[6tisch] (suggested disposition) Re: WGLC comments on 6tisch-security
Rene Struik <rstruik.ext@gmail.com> Fri, 06 March 2015 00:27 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB8C1A9084 for <6tisch@ietfa.amsl.com>; Thu, 5 Mar 2015 16:27:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N5Hr1OgIBZDd for <6tisch@ietfa.amsl.com>; Thu, 5 Mar 2015 16:27:25 -0800 (PST)
Received: from mail-ig0-x22a.google.com (mail-ig0-x22a.google.com [IPv6:2607:f8b0:4001:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1656A1A6FFA for <6tisch@ietf.org>; Thu, 5 Mar 2015 16:27:24 -0800 (PST)
Received: by igkb16 with SMTP id b16so50790639igk.1 for <6tisch@ietf.org>; Thu, 05 Mar 2015 16:27:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=pfLWkGWcnh/s5o3Pb3SkhvQhyIlvhUL8il1SNbywmwc=; b=04aBG2GIdT63/lVrm/Lm1eVi/lu+aI3ycv7dsTFAgrH3tfnn8sbasfUbcMojpMzyfX PhUOK2NSDs3eRg3WukRb+imx2DitAD2v5atS9YmbMIa6A5NtSS3eJnUhnBrTCAyvWxfr WxSLCRfMxBqj+wXsWmbMdyEhgyAs/1FmU6sJ0v9Yx4cIyXP+MyJwdk/AF6tG2sdv2rs0 pAiA/F2GQm/cZGtQh/PxmqxilrlCEQM5OjOobufnh2qv5UVjNNA5r7NR8xFi51NCaKEg YyRQGmzabXI7KqIKtcb2welSEO8rfyb8nGaOgeYO9MJbCeNFldiqc6TghAMLm8GzOIRu jvJw==
X-Received: by 10.107.8.215 with SMTP id h84mr626016ioi.89.1425601643456; Thu, 05 Mar 2015 16:27:23 -0800 (PST)
Received: from [192.168.0.10] (CPE7cb21b2cb904-CM7cb21b2cb901.cpe.net.cable.rogers.com. [99.231.49.38]) by mx.google.com with ESMTPSA id m132sm6028053ioe.33.2015.03.05.16.27.22 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Mar 2015 16:27:23 -0800 (PST)
Message-ID: <54F8F45C.2070304@gmail.com>
Date: Thu, 05 Mar 2015 19:27:08 -0500
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Michael Richardson <mcr+ietf@sandelman.ca>, 6tisch@ietf.org
References: <20094.1424349276@sandelman.ca>
In-Reply-To: <20094.1424349276@sandelman.ca>
Content-Type: multipart/alternative; boundary="------------080104060901020100030902"
Archived-At: <http://mailarchive.ietf.org/arch/msg/6tisch/WloHF2MKdB32shaK2Qh-IZgR52Q>
Subject: [6tisch] (suggested disposition) Re: WGLC comments on 6tisch-security
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 00:27:32 -0000
Dear Michael:
Please find below my suggested resolution of your comments related to
security.
Best regards, Rene
On 2/19/2015 7:34 AM, Michael Richardson wrote:
> {I fat-fingered this to the wrong list last night.}
>
>
> My appologies for the lateness of this review.
> One good point is that it's been 10 weeks since I read the document
> From=20beginning to end, and some things stick out that did not bother me
> before.
>
> My tl;dr> conclusion is that the document is not ready to proceed as is.
> If it is going to proceed in volumes (I suggest "editions" is the correct
> term), then I think that most things which are speculation should
> either be removed to a later edition, or something specific should be
> said, with the understanding that it might change later.
> Presciption rather than speculation should be the goal.
>
>
>
> 5) the security words include: "will be studied in the next round of this d=
> ocument."
> and I'm not sure what a reader should make of this. Perhaps it should
> simply summarize section 13 in one sentence and say that PANA is a
> possibility, but that the choice of protocol is out of scope for this
> document.
> (well, 5.0 then explains about volumes. So perhaps the explanation
> about volumes should go much earlier, most probably into the abstract as
> well. Also, will the volumes build on the previous work, or will they
> replace it? if they will replace it, then I think correct word is "edit=
> ion")
RS>>
I suggest we replace p. 7, 2nd para by the following text: "Security
aspects of the join process are discussed in Section 13." This also
avoids any conflicts with the text in Section 13.
<<RS
9) I am happy with the paragraph on join security in section 5.RS>>
I suggest to remove p.9, 4th para entirely (it conflicts with elements
of Section 13, which section reflects confirmed consensus in the 6TiSCH
security design team [see also minutes conf call of January 22, 2015:
http://www.ietf.org/mail-archive/web/6tisch-security/current/msg00413.html]).
