IETF Logo Mail Archive

Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?

Michael Thomas <mike@mtcc.com> Thu, 14 March 2013 15:48 UTC

Return-Path: <mike@mtcc.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7110821F90C7 for <homenet@ietfa.amsl.com>; Thu, 14 Mar 2013 08:48:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBqfk3kfX69h for <homenet@ietfa.amsl.com>; Thu, 14 Mar 2013 08:48:52 -0700 (PDT)
Received: from mtcc.com (mtcc.com [IPv6:2001:5a8:4:9fe0:224:8cff:feaa:6d9b]) by ietfa.amsl.com (Postfix) with ESMTP id 2B80A21F8E74 for <homenet@ietf.org>; Thu, 14 Mar 2013 08:48:52 -0700 (PDT)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id r2EFmGCw020772 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 14 Mar 2013 08:48:16 -0700
Message-ID: <5141F140.2070508@mtcc.com>
Date: Thu, 14 Mar 2013 08:48:16 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: "Michael Behringer (mbehring)" <mbehring@cisco.com>
References: <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED6C6@xmb-rcd-x14.cisco.com>
In-Reply-To: <3AA7118E69D7CD4BA3ECD5716BAF28DF0F6ED6C6@xmb-rcd-x14.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1911; t=1363276096; x=1364140096; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[homenet]=20Next=20steps=20for=20draft- behringer-homenet-trust-bootstrap? |Sender:=20 |To:=20=22Michael=20Behringer=20(mbehring)=22=20<mbehring@c isco.com> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=aXRdvh5sGflvzzraIBU0YADEZ5+4jz6eeJB36xUUjEc=; b=PEjVuNCAERvyVNfwLqCVXCIjjUVy6H2C84wZ/S7jCUIPRk629AOVD+LMnU 2gqC9wVGf7m/o6yfIt5RGbSixvL+8aSBYAc1Mrc0powiIPPzoPOeveKYltcI SGHZPYTwr/lqVWGLGKv0aiD+SgmGrEd54wMbYyOrHXl3Ix4QGsgrE=;
Authentication-Results: mtcc.com; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; ); dkim-asp=pass header.From=mike@mtcc.com
Cc: Tim Chown <tjc@ecs.soton.ac.uk>, "homenet@ietf.org Group" <homenet@ietf.org>
Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-bootstrap?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 15:48:57 -0000

On 03/14/2013 08:40 AM, Michael Behringer (mbehring) wrote:
>> -----Original Message-----
>> From: homenet-bounces@ietf.org [mailto:homenet-bounces@ietf.org] On
>> Behalf Of Tim Chown
>> Sent: 13 March 2013 16:36
>> To: homenet@ietf.org Group
>> Subject: Re: [homenet] Next steps for draft-behringer-homenet-trust-
>> bootstrap?
>>
>> On 5 Mar 2013, at 17:52, Michael Behringer (mbehring)
>> <mbehring@cisco.com> wrote:
>>
>>> Our draft shows a way to do that in a relatively simple and secure way. I
>> believe this is a fundamental requirement in a homenet; there are other
>> ways to more or less achieve this goal - that needs to be discussed. But we
>> should have the discussion.
>>
>> If you have text to propose for the arch text, please do so.
> There will be cases where two homenets are adjacent, or where a visitor plugs in a device that doesn't belong to the homenet. We need to be able to control that.
>
> I suggest a subsection in the security section (3.6) to address this. This could sound something like:
>
> --
> 3.6.6. Device ownership
>
> There must be a way to administratively assert whether a device belongs to a homenet or not. The goal is to allow the establishment of borders, for example between two adjacent homenets or between the service provider and the homenet; and to avoid unauthorized devices from participating in the homenet.
>
> The homenet architecture MUST support a way for a homenet owner to claim ownership of his devices in a reasonably secure way. This could be achieved by a pairing mechanisms, by for example pressing buttons simultaneously on an authenticated and a new homenet device. Or by an enrolment process, as described in [draft-behringer-homenet-trust-bootstrap].
>

In today's world access control is gated at L2 via wpa or similar. Are you
suggesting that we have a L3 equivalent? In addition? In replacement?

Mike

v2.23.0 | Report a Bug | By Email