[homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)

["Stephen Farrell" <stephen.farrell@cs.tcd.ie>]

Stephen Farrell has entered the following ballot position for
draft-ietf-homenet-hncp-09: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-homenet-hncp/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


(Sorry for the N-th discuss, I quite like this protocol and
I'm sure we'll get 'em all cleared soon, but... ;-)
 
I'd like to chat about whether or not the DTLS recommendations
are correct here. To me, the consensus stuff (from section 8.3
of dncp) is not clearly baked (as I noted in iesg review of
dncp). The PKI stuff is well known, even if it it is a PITA from
many points of view. I don't think a SHOULD for the former and
a MAY for the latter is appropriate now. If the consensus based
stuff gets deployed and works, then it might be time to say
what you're now saying, but I don't think we're there yet. (I'd
be happy to look @ evidence that we are, and to change my
opinion accordingly.)

Please note that I think I like the consensus based scheme, I'm
just concerned it may not be ready for prime time. I'm also not
really convinced that all you need to do to get interop for
that is mention it and refer to dncp. But again, I could be
wrong and would appreciate being corrected if so.

In summary, I think you should say "when using DTLS with
asymmetric keying, then you SHOULD support the PKI-based method
and MAY support the consensus based method, which is still
somewhat experimental."


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

- I agree with Kathleen's discuss that the implementation
requirements for DTLS need to be clarified, hopefully (from my
POV) to make that MTI but I'll leave that discussion to the
other thread.

-Section 9: You should refer to HKDF and not HMAC-SHA256 though
the reference to RFC 6234 is still right. HMAC-SHA256 itself
is not a key derivation function, which is what you want here.

- Please take a look at the secdir review [1] and respond to
that as it raises one issue not (I think) otherwise mentioned.
What is the effect (on a home) of one compromised hncp router?
Perhaps you'll say that's obvious, or perhaps not, but I'm 
interested in what you do say, in case it's not obvious:-)

   [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06098.html