<<RS
20) last comment on section 13. (the bullet (*) has become an ASCII "A",
the high bit was likely removed)RS>>
The article is not wrong, but having dashes, stars, etc., instead (as
the suggestion seems to be) is also okay. {BTW - I checked the XML file,
which showed "a"}.
<<RS
> Device Authentication: The JN and the JA mutually authenticate each
> other and establish a shared key, so as to ensure on-going
> authenticated communications. This may involve a server as a
> third party.
>
> I again say that this is incorrect, the JA will never be able to
> authenticate *itself* to the JN. It may be able to present some
> *authorization* from the *network owner*, that the JA is authorized
> to act on behalf of the network owner.
RS>>Please note that the scenario described assumes as particular
initial set-up requirements (see p. 32, 2nd para) that devices have
certs and access to each other's CA root key. Under those condition, any
authenticated public-key key agreement scheme results in mutual
authentication of the parties involved in that protocol (here, joining
node and join assistant). So, your absolute statement is incorrect. This
being said, the text also pays homage to the scenario where this initial
set-up requirement might not be satisfied: please see p. 33, 1st and 2nd
para (those paras discuss what happens in case, e.g., a device does not
have a cert or encounters another out-of-sync behavioral state). In my
mind, no changes are required.
Please note that the scenario where the JA might assume a role beyond
simply being a relay station was extensively discussed during 6TiSCH
security calls [see, e.g., the minutes of the Dec 16, 2014 call:
http://www.ietf.org/mail-archive/web/6tisch-security/current/msg00383.html
{in which you also participated}].
<<RS
> Unless you consider un-authenticated DH exchange "authentication",
> or you decide that it's okay for the JA to just not accept any
> public (some kind of leap of faith), the JA will not have an
> identity that a JN will accept.
RS>> This seems to confuse authorization and authentication. As already
said, if devices have certs, the authenticated key agreement scheme
automatically (and mechanically) results in mutual authentication.
Whether this identity should be accepted is the object of authorization
policies; hence, the authorization language in, e.g., p. 32, 3rd para
and earlier on p. 32, with description of authorization phase. In my
mind, no changes are required.
<<RS
> I have also repeatedly complained that figure 10 is inaccurate,
> because it fails to depict that authorization begins before
> authentication finishes. Perhaps the second two unidirectional
> arrows are part of the authentication phase, I don't know.
RS>>
Please note that one figures cannot depict all aspects of the join
process; it is only there to support the text in Section 13.1. The
current text reflects confirmed consensus in the 6TiSCH security design
team [see also minutes conf call of January 22, 2015:
http://www.ietf.org/mail-archive/web/6tisch-security/current/msg00413.html]
{in which you also participated}). The figure indicates that
authentication from the joining node JN starts prior to the initial
authorization frame being sent to the JCE (after all, the JN initiates
the join protocol). The communication messages between JN and JA include
multiple protocol flows, as also depicted in the figure, where the last
authentication message (from JCE to JN) takes place after the initial
authorization message to the JCE. This is reflected in the figure.
Besides, logically, it cannot be any other way, since authentication by
the JCE to the JN should depend on some inputs from the JN. In my mind,
no changes are required.
<<RS
> I suggest that the sentence:
>
> "The join protocol consists of three phases:"
>
> be replaced with:
>
> "The join protocol has three major activities:"
> ("phases" implies some ordering such that one phase might finish
> before the next begins, while activities implies no such ordering
RS>> The description of the three phases of the join process (p. 32, 1st
para) does not include any language that suggests such ordering (there
is no mentioning of "in order", etc.). When describing a process as the
composition of several subprocesses, without restricting language, it is
common usage that any interleaving is possible, subject to logical
events in one subprocess being a precondition for ones in a different
subprocess). In my mind, no change is required.
<<RS
> I suggest that figure 10 be omitted.
RS>>
In my mind, this figure correctly reflects the join process, at the
right level of detail one may expect at this stage of the design
process. Please note that the current text of Section 13 (minus the 2nd
para) reflects confirmed consensus in the 6TiSCH security design team
[see also minutes conf call of January 22, 2015:
http://www.ietf.org/mail-archive/web/6tisch-security/current/msg00413.html]
{in which you also participated}]. At the time, you expressed full
consensus then and also did not raise these issues when asking for
approval of the minutes.
<<RS
>
>
>
>
> --
> Michael Richardson<mcr+IETF@sandelman.ca>, Sandelman Software Works
> -= IPv6 IoT consulting =-
>
>
>
>
>
> _______________________________________________
> 6tisch mailing list
> 6tisch@ietf.org
> https://www.ietf.org/mailman/listinfo/6tisch
--
email:rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- Re: [6tisch] [6tisch-security] WGLC comments on 6… Pascal Thubert (pthubert)
- Re: [6tisch] [6tisch-security] WGLC comments on 6… Rene Struik
- [6tisch] WGLC comments on 6tisch-security Michael Richardson
- [6tisch] (suggested disposition) Re: WGLC comment… Rene Struik