Minutes IETF101: homenet
minutes-101-homenet-00

IETF 101 - Homenet

Friday, March 23, 2018
9:30-11:30 (GMT) Friday Morning session I

Chairs: Barbara Stark, Stephen Farrell
Note taker - Stuart Cheshire
Jabber relay - Mikael Abrahamsson

0. Administrivia (5m)
1. WG Status Update - Chairs (5m)
2. Naming Architecture and Service Discovery
3. Presentation on anima security (Michael Richardson, 20 min)
4. Homenet security discussion (40 min)

-------------------------

Administrivia and WG Status Update
Chairs went through Chair slides
https://datatracker.ietf.org/meeting/101/materials/slides-101-homenet-chair-slides-02
There were no comments against the agenda.

-------------------------

Naming Architecture and Service Discovery

Ted Lemon presented Simple Homenet Naming Architecture
https://datatracker.ietf.org/meeting/101/materials/slides-101-homenet-simple-homenet-naming-architecture-00

John Border <from jabber>: Do we need to do anything with DPRIVE/Port 853?
Ted: Great question.
Ted: I don't know the answer right now. We should have a discusion about that.
Andrew Sullivan: There seems to be a dependency path on advanced architecture
which is opposite of what we decided to do. Is this what you're saying? Ted: We
didn't want advanced architecture to be required, but intent was not to get rid
of the dependency. Andrew: I remember things differently. Ted: I just wanted to
make sure I haven't left anything out that might lead to advanced architecture.
Bob Hinden: I agree with Andrew. Mikael: Operators are moving more to using
OpenWRT. Make license permissive so operators can use. Ted: We need people to
try it out. Barbara Stark: We need to understand how this works in a multi
router environment, including a mixed environment of homenet/non-homenet. Ted:
I did assume HNCP and need to have a section describing HNCP interaction.
Stephen Farrell: There are some parts of the document which still need to be
fleshed out. It's not clear which of those parts are trivial and which parts
are substantial. Juliusz Chroboczek: It's hard to know if a specification is
really good without actually implementing it. It would be good to have another
independent implementation of this. Ted: I would like to dive into each section
for reviews. I would like to do this on the email list, with separate threads
per section or topic.

-------------------------

Presentation on anima security

Michael Richardson presenting
https://datatracker.ietf.org/meeting/101/materials/slides-101-homenet-presentation-on-anima-security-00

Juliusz: What happens if I buy a router at a flea market?
Michael: The previous owner would act in the role of "vendor" to the flea
market customer, and would generate a "manufacturer voucher" for them
(draft-ietf-anima-voucher). We were specific that we wouldn't support resale.
There are people who want to know they haven't bought a resale device. Ted:
Thanks for preparing. I have experience recently with the types of devices
you're talking about. There were problems with the registration process. It was
a pain. Does anima provide a better answer to that? Michael: There are many
ways to do this. Right now people have agreed to just write them down. A
difference is you would be interacting with your registrar and would not have
to leave the network. Ted: Is anima doing something similar to AOSS? Michael: I
don't know. Mikael: netconf zero-touch is almost done. We're missing the NMS
part of that. Michael: Yes. There is also TR-069. Mikael: Yes, this is one way
of doing it. As to flea market and reselling, this happens a lot. If device is
cheap, vendor won't want to help reset. Factory reset needs to e factory reset.
Michael: We support whatever model the manufacturer wants. Pierre Pfister: I
doubt that home customers will have enough technical knowledge to make all this
work. Cisco manufactures desk phones that work pretty much exactly this way.
Massimiliano Stucchi: In many places resale of devices is a vital part of the
market. Stuart: I find this puzzling, like a parallel universe. Michael: You
can find services with DNS-SD, but also other ways. Stuart: But how you find
devices is being done with all sorts of models doing it today. There are all
sorts of wireless protocols that have their own L2 solutions for finding and
enrolling devices. Michael: We're doing the complete opposite. We'd like to
reference some of these other methods, but many are proprietary, and some
documents are hard to acquire. Stuart: A common mechanism is using a smartphone
camera to read the serial number, for example. Michael: But the question is do
we want a common method for all. Stuart: The Thread Group specifications can be
downloaded easily. I don't know why people are instructed to remain ignorant.
You can read without joining or committing to IPR. Bob Moskowitz: The IEEE
published 802.1AR (Secure Device Identity) in 2009. Our goal is to have
something consistent and open and not encourage having a lot of verticals.
Michael: Homenet is a most difficult enclave. It is essentially the wild west.
Bob: This can be of immense value. Juliusz: Assumptions need to be written out.
I think you are making assumption that user and vendor interests are aligned. I
don't think that can be assumed in homenet environment. That assumption needs
to be spelled out. Another point is we live in world where open source software
is becoming prevalent. Secure boot has very bad reputation. Michael: Secure
boot is different from secure bootstrap I'm talking about. Juliusz: Saying the
vendor has a role in the future of the device may not be something we want to
say. Michael: It keeps me awake at night. How to create options that allow
users to have some control of their devices. I don't have solution. Bob: We
discussed this back in 2004. If you have different method to enroll, you can
use other id. Hard social problem.

----------------

General discussion on homenet security

Diplaying email Stephen Farrell had sent to list.

Stephen Farrell: We have item in charter on perimeter security. No one has
volunteered yet to create text. What do we want to do about this? Ted: I have
interest. But want to do naming first. Stephen: OK, so we don't give up on
this, yet. If anyone else is interested, please let Barbara and me know and
send to the list. Stephen: Third item in email was about babel and HNCP
security. What do we do? Juliusz: We have 2 security solutions in babel. HMAC
and DTLS. Both are happening now. We have 2 non-interoperable DTLS
implementations. There is rough agreement that HMAC should be strongly
recommended and DTLS should be optional. Stephen: So we should wait? Juliusz:
No. We know exactly what it's going to look like so we can proceed now.
Stephen: Given there are 2 mechanisms do we want to prefer one? Juliusz: Are
you happy with symmetric keying? If so, HMAC is fine. Barbara: Should babel WG
make the recommendation of what is mandatory for homenet? David: No. What's
mandatory in babel isn't important for homenet. Homenet needs to define the
root of trust. Then homenet can pick which mechanism it wants. We need to make
progress in defining what kinds of keys we want. Pierre Pfister: We are in
great position to work with babel. I am happy with HMAC option. It's a piece of
cake to create key shared among nodes. Ted: We've abandoned the idea of doing
pairwise symmetric keying? Juliusz: With DTLS you get whatever DTLS provides
you. Ted: So we are doing DTLS which gives us that? Stephen: That was an
individual's comment. Pierre: Maybe we can use HNCP to help encrypt babel. Ted:
If babel doesn't use pairwise symmetric keys then we can use them. How do you
know a node has been compromised if you use shared key? David: We need to
figure this out. We have options. Stephen: Who wants to be actively involved? 3
people raised hands. Please have a chat and create a proposal. Ted: I believe
Chris of Apple wrote document on how to do pairwise keying. There was work
done. Maybe we should revise that. Juliusz: I would suggest that this
discussion would be more productive with code. Ted: I agree. Stephen: So
hopefully people who volunteered will have code. David: We would like to see
implementation of draft that Ted mentioned. Ted: Chris' draft didn't talk about
HNCP part. We need to have asymmetric keys working in HNCP and use HNCP to
develop pairwise symmetric keys. Stephen: Design at mic line is not productive.
Chairs will work to encourage progress. Any other comments on that topic?

------------------

Stephen: We're at Any Other Business part of the agenda. Is there any? No.
Thank you.