IETF Logo Mail Archive

Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 15 March 2013 08:09 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A00B421F8D02 for <homenet@ietfa.amsl.com>; Fri, 15 Mar 2013 01:09:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.861
X-Spam-Level:
X-Spam-Status: No, score=-98.861 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RCVD_ILLEGAL_IP=1.908, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03OQ03iyv5iI for <homenet@ietfa.amsl.com>; Fri, 15 Mar 2013 01:09:16 -0700 (PDT)
Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) by ietfa.amsl.com (Postfix) with ESMTP id C746921F8CFB for <homenet@ietf.org>; Fri, 15 Mar 2013 01:09:15 -0700 (PDT)
Received: by mail-wg0-f41.google.com with SMTP id ds1so288890wgb.2 for <homenet@ietf.org>; Fri, 15 Mar 2013 01:09:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:organization:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=OswOocGy02tzNlYWFKKsAJ0XrLbdKnnKUfo99vmegZI=; b=m027lTl82vZUaz0BHcgcu1/mzFDtGdKEcZZjJDh+F8WiL4EjiyRGJ015emHMSRbg42 nMZeEbgH34J6uloqBLqWbbWQVPMXSRkLNgSlborBjUDMx8MTbCTHX5ProyO097hqCBX+ Oh7WI5C0M6okCWkJZrYCa1lTaHnMBFRfwvmTliMVz46SNkcDjn5P1HatVGNRGhPzc78/ Kt6SzdlAp5JUH9JyjAY6+9fNXWvMqcYLmqi6QbwLu4NbOJQtIms9i/s7p15gq8L8lr/d sO/GpW8AqjlIa9YTxxT05wxNjOx6I0YNNg+M5IkkzILfzgiscwJwmNwRpgtEpxdLE1r8 fcmQ==
X-Received: by 10.180.37.146 with SMTP id y18mr1213991wij.10.1363334954387; Fri, 15 Mar 2013 01:09:14 -0700 (PDT)
Received: from [192.168.1.65] (host-2-101-188-133.as13285.net. [2.101.188.133]) by mx.google.com with ESMTPS id q13sm1705027wie.0.2013.03.15.01.09.12 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 15 Mar 2013 01:09:13 -0700 (PDT)
Message-ID: <5142D736.1090008@gmail.com>
Date: Fri, 15 Mar 2013 08:09:26 +0000
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Michael Behringer (mbehring)" <mbehring@cisco.com>
References: <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED6C6@xmb-rcd-x14.cisco.com> <5141F140.2070508@mtcc.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED79F@xmb-rcd-x14.cisco.com> <5142444E.10105@mtcc.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6EE46B@xmb-rcd-x14.cisco.com>
In-Reply-To: <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6EE46B@xmb-rcd-x14.cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Tim Chown <tjc@ecs.soton.ac.uk>, Michael Thomas <mike@mtcc.com>, "homenet@ietf.org Group" <homenet@ietf.org>
Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 08:09:16 -0000

On 15/03/2013 00:16, Michael Behringer (mbehring) wrote:
>> -----Original Message-----
>> From: Michael Thomas [mailto:mike@mtcc.com]
>> Sent: 14 March 2013 17:43
>> To: Michael Behringer (mbehring)
>> Cc: Tim Chown; homenet@ietf.org Group
>> Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-
>> bootstrap?
>>
>> On 03/14/2013 10:03 AM, Michael Behringer (mbehring) wrote:
>>>> From: Michael Thomas [mailto:mike@mtcc.com]
>>> [...]
>>>> In today's world access control is gated at L2 via wpa or similar.
>>>> Are you suggesting that we have a L3 equivalent? In addition? In
>> replacement?
>>> We need a solution to this problem. I think this is the first important thing
>> to note, and so far it isn't noted (or I missed it). Which solution is open for
>> discussion.
>>> Can we agree thus far?
>> Well, it seems to me that we have a solution today at L2, at least for
>> wireless which is the most pressing need. Am I missing something? Or are
>> talking about remote access into your homenet?
> 
> No, it's not primarily for remote access. 
> 
> Even if we have something, the architecture doc should describe that this is an issue and needs to be addressed, and which solutions fit (including existing). 
> 
> But I think the need goes beyond wireless. If I have visitors, I may not like it if they plug in a device into the Ethernet socket in the guest room, and the device has full access to everything. I think we need a simple way to accept/deny a new device onto the network, independent of the media type. 

And preferably a method that doesn't involve asking your visitor for her
MAC address, or giving her a password that you don't want to leak.

On the other hand, a Bluetooth-like method that involves opening access
for a few minutes while you automatically register the MAC address might
be good enough for home use (but unacceptable for professional use).

What is unlikely to work in the real world is a complex cryptographically
sound mechanism, even though it might be fun to design and debug.

    Brian

v2.23.0 | Report a Bug | By Email