> In order for a PKI solution to work, it has to be possible for any given cert > to apply to a unique name, the ownership of which can be defended somehow. > The CABF has spoken unequivocally on this topic: > https://www.digicert.com/internal-names.htm > The point of having PKI in the homenet is so that we have secure connections > between browsers and servers, and so that users aren't trained to click > through certificate warnings just to get things working. Any solution to > this problem has to meet those two requirements. And to achieve the second > requirement, the CABF is going to want it to be the case that the cert > identifies a specific endpoint for communication. > When I say "I don't know how to do that," this is what I'm talking about. > Actually, I do know how to do it: get a public delegation.
The CABF is about "publicly trusted certificates". There is no need or applicability of "publicly trusted certificates" in the context of a home network. No certificate authority in the world is capable of certifying that a device inside a specific home network actually belongs there. The only entity capable of identifying devices that belong in the home network is the home (network) owner. This isn't about public trust. It's about private trust. In reading Stephen's email about what he did wrt certificates, what stood out to me were: (1) The primary goal was to stop the annoying browser warnings. [note that neither HNCP nor Babel would be expected to check against CAs stored in browsers, so they would not be subjected to this annoyance; but the annoyance is something to prevent when considering the broader "naming architecture"] (2) Stephen (the home network owner) was the assigner of trust. He was the root certificate authority. We had discussed (back in Chicago) that a first step should be to figure out first what our goals were wrt "security". From the perspective of the end user, here is my starter list of considerations: 1. End users would like to know that device software / firmware has no Trojans and is "good". This is not a good fit for X.509 certificates or PKI. This would be something for some logo-based certification program (like a UL, Good Housekeeping, IPv6 Ready, etc. stamp). I think this is outside the (current) scope of homenet and there are other orgs working on this sort of thing. In any case, it has nothing to do with encryption and X.509 certificates. 2. End users are the absolute (root) authority as to what does and doesn't belong on the home network. No one else. Even in the case of "unmanaged" home networks. Verisign and others are incapable of telling me whether or not a device belongs on my home network. 3. End users want it to be very easy to add devices/services to the home network. 4. End users want it to be very easy to remove devices/services. 5. End users want to know when devices on the home network are misbehaving, and they want to easily identify such devices. 6. End users don't want annoying "untrusted" warnings for devices and services inside the home network that they have decided to add to it. Does this seem like a reasonable list? Are there items y'all disagree with? Others to add? Thanks, Barbara _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet