The retail model works here. I can imagine a compliant CPE might allow the use to "take ownership" of an interior HNCP interface. That's only if the provider of that CPE wanted to be compliant to a future HNCP security standard.
Mark On Sep 18, 2014, at 3:43 PM, Randy Turner <rtur...@amalfisystems.com> wrote: > Are we assuming that the home router is purchased retail, and not "fulfilled" > or provided by an ISP? The method to establish trust relationships would > hinge on the answer > > Randy > > > > -------- Original message -------- > From: Mark Baugher <m...@mbaugher.com> > Date:09/18/2014 5:12 PM (GMT-06:00) > To: Randy Turner <rtur...@amalfisystems.com> > Cc: "homenet@ietf.org Group" <homenet@ietf.org> > Subject: Re: [homenet] HNCP security? > > > On Sep 18, 2014, at 2:37 PM, Randy Turner <rtur...@amalfisystems.com> wrote: > > > How do you bootstrap trust relationships without an initial certificate > > (whether installed at manufacturing or during a customer fulfillment stage) > > ? > > One way is through a user "security ceremony" (viz. Walker and Ellison) in > the Wi-Fi and UPnP standards: The user pushes a recites a password, pushes > buttons, waves an NFC device, etc. to authorize, e.g. sign the router's > self-signed cert so other routers will accept its HNCP. That's a root of > trust model. I'm sure there are other such models. There's been some talk > about using web of trust, but I don't understand how that would work. > > Mark > > > > > > > > > -------- Original message -------- > > From: Michael Thomas <m...@mtcc.com> > > Date:09/18/2014 4:17 PM (GMT-06:00) > > To: homenet@ietf.org > > Cc: > > Subject: Re: [homenet] HNCP security? > > > > > > On 9/18/14, 2:10 PM, STARK, BARBARA H wrote: > > >> Self-signed certs bring only confusion, IMO: they are nothing more than a > > >> raw key with an unsubstantiated claim to another name, along with a whole > > >> lot more ASN.1 baggage beyond what is needed to parse the modulo and > > >> exponent. > > >> > > >> And you don't get usage or policy restrictions without a CA that the > > >> *HOMENET* trusts to assert them, nor can that sort of policy assertion be > > >> done with device certs since I don't have any reason to believe > > >> fly-by-night's > > >> routers should be allowed to do whatever it is they claim they want to > > >> do. > > > No, this would only be true if there were an implied authorization to go > > > along with the authentication. > > > > Yes, I agree and that's why self-signed and/or manufacturer certs are of > > no help. > > There is no believable authz in them. A homenet would need to run its > > own CA, or > > use a CA that it delegates authz to. Or does something that avoids certs > > altogether > > and provides its own enrollment/authz solution. > > > > Mike > > > > _______________________________________________ > > homenet mailing list > > homenet@ietf.org > > https://www.ietf.org/mailman/listinfo/homenet > > > > _______________________________________________ > > homenet mailing list > > homenet@ietf.org > > https://www.ietf.org/mailman/listinfo/homenet > > _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet