IETF 101 - Homenet Friday, March 23, 2018 9:30-11:30 (GMT) Friday Morning session I Chairs: Barbara Stark, Stephen Farrell Note taker - Stuart Cheshire Jabber relay - Mikael Abrahamsson 0. Administrivia (5m) 1. WG Status Update - Chairs (5m) 2. Naming Architecture and Service Discovery 3. Presentation on anima security (Michael Richardson, 20 min) 4. Homenet security discussion (40 min) ------------------------- Administrivia and WG Status Update Chairs went through Chair slides https://datatracker.ietf.org/meeting/101/materials/slides-101-homenet-chair-slides-02 There were no comments against the agenda. ------------------------- Naming Architecture and Service Discovery Ted Lemon presented Simple Homenet Naming Architecture https://datatracker.ietf.org/meeting/101/materials/slides-101-homenet-simple-homenet-naming-architecture-00 John Border : Do we need to do anything with DPRIVE/Port 853? Ted: Great question. Ted: I don't know the answer right now. We should have a discussion about that. Andrew Sullivan: There seems to be a dependency path on advanced architecture which is opposite of what we decided to do. Is this what you're saying? Ted: We didn't want advanced architecture to be required, but intent was not to get rid of the dependency. Andrew: I remember things differently. Ted: I just wanted to make sure I haven't left anything out that might lead to advanced architecture. Bob Hinden: I agree with Andrew. Mikael: Operators are moving more to using OpenWRT. Make license permissive so operators can use. Ted: We need people to try it out. Barbara Stark: We need to understand how this works in a multi router environment, including a mixed environment of homenet/non-homenet. Ted: I did assume HNCP and need to have a section describing HNCP interaction. Stephen Farrell: There are some parts of the document which still need to be fleshed out. It's not clear which of those parts are trivial and which parts are substantial. Juliusz Chroboczek: It's hard to know if a specification is really good without actually implementing it. It would be good to have another independent implementation of this. Ted: I would like to dive into each section for reviews. I would like to do this on the email list, with separate threads per section or topic. ------------------------- Presentation on anima security Michael Richardson presenting https://datatracker.ietf.org/meeting/101/materials/slides-101-homenet-presentation-on-anima-security-00 Juliusz: What happens if I buy a router at a flea market? Michael: The previous owner would act in the role of "vendor" to the flea market customer, and would generate a "manufacturer voucher" for them (draft-ietf-anima-voucher). We were specific that we wouldn't support resale. There are people who want to know they haven't bought a resale device. Ted: Thanks for preparing. I have experience recently with the types of devices you're talking about. There were problems with the registration process. It was a pain. Does anima provide a better answer to that? Michael: There are many ways to do this. Right now people have agreed to just write them down. A difference is you would be interacting with your registrar and would not have to leave the network. Ted: Is anima doing something similar to AOSS? Michael: I don't know. Mikael: netconf zero-touch is almost done. We're missing the NMS part of that. Michael: Yes. There is also TR-069. Mikael: Yes, this is one way of doing it. As to flea market and reselling, this happens a lot. If device is cheap, vendor won't want to help reset. Factory reset needs to e factory reset. Michael: We support whatever model the manufacturer wants. Pierre Pfister: I doubt that home customers will have enough technical knowledge to make all this work. Cisco manufactures desk phones that work pretty much exactly this way. Massimiliano Stucchi: In many places resale of devices is a vital part of the market. Stuart: I find this puzzling, like a parallel universe. Michael: You can find services with DNS-SD, but also other ways. Stuart: But how you find devices is being done with all sorts of models doing it today. There are all sorts of wireless protocols that have their own L2 solutions for finding and enrolling devices. Michael: We're doing the complete opposite. We'd like to reference some of these other methods, but many are proprietary, and some documents are hard to acquire. Stuart: A common mechanism is using a smartphone camera to read the serial number, for example. Michael: But the question is do we want a common method for all. Stuart: The Thread Group specifications can be downloaded easily. I don't know why people are instructed to remain ignorant. You can read without joining or committing to IPR. Bob Moskowitz: The IEEE published 802.1AR (Secure Device Identity) in 2009. Our goal is to have something consistent and open and not encourage having a lot of verticals. Michael: Homenet is a most difficult enclave. It is essentially the wild west. Bob: This can be of immense value. Juliusz: Assumptions need to be written out. I think you are making assumption that user and vendor interests are aligned. I don't think that can be assumed in homenet environment. That assumption needs to be spelled out. Another point is we live in world where open source software is becoming prevalent. Secure boot has very bad reputation. Michael: Secure boot is different from secure bootstrap I'm talking about. Juliusz: Saying the vendor has a role in the future of the device may not be something we want to say. Michael: It keeps me awake at night. How to create options that allow users to have some control of their devices. I don't have solution. Bob: We discussed this back in 2004. If you have different method to enroll, you can use other id. Hard social problem. ---------------- General discussion on homenet security Diplaying email Stephen Farrell had sent to list. Stephen Farrell: We have item in charter on perimeter security. No one has volunteered yet to create text. What do we want to do about this? Ted: I have interest. But want to do naming first. Stephen: OK, so we don't give up on this, yet. If anyone else is interested, please let Barbara and me know and send to the list. Stephen: Third item in email was about babel and HNCP security. What do we do? Juliusz: We have 2 security solutions in babel. HMAC and DTLS. Both are happening now. We have 2 non-interoperable DTLS implementations. There is rough agreement that HMAC should be strongly recommended and DTLS should be optional. Stephen: So we should wait? Juliusz: No. We know exactly what it's going to look like so we can proceed now. Stephen: Given there are 2 mechanisms do we want to prefer one? Juliusz: Are you happy with symmetric keying? If so, HMAC is fine. Barbara: Should babel WG make the recommendation of what is mandatory for homenet? David: No. What's mandatory in babel isn't important for homenet. Homenet needs to define the root of trust. Then homenet can pick which mechanism it wants. We need to make progress in defining what kinds of keys we want. Pierre Pfister: We are in great position to work with babel. I am happy with HMAC option. It's a piece of cake to create key shared among nodes. Ted: We've abandoned the idea of doing pairwise symmetric keying? Juliusz: With DTLS you get whatever DTLS provides you. Ted: So we are doing DTLS which gives us that? Stephen: That was an individual's comment. Pierre: Maybe we can use HNCP to help encrypt babel. Ted: If babel doesn't use pairwise symmetric keys then we can use them. How do you know a node has been compromised if you use shared key? David: We need to figure this out. We have options. Stephen: Who wants to be actively involved? 3 people raised hands. Please have a chat and create a proposal. Ted: I believe Chris of Apple wrote document on how to do pairwise keying. There was work done. Maybe we should revise that. Juliusz: I would suggest that this discussion would be more productive with code. Ted: I agree. Stephen: So hopefully people who volunteered will have code. David: We would like to see implementation of draft that Ted mentioned. Ted: Chris' draft didn't talk about HNCP part. We need to have asymmetric keys working in HNCP and use HNCP to develop pairwise symmetric keys. Stephen: Design at mic line is not productive. Chairs will work to encourage progress. Any other comments on that topic? ------------------ Stephen: We're at Any Other Business part of the agenda. Is there any? No. Thank you.