[6tisch-security] (minutes of Tue Jan 5, 2015, 5pm EST call) Re: Suggested agenda for 6tisch security call of *today*, Tue January 6, 2015, 5pm EST (dial-in info at bottom)
Rene Struik <rstruik.ext@gmail.com> Wed, 14 January 2015 05:04 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C83D11A89C7 for <6tisch-security@ietfa.amsl.com>; Tue, 13 Jan 2015 21:04:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v-O-DQpLba8n for <6tisch-security@ietfa.amsl.com>; Tue, 13 Jan 2015 21:04:25 -0800 (PST)
Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE8731A89B5 for <6tisch-security@ietf.org>; Tue, 13 Jan 2015 21:04:24 -0800 (PST)
Received: by mail-ig0-f172.google.com with SMTP id l13so7789937iga.5 for <6tisch-security@ietf.org>; Tue, 13 Jan 2015 21:04:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=qpO9M0RDJgRZPHxN3oVdf8zWczgHEcNqvhRHVoNY93M=; b=lWjI+NhLgtxBzSKfogChwb5Z8OEehRJBuLEL8ehThygtwUs+CbN01xy5V+Jq1e6yeB u9NzldZw6m1sTiuAIyyWBmhdHZpkCr8miOvUYXhojZzec9VK8maFMEhB7U6h2DowX57b v70JIFCWnfKhmq1i7xUeLJigqK/gY7+UzhBgcAgU6si406c89PDS5P7ZC6Qf2Rr+93if 6wKWIpDLH+/169vdvmk44A8HduuY13Q9VBrzbFMPh6zoJmupu8psKFa/0LCxl19GH3ID PEMFoBgiDlneSY6MdjyldAkTxt9UsEdww1BnC1Ay8nKtPti/ycmcYmXexJw2zZP2swwO Wx0A==
X-Received: by 10.107.170.166 with SMTP id g38mr2272184ioj.2.1421211863934; Tue, 13 Jan 2015 21:04:23 -0800 (PST)
Received: from [192.168.0.10] (CPE7cb21b2cb904-CM7cb21b2cb901.cpe.net.cable.rogers.com. [99.231.49.38]) by mx.google.com with ESMTPSA id g20sm7383377igt.14.2015.01.13.21.04.23 for <6tisch-security@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Jan 2015 21:04:23 -0800 (PST)
Message-ID: <54B5F8CD.4020300@gmail.com>
Date: Wed, 14 Jan 2015 00:04:13 -0500
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: tisch-security <6tisch-security@ietf.org>
References: <54903FE0.2000306@gmail.com> <54AC11F5.3060907@gmail.com>
In-Reply-To: <54AC11F5.3060907@gmail.com>
Content-Type: multipart/alternative; boundary="------------080401030703000505030307"
Archived-At: <http://mailarchive.ietf.org/arch/msg/6tisch-security/xpGm-1Z9B51MFR_cnOLmXTt9g5k>
Subject: [6tisch-security] (minutes of Tue Jan 5, 2015, 5pm EST call) Re: Suggested agenda for 6tisch security call of *today*, Tue January 6, 2015, 5pm EST (dial-in info at bottom)
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2015 05:04:29 -0000
Please find below the minutes of the 6TiSCH Security conf call as of January 6, 2015, 5pm EST. Minutes 6TiSCH Security conf call, Tue January 5, 2015, 5-6pm EST {note taker: Rene Struik} {recording: see 6tisch bitbucket list} {slides discussed (and referenced in minutes): no slides this time } 1. Attendance: Michael Richardson, Malisa Vucinic, Yoshi Ohba, Thomas Watteyne, Kris Pister, Rene Struik 2. Agenda The suggested agenda was approved, after removal of item #2 below (speaker not available) 1) administrativia {agenda bashing/minutes} 2) {still to be confirmed} presentation Giuseppe Piro 3) join protocol details -- a) (done) status update MAC behavior -- b) (brief!) recap of routing/communication flow aspects -- c) incremental deployment aspects 4) input 6tisch security to other 6tisch documents -- a) terminology draft -- b) architecture draft 3. Minutes RS apologized for being late with sending out the minutes of the previous call. 4. Brief recap of routing/communication flow aspects (item #3b of agenda) RS summarized some of the discussion at the previous call regarding communication flows between joining node, neighbor node (the join assistant), and server (JCE). Main discussion point was that the slides assumed a role for the router node (join assistant) that stretches further than just the role of relay station: it only forwards traffic to the server after first authenticating the joining node. Here, the idea was that while authentication does not offer fine-grained authorization control (without further filtering mechanisms on the router (join assistant)), it might help in limiting denial-of-service attacks targeting the long-haul communication channel between the router (join assistant) and the server (JCE). RS suggested that it would not be too hard to extend this mechanism to support both the relay and the authenticating role of the router (join assistant). Upon question by MV as to whether it was decided what to actually support, RS suggested this would depend on more detailed cost/benefit analysis (which is still to be done). KP asked how the terminology of joining node, neighbor node, and server related to the notions JN, JA, and JCE. RS suggested that these would be the same notions, if each role would be implemented on a single device; he simply used notions in slides circulated during earlier calls and also presented at IETF-90 and -91 meetings. RS mentioned that the protocol discussed would allow for a single communication flow between join assistant and server (JCE), in case JCE-related certificate information could be cached at the join assistant, which is optimal. He expected that this would cover ordinary operation; out-of-sync behavior would necessitate an additional communication flow, so as to recover from this anomaly. Upon question by TW, RS suggested that the initial sync operation could be used as bootstrap mechanism. RS suggested that there are lots of details/minutiae that need to be worked out, once we have agreement that this approach has indeed sufficient merit. 5. Incremental deployment aspects (item #3c of agenda) On the RoLL mailing list, so-called incremental deployment scenarios were brought up (e.g., by Peter van der Stok). With RPL, a joining node would only join a tree, where each node hereof would already be part of the network. For applications such as building control, one would prefer a more "random" network configuration approach. Here, the idea is that as long as the new node is able to find the root, it should be possible to enroll, no matter whether each node on the communication path to the root is already part of the network, as MR suggested is currently the case with RPL. An example scenario would be if the newbee node talks to the root via a configuration tool, where the latter two devices would communicate, e.g., via cellular traffic. Question is whether we can accommodate this scenario. KP suggested that the only requirement is that there is indeed a communication path between the joining node and the server (JCE). MR suggested that there is no implicit assumption that communication between join assistant and PCE would be private. TW was curious why this topic was brought up. RS suggested that it would be good to limit interdependencies between routing protocol and join protocol, e.g., to support wider use case scenarios. Here, this would include "crazy" scenario where one would set up a large network, where one would sprinkle the room with unsecured nodes that only provide connectivity during set-up. This would allow use of any communication protocol during set-up and removal of "connectivity-assist" devices after configuration is finished and using RPL only once this step has finished. RS suggested that the so-called join priority parameter in 802.15.4e-2012 might be a potential hurdle (since it essentially encodes the length of the shortest path to the DODAG route, using historical tree-like set-up info). TW suggested that it would be possible to completely discard the join priority parameter in practice, so that this would not be a problem. 6. Input 6tisch security to other 6tisch drafts (item #4a, #4b of the agenda) YO mentioned that he had provided some feedback on the email by Pascal Thubert on join process and had commented that this section should be less specific and that he had reservations about specific notions, such as ULA addresses. RS volunteered to provide input to the terminology draft and the architecture draft, so as to remove roadblocks by end of week. The idea here would be that the level of detail would reflect consensus as reached to-date. RS mentioned that there were some other inter-dependencies, e.g., with the minimal draft, but that Xavier Vilojasana had already responded to comments submitted just prior to Christmas (Dec 19, 2014). 7. AOB --- Conf call scheduling Next week's conf call is Wed January 15, 2015, 11am EST. There is no schedule for subsequent weeks yet; not urgent, but to be discussed next week. [end of call: 5.56pm EST] On 1/6/2015 11:48 AM, Rene Struik wrote: > Dear colleagues: > > Happy New Year! > > According to the agreed-upon 6tisch security conf call schedule, we > will resume the conference call series today, Tue Jan 6, 2015, 5pm EST. > > I propose we continue the discussion where we left off prior to > Christmas (essentially, item 3c below), except that we may have a > short presentation first (item #2). > > Agenda: > 1) administrativia {agenda bashing/minutes} > 2) {still to be confirmed} presentation Giuseppe Piro > 3) join protocol details > -- a) (done) status update MAC behavior > -- b) (brief!) recap of routing/communication flow aspects > -- c) incremental deployment aspects > 4) input 6tisch security to other 6tisch documents > -- a) terminology draft > -- b) architecture draft > > Conf call time: 5pm EST = 7am Japan = 2pm PST = 11pm Paris time. {The > next call, on January 6, 2014) is also at 5pm EST (see schedule till > half of January 2015)}. > Note: next week's call is on Wed Jan 14, 2015, 11am EST. > > Dial-in info at end of this email. > > Best regards, > > Rene -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- [6tisch-security] suggested agenda for 6tisch sec… Rene Struik
- [6tisch-security] Suggested agenda for 6tisch sec… Rene Struik
- Re: [6tisch-security] Suggested agenda for 6tisch… Michael Richardson
- [6tisch-security] Suggested agenda for 6tisch sec… Rene Struik
- Re: [6tisch-security] Suggested agenda for 6tisch… Thomas Watteyne
- [6tisch-security] reminder -- 6tisch security cal… Rene Struik
- [6tisch-security] (minutes of Tue Jan 5, 2015, 5p… Rene Struik
- [6tisch-security] (minutes of Tue Dec 16, 2014, 5… Rene Struik
- [6tisch-security] (w/ slight correction) Fwd: (mi… Rene Struik
- Re: [6tisch-security] reminder -- 6tisch security… Thomas Watteyne
- Re: [6tisch-security] (minutes of Tue Jan 5, 2015… Michael Richardson
- [6tisch-security] (minutes of Wed Jan 14, 2015, 1… Rene Struik
- [6tisch-security] reminder -- 6tisch security cal… Rene Struik
- Re: [6tisch-security] reminder -- 6tisch security… Michael Richardson
- [6tisch-security] (result homework assignment I v… Rene Struik
- Re: [6tisch-security] (result homework assignment… Rene Struik
- [6tisch-security] (Important -- 6tisch security c… Rene Struik
- [6tisch-security] (updated agenda) Re: (Important… Rene Struik
- Re: [6tisch-security] (Important -- 6tisch securi… Michael Richardson
- [6tisch-security] (minutes 6tisch security call T… Rene Struik
- [6tisch-security] (minutes 6tisch security call T… Tero Kivinen
- [6tisch-security] reminder -- 6tisch security cal… Rene Struik
- [6tisch-security] (minutes 6tisch security call T… Rene Struik
- [6tisch-security] Reminder -- 6tisch security cal… Rene Struik
- [6tisch-security] Latency aspects of TSCH Malisa Vucinic
- Re: [6tisch-security] Reminder -- 6tisch security… Rene Struik
- Re: [6tisch-security] Reminder -- 6tisch security… Thomas Watteyne
- [6tisch-security] (simplified explanation of form… Rene Struik
- Re: [6tisch-security] (simplified explanation of … Malisa Vucinic
- Re: [6tisch-security] (simplified explanation of … Rene Struik
- Re: [6tisch-security] (simplified explanation of … Jonathan Simon
- Re: [6tisch-security] (simplified explanation of … Rene Struik
- Re: [6tisch-security] (simplified explanation of … Jonathan Simon
- Re: [6tisch-security] (simplified explanation of … Giuseppe Piro
- Re: [6tisch-security] (simplified explanation of … Malisa Vucinic
- Re: [6tisch-security] (simplified explanation of … Giuseppe Piro
- Re: [6tisch-security] (simplified explanation of … Giuseppe Piro
- Re: [6tisch-security] Latency aspects of TSCH Michael Richardson
- Re: [6tisch-security] (simplified explanation of … Michael Richardson
- Re: [6tisch-security] Latency aspects of TSCH Malisa Vucinic
- [6tisch-security] Reminder -- 6tisch security cal… Rene Struik
- Re: [6tisch-security] Reminder -- 6tisch security… Rene Struik
- [6tisch-security] (minutes 6tisch security call T… Rene Struik
- [6tisch-security] (minutes 6tisch security call F… Rene Struik
- [6tisch-security] (minutes 6tisch security call F… Rene Struik
- Re: [6tisch-security] Reminder -- 6tisch security… Thomas Watteyne
- [6tisch-security] (problem with WebEx link) Re: R… Rene Struik
- Re: [6tisch-security] (problem with WebEx link) R… Rene Struik
- Re: [6tisch-security] (problem with WebEx link) R… Thomas Watteyne