Hi Hannes I tend to agree. The beauty of IP (with or without “sec”) is that I can open a connection in one place to a server that is located in another location half-way around the world. The garage door opener is used from a short distance, so you don’t really need routing. You still might want to use IP, if only because IP-supporting equipment is so ubiquitous. I would have liked it if we could use some zeroconf protocol for discovering the garage door, but just because the opener is physically close to the garage door does not mean that it is topologically close on the Internet. So the best IP-based way is to register the garage door in DNS (garagedoor.yaronshouse.org), and then HTTPS works at least as well as HTTP over IPsec.
All this underlines Yaron’s claim that we need a better example for a use case for NULL auth. Yoav BTW: my local police station has an electrically-operated gate to the parking lot where the patrol cars are parked. It’s opened remotely by calling a particular phone number. The gate answers, immediately hangs up, and opens. This is pretty bad, because a phone number is a terribly short shared secret. On Jul 28, 2014, at 12:05 PM, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > Hi Yaron, > > if you further try to implement a prototype for a door opener then you > might run into a number of issues, such as > > * how does the garage opener discover the garage door? > * what radio technology are you going to use? > * how does the garage door authorize the garage opener? > > When you then answer all these questions you might realize (as I did) > that you neither want to use IPsec there nor even IP. > > Ciao > Hannes > > PS: I agree with your statement about mutual authentication. > > On 07/25/2014 06:37 PM, Yaron Sheffer wrote: >> This might sound like a nit, but we have this text in the draft, as a >> use case for null auth: >> >> "User wants to get some simple action from the remote device. Consider >> garage door opener: it must authenticate user to open the door, but it >> is not necessary for the user to authenticate the door opener. In this >> case one-way authentication is sufficient." >> >> The problem is, this is an incorrect protocol. Specifically, a MITM (who >> might be physically located by the kitchen door), could redirect the >> protocol exchange to a door different from the one I intended to open. >> Seeing that nothing happens, I will simply press the remote again and >> open the garage door, too. >> >> This is of course a generic problem, where unauthenticated protocols >> have unforeseen consequences. >> >> Thanks, >> Yaron >> >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >> > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
