Ted Lemon <mel...@fugue.com> wrote:
> That partly gets rid of the security exception on each access to the
> web interface: provided the web browser loads the new trust anchor.
> I don't know how to make that work without a fake domain tree. Can't we
just
> use ACME+letsencrypt.org?
I hadn't thought about that.
The objections I can think about involves three kinds of things:
a) do they really want this kind of traffic?
b) the certs issued will go into their cert transparency list, and I think
that means we lose privacy.
c) to make it work, they have to verify things. IPv6 makes the
connectivity easy to arrange, but it seems like it's a big exposure for
the device. We are talking more than just routers... I'm thinking
printers and all sorts of things.
> Sure. The question is, what value does the PKI cert add here? I agree that
> having a cert that validates is good for the web UI, but I don't see how
it
> helps in establishing trust.
It doesn't establish initial trust, it gives the user a trusted icon in their
browser once we have initial trust.
> I would be tempted to do something like what Christian is doing with DNSSD
> privacy: print a QR code on the box, take pictures of all the QR codes
with
> your smartphone, and then use your smartphone app to bootstrap trust using
> those QR codes. You could do something similar by just flashing the front
> panel LEDs really fast when the "pair" button is pressed, and have the
> smartphone decode that, as is being done with exfiltration malware now. I
> suspect there's code we could download... :)
I think that these are all really good ways to establish initial trust.
BRSKI mentions the whole category at:
https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-keyinfra-07#section-4.2
3. The Pledge MAY have an operational mode where it skips Voucher
validation one time. For example if a physical button is
depressed during the bootstrapping operation. This can be
useful if the vendor service is unavailable. This behavior SHOULD be
available via local configuration or physical presence methods to
ensure new entities can always be deployed even when autonomic
methods fail. This allows for unsecured imprint.
Christian's comments in DNSSD (which I also watched today) is right though:
for many applications in *discovery* is important you probably don't want
certs, because they reveal too much, and the relationship is too ephermeral.
The link between Dave's Laptop and Dave's Cool Printer is probably longer.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
