On Tue, Aug 06, 2019 at 06:13:25PM +0000, STARK, BARBARA H wrote: > Removing unnecessary participants from the discussion (I don't think its > relevant to the IESG review of babel-applicability?), and adding homenet... > > > > How does the HOMENET usage of babel fit into this? I would be > > > surprised if they were expecting secure link layers to be used inside > > > the home, but it does seem like the threat model for HOMENET includes > > > hostile or compromised devices in the home. > > > > Barbara will correct me if I'm wrong, but as far as I know, the Homenet > > working group hasn't decided on a security mechanism yet. I have heard > > opinions to the effect that Homenet requires asymmetric authentication, in > > which case Babel-DTLS would be necessary, but I wouldn't presume to judge > > whether these opinions represent WG consensus. > > Homenet WG hasn't documented its security requirements -- for anything. > The current model for securing home networks is to secure the physical > layers. > The normal practice for dealing with compromised devices in the home is to > remove or fix them when someone figures out they're compromised. > My personal (individual) opinion is it's extremely important to have tools to > discover when a device is causing trouble. On-going protection against such > devices (so they can be safely(?) left on the home network indefinitely and > people can feel secure????) isn't important or even necessarily a good idea. > > Babel-HMAC could identify anything trying to talk Babel without a key. If the > compromised device has been given the keys (because the user thought it could > be trusted and didn't know it was compromised), then neither HMAC nor DTLS > will be of any protection.
Hmm, so do you think it's possible that HOMENET could land in the "uses secure link layers" bucket? (It sounds like it's also possible it would use babel-hmac or babel-dtls.) I can readjust my expectations accordingly... Thanks, Ben _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
