[homenet] security work items - what do we want to do?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 23 January 2018 22:46 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD43C12D879 for <homenet@ietfa.amsl.com>; Tue, 23 Jan 2018 14:46:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2b5VeE95HKlr for <homenet@ietfa.amsl.com>; Tue, 23 Jan 2018 14:46:06 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E65FF12D84E for <homenet@ietf.org>; Tue, 23 Jan 2018 14:46:05 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A5D05BE49 for <homenet@ietf.org>; Tue, 23 Jan 2018 22:46:03 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2iY4g3wMpUIf for <homenet@ietf.org>; Tue, 23 Jan 2018 22:46:02 +0000 (GMT)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 48AA0BE47 for <homenet@ietf.org>; Tue, 23 Jan 2018 22:46:02 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1516747562; bh=Tjmx+3xf24LflYiL9BL0s0khSS+WLMDoHI9PUfHo+yU=; h=To:From:Subject:Date:From; b=Zcef6fvCVFgaEbVlWZNdxt8FsQQNF7duMzDghKzmkcyIRwVfgTMlzGf75rQyLrQm7 uo1CbxlsQQwsHlcXzlRM2iVwTzzeSrm8c6cFTOl8zO9hWlW1m93U30SzOYtEvO/Zfg BcbHZsbUnpp2v0i9hvoznCD3hzpfhHzyt7YTNhl0=
To: "homenet@ietf.org" <homenet@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <cd3042c4-e213-feb2-47ea-00f5fb6ab3ab@cs.tcd.ie>
Date: Tue, 23 Jan 2018 22:46:01 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="8d0NbBakrXfp7qcqNALZPvVShBqu2HEWB"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/ug_rwh69SN_E61-66-mnwgWkNtU>
Subject: [homenet] security work items - what do we want to do?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jan 2018 22:46:09 -0000

Hi homenet folks,

Barbara and I were chatting about the security work that
may need to be done in the homenet wg in the coming months
and here are our thoughts on that. We'd like to get folks'
reactions to those:

- Does this sound roughly right or off the wall?
- If the former, do we think it's doable?
- If so, who'd like to help do the work etc.

It seems there are three possible work items for us
to consider:

1. Documenting the security considerations and any
security mechanisms needed for draft-ietf-homenet-simple-naming.
We assume that that work will be done as a normal part
of developing that draft, so is, or will be, in-hand.

2. We have this milestone in our charter:

    "Nov 2018 - Submission of the perimeter security draft
     to the IESG as Informational RFC"

- Do we still agree that this is a good milestone?
- If not, why not?
- If so, do we have people who are willing to work on
  this?

3. HNCP and Babel define some security mechanisms that can
be used to secure those protocols, and more work is being
done at the moment in the babel WG on uses of HMAC and DTLS
with Babel.

- Does the homenet wg need to profile use of those
  security mechanisms, for example to document a way to
  establish initial keying material that we'd like to see
  implemented when those protocols are used in home networks?
- If so, (and without yet getting into discussions about ToFU
  etc) do we have people who are interested in working on
  that?

If possible, it'd be great to get a sense of the WG's
ideas on the above before we construct an agenda for
our meeting in London in March (which is not that far
away now).

Thanks,
Barbara & Stephen



-- 
PGP key change time for me.
New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018.
NewWithOld sigs in keyservers.
Sorry if that mucks something up;-)