Dear colleagues:

Please find below the minutes of the 6TiSCH Security conf call as of 
January 22, 2015, 1-2pm EST.

Minutes 6TiSCH Security conf call, Wed January 22, 2015, 1-2pm EST
{note taker: Rene Struik}
{recording: see 6tisch bitbucket list}
{discussion material (referenced in minutes): see Google Drive weblink 
https://drive.google.com/?tab=co&authuser=0#folders/0B2a6Ilxu1XfCNF9JaXR1ZXlzZlU}

1. Attendance:
Michael Richardson, Subir Das, Tero Kivinen, Giuseppe Piro, Pascal 
Thubert, Rene Struik

2. Agenda
The suggested updated agenda was approved.
1) administrativia {agenda bashing/minutes} [4 min]
2) 6tisch security conf call schedule moving forward [1 min]
3) input 6tisch security to architecture draft [15 min]
-- RS to present result homework assignment of last call
4) presentation Giuseppe Piro re MAC security [30 min]
5) prep for IETF-92 in Dallas [10 min]
5) AOB

3. Minutes
The minutes of all previous 6TiSCH security conference calls in the time 
window Dec 2, 2015 till Jan 14, 2015 that had not been formally approved 
yet were all approved.

4. 6tisch security call schedule moving forward
RS suggested he had posted the conf call schedule through March 9th, 
after polling preferences via a Doodle poll.
For details, see 
http://www.ietf.org/mail-archive/web/6tisch-security/current/msg00397.html

5. Input 6tisch security to the architecture draft 
(draft-ietf-6tisch-architecture-04)
RS reported on the outcome of the homework assignment of the 6tisch 
security call of the previous week (Jan 14, 2015). He had scrutinized 
the three text proposals that were on the table and had reviewed those 
with aim of establishing which elements reflected consensus of the 
6tisch security group and also suggested "consensus text" the text in 
the document titled "join process text - suggested text for architecture 
document, v2 (Rene Struik, January 21, 2015)" (available via the Google 
Drive link). He suggested to go over the (hopefully) consensus text, 
identity areas where this could be improved on the call, and then post a 
revision reflecting this as input to the architecture document prior to 
the 6tisch call of the next day (Friday January 23, 2015, 11am EST). 
Further comments, if any, could then be made as part of the review 
process of the architecture doc, rather than rehashing this more now, 
thus allowing Pascal Thubert to move forward with the architecture 
document and the 6tisch security group to focus on drilling down on more 
detail of the join protocol itself. MR suggested he was happy with this 
process.

RS briefly went over the document, identifying some feedback received 
from Subir Das and Yoshi Ohba by email. He also highlighted that he had 
incorporated the suggestion by MR on the previous call to 
cross-reference some actual protocols that could be considered. A brief 
discussion ensued.

PTh suggested that it would be good to add some language to the effect 
that the actual decision of the joining node to become part of the 
network may depend on authorization of the network itself. It was 
decided to leave out further minutiae, such as "authorization of the 
root of the RPL network", etc., so as to focus on the join process 
itself, without adding too much routing protocol baggage for now. RS 
suggested that this would also avoid issues that could arise in case 
distributed JCE's would be considered, which would not correspond to a 
single, fixed node. SD suggested to swap the order in which the join 
protocol phases and the device roles were presented in the text. He 
further on noted that some of the terminology re joining node, join 
assistant, and JCE was not entirely in with what was depicted in Fig. 1. 
Finally, he suggested a few small edits, such as clarifying that a 
"one-hop neighbor" would be one "radio hop" away and not one IP hop, etc.

RS agreed to try and incorporate this feedback and post a revised text 
document, aimed to be ready for inclusion with the architecture 
document. {Everybody hereby earned drink credits for reaching this mile 
stone and getting this topic off our chest (violins, harps, and trumpet 
sounds could be heard on the background)...!}

6. Presentation Giuseppe Piro re MAC security
GP gave a presentation on some issues with 802.15.4-2011 security in the 
context of the join protocol (see document "l2-sec-issues-join - v2 
(Giuseppe Piro, January 22, 2015), available via Google Drive link). The 
context (Slide #7) was that of a joining node that tries to become part 
of a fully secure network (i.e., the join assistant and the path towards 
the JCE is secured). The main problem identified was that, in 
802.15.4-2011, it is not possible to mix secured and unsecured traffic 
(due to some details in the incoming frame security procedure (clause 
7.2.3, Step f)). GP described a potential work-around, where one would 
install a random key (termed "fake_l2"key" on Slide #11), which only 
purpose was to jump the specification hurdle (so, it would never be 
reallly used). He also described how one could end up in the exempt 
status stage (by constructing a device descriptor for the joining node 
on the fly and setting the exempt flag). After the presentation, a brief 
discussion followed.

TK suggested that mixing of secured and unsecured traffic was possible, 
since "nobody would implement Step f) if one had an incoming frame 
without security". RS noted that GP's presentation assumed an 
implementation compliant with the 802.15.4-2011 specification, not one 
that deviated from this. TK suggested that the work-around in the 
presentation would fail, since it relied on KeyIDMode 0x00, which he 
thought would be undefined. Since the conference call was living on 
borrowed time (65 minutes into the call), there was no time to verify 
this claim on-the-fly.

Upon TK mentioning that the draft 802.15.4 revision text on security 
should be used, RS asked whether this draft was available to the 6tisch 
audience. TK mentioned that he would send a request to Bob Heile (Chair 
of IEEE 802.15) to request drafts (normally only available to 802.15 
voters) to be made available to interested 6tisch stakeholders.

[call concluded at 2.15pm EST]

Best regards, Rene

On 1/21/2015 10:30 AM, Rene Struik wrote:
> Dear colleagues:
>
> Giuseppe Piro offered to give a presentation on MAC security aspects, 
> resulting in the updated agenda below. Dial-in info at bottom of email.
>
> Remember: 6tisch security call is now tomorrow, Thu Jan 21, 2015, 1pm 
> EST, with duration not to exceed one hour. Please call-in on time and 
> test your speaker/mike beforehand.
>
> Suggested updated agenda:
> 1) administrativia {agenda bashing/minutes} [4 min]
> 2) 6tisch security conf call schedule moving forward [1 min]
> 3) input 6tisch security to architecture draft [15 min]
> -- RS to present result homework assignment of last call
> 4) presentation Giuseppe Piro re MAC security [30 min]
> 5) prep for IETF-92 in Dallas [10 min]
> 5) AOB
>
> Link to suggested text (item #3 above):
> https://drive.google.com/file/d/0B2a6Ilxu1XfCbVhfd0ZONXoxc00/view?usp=sharing
>
> On 1/20/2015 4:54 PM, Rene Struik wrote:
>> Dear colleagues:
>>
>> Due to connectivity problems, those on the 6tisch security call today 
>> concluded that it was best to reschedule the call.
>>
>> The rescheduled 6tisch security call will take place this Thursday, 
>> January 22, 2015, 1-2pm EST.
>> (Please note that this is only once; schedule moving forward will 
>> otherwise remain the same)
>>
>> Agenda and dial-in info remain the same (please scroll down).
>>
>> Best regards, Rene
>>
>>
>> On 1/20/2015 4:35 PM, Rene Struik wrote:
>>> I posted the document on Google drive, see weblink below.
>>>
>>> https://drive.google.com/file/d/0B2a6Ilxu1XfCa3RyZzlZb3RRREk/view?usp=sharing
>>>
>>> On 1/20/2015 1:13 AM, Rene Struik wrote:
>>>> Dear colleagues:
>>>>
>>>> Please find attached my analysis of the three text proposals. I 
>>>> hope this helps in zooming in on consensus text.
>>>>
>>>> I will present this in more detail as item #3 on the agenda for the 
>>>> 6tisch security call of tomorrow, Tue Jan 20, 2015, 4.30pm EST.
>>>>
>>>> We can discuss this in more detail during that call (I won't have 
>>>> much time beforehand).
>>>>
>>>> Best regards, Rene
>>>>
>>>> [excerpt of minutes of 6tisch security conf call as of January 14, 
>>>> 2015, 11am-12pm EST]
>>>> TW asked whether RS could review the three text proposals currently 
>>>> on the table and suggest a way forward that takes into account 
>>>> consensus and what was discussed during the call. RS agreed to take 
>>>> this on as homework assignment, with target to report back on this 
>>>> to the group by the end of Monday next week (January 19, 2015).
>>>>
>>>> On 1/19/2015 2:20 PM, Rene Struik wrote:
>>>>> Dear colleagues:
>>>>>
>>>>> Just a quick reminder that we have a 6TiSCH security conf call 
>>>>> tomorrow, Tue January 20, 2015, 4.30-5.30pm EST.
>>>>>
>>>>> Suggested agenda:
>>>>> 1) administrativia {agenda bashing/minutes}
>>>>> 2) 6tisch security conf call schedule moving forward
>>>>> 3) input 6tisch security to architecture draft
>>>>> -- RS to present result homework assignment of last call
>>>>> 4) prep for IETF-92 in Dallas
>>>>> 5) AOB
>>>>>
>>>>> For dial-in info, please see bottom of this email.
>>>>>
>>>>> As to item #2 above, if you wish to weigh-in, please do respond to 
>>>>> the Doodle poll by end of *today*, see 
>>>>> https://doodle.com/q63844gqd59urrae.
>>>>>
>>>>> Best regards, Rene
>>>>>
>>>>> -------- Forwarded Message --------
>>>>> Subject: 	reminder -- 6tisch security call *tomorrow*, Wed Jan 14, 
>>>>> 2015, 11am EST (dial-in info at bottom)
>>>>> Date: 	Tue, 13 Jan 2015 19:37:04 -0500
>>>>> From: 	Rene Struik <rstruik.ext@gmail.com>
>>>>> To: 	tisch-security <6tisch-security@ietf.org>
>>>>>
>>>>>
>>>>>
>>>>> Dear colleagues:
>>>>>
>>>>> Just a quick reminder that we *do* have a conf call tomorrow, Wed 
>>>>> Jan 14, 2015, 11am EST.
>>>>>
>>>>> Currently, the main agenda item is item #4b of last week: input to 
>>>>> the 6tisch architecture draft. It would also be good to have some 
>>>>> more comments on the draft I posted.
>>>>>
>>>>> Minutes of calls later tonight (sorry - extremely busy). For conf 
>>>>> call dial-in info, see bottom of email.
>>>>>
>>>>> Best regards, Rene
>>>>>
>>>>> ==
>>>>> Note: next week's call is on Wed Jan 14, 2015, 11am EST.
>>>>>
>>>>> On 1/6/2015 11:48 AM, Rene Struik wrote:
>>>>>> Dear colleagues:
>>>>>>
>>>>>> Happy New Year!
>>>>>>
>>>>>> According to the agreed-upon 6tisch security conf call schedule, 
>>>>>> we will resume the conference call series today, Tue Jan 6, 2015, 
>>>>>> 5pm EST.
>>>>>>
>>>>>> I propose we continue the discussion where we left off prior to 
>>>>>> Christmas (essentially, item 3c below), except that we may have a 
>>>>>> short presentation first (item #2).
>>>>>>
>>>>>> Agenda:
>>>>>> 1) administrativia {agenda bashing/minutes}
>>>>>> 2) {still to be confirmed} presentation Giuseppe Piro
>>>>>> 3) join protocol details
>>>>>> -- a) (done) status update MAC behavior
>>>>>> -- b) (brief!) recap of routing/communication flow aspects
>>>>>> -- c) incremental deployment aspects
>>>>>> 4) input 6tisch security to other 6tisch documents
>>>>>> -- a) terminology draft
>>>>>> -- b) architecture draft
>>>>>>
>>>>>> Conf call time: 5pm EST = 7am Japan = 2pm PST = 11pm Paris time. 
>>>>>> {The next call, on January 6, 2014) is also at 5pm EST (see 
>>>>>> schedule till half of January 2015)}.
>>>>>> Note: next week's call is on Wed Jan 14, 2015, 11am EST.
>>>>>>
>>>>>> Dial-in info at end of this email.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> Rene
>>>>>>
>>>>>> -------- Forwarded Message --------
>>>>>> Subject: 	Suggested agenda for 6tisch security call of *today*, 
>>>>>> Tue December 16, 2014, 5pm EST (dial-in info at bottom)
>>>>>> Date: 	Tue, 16 Dec 2014 09:21:20 -0500
>>>>>> From: 	Rene Struik <rstruik.ext@gmail.com>
>>>>>> To: 	tisch-security <6tisch-security@ietf.org>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Dear colleagues:
>>>>>>
>>>>>> I propose we continue the discussion where we left off last week.
>>>>>>
>>>>>> Agenda:
>>>>>> 1) administrativia {agenda bashing/minutes}
>>>>>> 2) join protocol details
>>>>>> -- a) (brief!) status update MAC behavior
>>>>>> -- b) continuation of routing/communication flow aspects {last 
>>>>>> week, we did not finish the only two slides on this
>>>>>> 3) input 6tisch security to other 6tisch documents
>>>>>>
>>>>>> Conf call time: 5pm EST = 7am Japan = 2pm PST = 11pm Paris time. 
>>>>>> {The next call, on January 6, 2014) is also at 5pm EST (see 
>>>>>> schedule till half of January 2015)}.
>>>>>>
>>>>>> Dial-in info at end of this email.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> Rene
>>>>>>
>>>>>> -------- Forwarded Message --------
>>>>>> Subject: 	suggested agenda for 6tisch security call of tomorrow, 
>>>>>> Tue December 9, 2014, 9am EST (dial-in info at bottom)
>>>>>> Date: 	Mon, 08 Dec 2014 17:16:40 -0500
>>>>>> From: 	Rene Struik <rstruik.ext@gmail.com>
>>>>>> To: 	tisch-security <6tisch-security@ietf.org>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Dear colleagues:
>>>>>>
>>>>>> For last week's Tue Dec 2, 2014, 9am EST conf call I prepared 
>>>>>> some material and posted prior to the call. During the call, we 
>>>>>> discussed all MAC-related aspects relevant for the join protocol 
>>>>>> and did not discuss higher-layer aspects I prepared material for 
>>>>>> yet. I suggest we continue the systematic discussion of last week 
>>>>>> and take that topic on now.
>>>>>>
>>>>>> This leads to the following suggested agenda for this week 
>>>>>> (essentially a continuation of last week's one):
>>>>>>
>>>>>> Same as last week's, except with
>>>>>> #1a-b) focus on routing/communication flow related aspects join 
>>>>>> protocol;
>>>>>> #2a): confirm concensus on MAC (as discussed last week) and 
>>>>>> routing/communication flow aspects
>>>>>> #2c) {as consequence of two items above} what to squeeze into 
>>>>>> architecture draft
>>>>>>
>>>>>> The detailed agenda and dial-in info is below (#A, resp. #B).
>>>>>>
>>>>>> Best regards, Rene
>>>>>>
>>>>>> _A) Suggested agenda Tue Dec 9, 2014, 9am EST call_
>>>>>>
>>>>>> Proposed agenda:
>>>>>>
>>>>>> 0) Agenda bashing
>>>>>>
>>>>>> 1) Join protocol details
>>>>>>
>>>>>>     a) desired properties
>>>>>>     b) realizable properties
>>>>>>
>>>>>>     #1a-b) focus on routing/communication flow related aspects
>>>>>>     join protocol (we discussed MAC-related join-relevant aspects
>>>>>>     during the conf call of Tue Dec 2, 2014, 9am EST).
>>>>>>     For slides, see
>>>>>>     https://drive.google.com/folderview?id=0B2a6Ilxu1XfCNF9JaXR1ZXlzZlU&usp=sharing
>>>>>>     (same slides as sent out prior to Dec 2, 2014, 9am EST call)
>>>>>>     Relevant slides: Slides 23-25 (contained in entire slide deck
>>>>>>     (ppt), but also in excerpt (pdf))
>>>>>>
>>>>>> 2) Next steps:
>>>>>>         a) consensus on 1#a and 1#b
>>>>>>
>>>>>>     #2a): confirm consensus on MAC (as discussed last week) and
>>>>>>     routing/communication flow aspects
>>>>>>     #2c) {as consequence of two items above} what to squeeze into
>>>>>>     architecture draft
>>>>>>
>>>>>>         b) form tiger team to work out details
>>>>>>             - project phases
>>>>>>             - communication of sub-results
>>>>>>         c) what to squeeze into architecture draft, etc.
>>>>>>
>>>>>> I will prepare material to facilitate discussion on 1) and 2), to 
>>>>>> be discussed during the call.
>>>>>>
>>>>>> _B) Dial-in information:_
>>>>>> English : New York Time 6tisch security
>>>>>> Tuesday, December 9, 2014 | 9:00 am Eastern Standard Time (GMT-05:00)
>>>>>> Meeting number:   641 709 118
>>>>>> Meeting password: joinjoin
>>>>>> Audio connection:
>>>>>>        1-877-668-4493 Call-in toll free number (US/Canada)
>>>>>>        1-650-479-3208 Call-in toll number (US/Canada)
>>>>>>
>>>>>> Access code: 641 709 118
>>>>>> Meeting link:
>>>>>>          https://ietf.webex.com/ietf/j.php?MTID=m1aa12258a83109b4ae291fb0c2bd92d6
>>>>>>
>>>>>> The etherpad we have used is at:
>>>>>>         http://etherpad.tools.ietf.org:9000/p/6tisch-security-6top-xml.txt
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> email:rstruik.ext@gmail.com  | Skype: rstruik
>>>>>> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>> email:rstruik.ext@gmail.com  | Skype: rstruik
>>>>> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>>>>>
>>>>>
>>>>
>>>>
>>>> -- 
>>>> email:rstruik.ext@gmail.com  | Skype: rstruik
>>>> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>>>
>>>
>>> -- 
>>> email:rstruik.ext@gmail.com  | Skype: rstruik
>>> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>>
>>
>> -- 
>> email:rstruik.ext@gmail.com  | Skype: rstruik
>> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>
>
> -- 
> email:rstruik.ext@gmail.com  | Skype: rstruik
> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363


-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363