[homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 19 November 2015 14:21 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: homenet@ietf.org
Delivered-To: homenet@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BB6021B2A50; Thu, 19 Nov 2015 06:21:37 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.10.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20151119142137.30137.298.idtracker@ietfa.amsl.com>
Date: Thu, 19 Nov 2015 06:21:37 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/sLujTC3Ts_mvLj5O4YGkdDLFnFA>
Cc: homenet-chairs@ietf.org, homenet@ietf.org, mark@townsley.net, draft-ietf-homenet-hncp@ietf.org
Subject: [homenet] Stephen Farrell's Discuss on draft-ietf-homenet-hncp-09: (with DISCUSS and COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2015 14:21:37 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-homenet-hncp-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-homenet-hncp/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (Sorry for the N-th discuss, I quite like this protocol and I'm sure we'll get 'em all cleared soon, but... ;-) I'd like to chat about whether or not the DTLS recommendations are correct here. To me, the consensus stuff (from section 8.3 of dncp) is not clearly baked (as I noted in iesg review of dncp). The PKI stuff is well known, even if it it is a PITA from many points of view. I don't think a SHOULD for the former and a MAY for the latter is appropriate now. If the consensus based stuff gets deployed and works, then it might be time to say what you're now saying, but I don't think we're there yet. (I'd be happy to look @ evidence that we are, and to change my opinion accordingly.) Please note that I think I like the consensus based scheme, I'm just concerned it may not be ready for prime time. I'm also not really convinced that all you need to do to get interop for that is mention it and refer to dncp. But again, I could be wrong and would appreciate being corrected if so. In summary, I think you should say "when using DTLS with asymmetric keying, then you SHOULD support the PKI-based method and MAY support the consensus based method, which is still somewhat experimental." ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - I agree with Kathleen's discuss that the implementation requirements for DTLS need to be clarified, hopefully (from my POV) to make that MTI but I'll leave that discussion to the other thread. -Section 9: You should refer to HKDF and not HMAC-SHA256 though the reference to RFC 6234 is still right. HMAC-SHA256 itself is not a key derivation function, which is what you want here. - Please take a look at the secdir review [1] and respond to that as it raises one issue not (I think) otherwise mentioned. What is the effect (on a home) of one compromised hncp router? Perhaps you'll say that's obvious, or perhaps not, but I'm interested in what you do say, in case it's not obvious:-) [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06098.html
- [homenet] Stephen Farrell's Discuss on draft-ietf… Stephen Farrell
- Re: [homenet] Stephen Farrell's Discuss on draft-… Markus Stenberg
- Re: [homenet] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [homenet] Stephen Farrell's Discuss on draft-… Markus Stenberg
- Re: [homenet] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [homenet] Stephen Farrell's Discuss on draft-… Michael Richardson
- Re: [homenet] Stephen Farrell's Discuss on draft-… Juliusz Chroboczek
- Re: [homenet] Stephen Farrell's Discuss on draft-… Michael Thomas
- Re: [homenet] Stephen Farrell's Discuss on draft-… Henning Rogge
- Re: [homenet] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [homenet] Stephen Farrell's Discuss on draft-… Juliusz Chroboczek