Minutes IETF101: homenet
minutes-101-homenet-02

IETF 101 - Homenet

Friday, March 23, 2018
9:30-11:30 (GMT) Friday Morning session I

Chairs: Barbara Stark, Stephen Farrell
Note taker - Stuart Cheshire
Jabber relay - Mikael Abrahamsson

0. Administrivia (5m)
1. WG Status Update - Chairs (5m)
2. Naming Architecture and Service Discovery
3. Presentation on anima security (Michael Richardson, 20 min)
4. Homenet security discussion (40 min)

-------------------------

Administrivia and WG Status Update
Chairs went through Chair slides
https://datatracker.ietf.org/meeting/101/materials/slides-101-homenet-chair-slides-02
There were no comments against the agenda.

-------------------------

Naming Architecture and Service Discovery

Ted Lemon presented Simple Homenet Naming Architecture
https://datatracker.ietf.org/meeting/101/materials/slides-101-homenet-simple-homenet-naming-architecture-00

John Border <from jabber>: Do we need to do anything with DPRIVE/Port 853?

Ted: Great question.
Ted: I don't know the answer right now. We should have a discussion about that.

Andrew Sullivan: There seems to be a dependency path on advanced architecture
which is opposite of what we decided to do. Is this what you're saying?

Ted: We didn't want advanced architecture to be required, but intent was not to
get rid of the dependency.

Andrew: I remember things differently.

Ted: I just wanted to make sure I haven't left anything out that might lead to
advanced architecture.

Bob Hinden: I agree with Andrew.

Mikael: Operators are moving more to using OpenWRT. Make license permissive so
operators can use.

Ted: We need people to try it out.
Barbara Stark: We need to understand how this works in a multi router
environment, including a mixed environment of homenet/non-homenet.

Ted: I did assume HNCP and need to have a section describing HNCP interaction.

Stephen Farrell: There are some parts of the document which still need to be
fleshed out. It's not clear which of those parts are trivial and which parts
are substantial.

Juliusz Chroboczek: It's hard to know if a specification is really good without
actually implementing it. It would be good to have another independent
implementation of this.

Ted: I would like to dive into each section for reviews. I would like to do
this on the email list, with separate threads per section or topic.

-------------------------

Presentation on anima security

Michael Richardson presenting
https://datatracker.ietf.org/meeting/101/materials/slides-101-homenet-presentation-on-anima-security-00

Juliusz: What happens if I buy a router at a flea market?

Michael: The previous owner would act in the role of "vendor" to the flea
market customer, and would generate a "manufacturer voucher" for them
(draft-ietf-anima-voucher). We were specific that we wouldn't support resale.
There are people who want to know they haven't bought a resale device.

Ted: Thanks for preparing. I have experience recently with the types of devices
you're talking about. There were problems with the registration process. It was
a pain. Does anima provide a better answer to that?

Michael: There are many ways to do this. Right now people have agreed to just
write them down. A difference is you would be interacting with your registrar
and would not have to leave the network.

Ted: Is anima doing something similar to AOSS?

Michael: I don't know.

Mikael: netconf zero-touch is almost done. We're missing the NMS part of that.

Michael: Yes. There is also TR-069.
Mikael: Yes, this is one way of doing it. As to flea market and reselling, this
happens a lot. If device is cheap, vendor won't want to help reset. Factory
reset needs to e factory reset.

Michael: We support whatever model the manufacturer wants.

Pierre Pfister: I doubt that home customers will have enough technical
knowledge to make all this work. Cisco manufactures desk phones that work
pretty much exactly this way.

Massimiliano Stucchi: In many places resale of devices is a vital part of the
market.

Stuart: I find this puzzling, like a parallel universe.

Michael: You can find services with DNS-SD, but also other ways.

Stuart: But how you find devices is being done with all sorts of models doing
it today. There are all sorts of wireless protocols that have their own L2
solutions for finding and enrolling devices.

Michael: We're doing the complete opposite. We'd like to reference some of
these other methods, but many are proprietary, and some documents are hard to
acquire.

Stuart: A common mechanism is using a smartphone camera to read the serial
number, for example.

Michael: But the question is do we want a common method for all.

Stuart: The Thread Group specifications can be downloaded easily. I don't know
why people are instructed to remain ignorant. You can read without joining or
committing to IPR.

Bob Moskowitz: The IEEE published 802.1AR (Secure Device Identity) in 2009. Our
goal is to have something consistent and open and not encourage having a lot of
verticals.

Michael: Homenet is a most difficult enclave. It is essentially the wild west.

Bob: This can be of immense value.

Juliusz: Assumptions need to be written out. I think you are making assumption
that user and vendor interests are aligned. I don't think that can be assumed
in homenet environment. That assumption needs to be spelled out. Another point
is we live in world where open source software is becoming prevalent. Secure
boot has very bad reputation.

Michael: Secure boot is different from secure bootstrap I'm talking about.

Juliusz: Saying the vendor has a role in the future of the device may not be
something we want to say. Michael: It keeps me awake at night. How to create
options that allow users to have some control of their devices. I don't have
solution.

Bob: We discussed this back in 2004. If you have different method to enroll,
you can use other id. Hard social problem.

----------------

General discussion on homenet security

Diplaying email Stephen Farrell had sent to list.

Stephen Farrell: We have item in charter on perimeter security. No one has
volunteered yet to create text. What do we want to do about this?

Ted: I have interest. But want to do naming first.

Stephen: OK, so we don't give up on this, yet. If anyone else is interested,
please let Barbara and me know and send to the list.

Stephen: Third item in email was about babel and HNCP security. What do we do?

Juliusz: We have 2 security solutions in babel. HMAC and DTLS. Both are
happening now. We have 2 non-interoperable DTLS implementations. There is rough
agreement that HMAC should be strongly recommended and DTLS should be optional.

Stephen: So we should wait?

Juliusz: No. We know exactly what it's going to look like so we can proceed now.

Stephen: Given there are 2 mechanisms do we want to prefer one?

Juliusz: Are you happy with symmetric keying? If so, HMAC is fine.

Barbara: Should babel WG make the recommendation of what is mandatory for
homenet?

David: No. What's mandatory in babel isn't important for homenet. Homenet needs
to define the root of trust. Then homenet can pick which mechanism it wants. We
need to make progress in defining what kinds of keys we want.

Pierre Pfister: We are in great position to work with babel. I am happy with
HMAC option. It's a piece of cake to create key shared among nodes.

Ted: We've abandoned the idea of doing pairwise symmetric keying?

Juliusz: With DTLS you get whatever DTLS provides you.

Ted: So we are doing DTLS which gives us that?

Stephen: That was an individual's comment.

Pierre: Maybe we can use HNCP to help encrypt babel.

Ted: If babel doesn't use pairwise symmetric keys then we can use them. How do
you know a node has been compromised if you use shared key?

David: We need to figure this out. We have options.

Stephen: Who wants to be actively involved? 3 people raised hands. Please have
a chat and create a proposal.

Ted: I believe Chris of Apple wrote document on how to do pairwise keying.
There was work done. Maybe we should revise that.

Juliusz: I would suggest that this discussion would be more productive with
code.

Ted: I agree.

Stephen: So hopefully people who volunteered will have code.

David: We would like to see implementation of draft that Ted mentioned.

Ted: Chris' draft didn't talk about HNCP part. We need to have asymmetric keys
working in HNCP and use HNCP to develop pairwise symmetric keys.

Stephen: Design at mic line is not productive. Chairs will work to encourage
progress. Any other comments on that topic?

------------------

Stephen: We're at Any Other Business part of the agenda. Is there any? No.
Thank you.