acee Lindem (acee)
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? STARK, BARBARA H
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Douglas Otis
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Mikael Abrahamsson
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Mikael Abrahamsson
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Mark Townsley
- Re: [homenet] HNCP security? Mark Townsley
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Steven Barth
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Tero Kivinen
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Stephen Farrell
- Re: [homenet] HNCP security? Tero Kivinen
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Stephen Farrell
- Re: [homenet] HNCP security? Ted Lemon
- Re: [homenet] HNCP security? Michael Thomas
- Re: [homenet] HNCP security? Michael Richardson
- Re: [homenet] HNCP security? Markus Stenberg
- Re: [homenet] HNCP security? Tero Kivinen