Re: [Ace] Group Communication Security Disagreements
Somaraju Abhinav <abhinav.somaraju@tridonic.com> Wed, 14 September 2016 09:33 UTC
Return-Path: <abhinav.somaraju@tridonic.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12C0512B22A for <ace@ietfa.amsl.com>; Wed, 14 Sep 2016 02:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=zgrp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id goLc8b2jtqgN for <ace@ietfa.amsl.com>; Wed, 14 Sep 2016 02:33:40 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0112.outbound.protection.outlook.com [104.47.2.112]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAC6412B227 for <ace@ietf.org>; Wed, 14 Sep 2016 02:33:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zgrp.onmicrosoft.com; s=selector1-tridonic-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fj0CptejobjAsNzrZJtCGairor2jT8JjaYbKbIjdcfI=; b=Z/BSoTaNwMc200kf2k4Oc78Z/MMY4W0BMXr5NyinGSchK5V3AVFS57fqzDo0aydDY6ZpNz9dYc8SRl101ZL1ArQhC1PHh9qzMtYnHO5vM15TOo8vocMENkHKJ9dw3XVF/RmkKa1/4G4qLlB3wyLZWZ5FmXnB7HtWEsReqN4/JiE=
Received: from HE1PR0601MB2203.eurprd06.prod.outlook.com (10.168.35.138) by HE1PR0601MB2204.eurprd06.prod.outlook.com (10.168.35.139) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.619.10; Wed, 14 Sep 2016 09:33:29 +0000
Received: from HE1PR0601MB2203.eurprd06.prod.outlook.com ([10.168.35.138]) by HE1PR0601MB2203.eurprd06.prod.outlook.com ([10.168.35.138]) with mapi id 15.01.0619.011; Wed, 14 Sep 2016 09:33:29 +0000
From: Somaraju Abhinav <abhinav.somaraju@tridonic.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Group Communication Security Disagreements
Thread-Index: AQHR4y7ydQxGwF1N+0u9pqgDf9qZy6Ai5q6AgAZg8QCAAAmhAIAADbeAgAM7mYCAABGdgIAAMPGAgAAXsgCAAPYsgIAJBSKAgDruooCAA+pzgIADRX6g
Date: Wed, 14 Sep 2016 09:33:28 +0000
Message-ID: <HE1PR0601MB2203647255579D1B1D7C6E9EFCF10@HE1PR0601MB2203.eurprd06.prod.outlook.com>
References: <57909032.10809@gmx.net> <6d259c5b-28e3-c748-4590-0c9f942fe343@comcast.net> <378a0359-6b31-a30c-af28-8ea567b06b00@cisco.com> <57963480.2000809@gmx.net> <0d4c6d56-ebb5-2f43-d555-29c336396033@ericsson.com> <15169.1469642303@obiwan.sandelman.ca> <CAHbuEH4u=AF1LSoDq+YfLwt+VX1OOrj54331GuZmyjLswHvNnw@mail.gmail.com> <3271.1469656595@obiwan.sandelman.ca> <32aa7104-70df-80c7-8d6e-537b66716de9@comcast.net> <13663.1469714549@obiwan.sandelman.ca> <9a4153f1-6a96-0ae6-020b-0f0f966aecdf@cisco.com> <95997f84-2715-3287-39d3-45d6ff5f3ea0@comcast.net> <463a5cce-9dd1-5d68-bd97-0f08d0719960@sics.se>
In-Reply-To: <463a5cce-9dd1-5d68-bd97-0f08d0719960@sics.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=abhinav.somaraju@tridonic.com;
x-originating-ip: [146.108.200.98]
x-ms-office365-filtering-correlation-id: dc414503-9060-49c3-9968-08d3dc822f95
x-microsoft-exchange-diagnostics: 1; HE1PR0601MB2204; 6:qvx/NvXNELpC19qBv2yykAXjSe8OFA9fT8DwCw9kozHBDW7apmf4QnfvNas8ZNP0WyBlRbm0lqxcKGNEj3qK6oarCbVfrHiN3o1LyeMIwHSSOCFrB1bcVDwQGJa/gt8fVf46F3/zKR5AR6DFFi5cZNRKN6MN/RlmqXst8hybXxerk/Ub6OgPLKLsuTRX1Pd46YrdJumqiCXJP0ezZbz5jKCc1xb015E35rYTh+sIy28UN5c5uztr4bsOw8+/4BCsP+svdvV4ktddLF7W2038IRiX1mXNyFFgCx05H/Y4kAAvZgH9vLlu15oKczN2Y4GFqUXdl/NwQ5edb31rlT4mmQ==; 5:fPChklomgiAzeeEU6kGGo1rpX5Rqop2Qi2MF+h1EnVV+85cdSGhfRbaSpfb5PZZLJDiYJH5DvSGxyulD+Zm+IjeQ4Twp2sE40Zhv3erQpKR47sH3I2RVHpxMxC/NzbA6m/J/qGOAUmZsGzuXM37R3w==; 24:8bTIaDy/cxI/NGPMP1KWui/p8/hOLjaaGm80zwFWLJjduwloQMynl3uPhOqk6OlJrWFGu8SHj/NiktjnlFQ8JX9MDTqMroneDcipFD2GxDE=; 7:CqFjxJTHWnFZ7HKnA7Ned4jDQHMyobQgBw7gT+Ud3HJIrZPar/2NRU40iomX2h2bK+Ft+6ch6rafj9jV/nu8hx10QDMolTv7hOmG4QfTSPEg0nqubWlBezkTxg+OtUMm0If9279ImtdeLpglXgUyY1V6ON/rFGV3CKJ7jhKGxQCXP/QCDAL1bRgwoZ/9qE6JXpSYUHxTHNjJRgCXuWjXYud8I2VOt4/CVPTq2eLPavfuljHwNX9uXhV5dc1EY316
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0601MB2204;
x-microsoft-antispam-prvs: <HE1PR0601MB220444279A86834E47EC5343FCF10@HE1PR0601MB2204.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:HE1PR0601MB2204; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0601MB2204;
x-forefront-prvs: 006546F32A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(53754006)(199003)(189002)(97736004)(76576001)(5002640100001)(87936001)(5660300001)(86362001)(7696004)(54356999)(7736002)(66066001)(8936002)(77096005)(189998001)(5890100001)(2501003)(11100500001)(74316002)(2906002)(107886002)(110136003)(305945005)(7846002)(50986999)(92566002)(3846002)(76176999)(101416001)(8676002)(81166006)(586003)(33656002)(2351001)(106356001)(450100001)(81156014)(9686002)(5640700001)(1730700003)(6116002)(15650500001)(93886004)(2950100001)(68736007)(102836003)(106116001)(3280700002)(105586002)(2900100001)(3660700001)(10400500002)(122556002); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0601MB2204; H:HE1PR0601MB2203.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: tridonic.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: tridonic.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2016 09:33:28.8832 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8b206608-a593-4ace-a4b6-ef1fc83c9169
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0601MB2204
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/cxe17uYtXgo8TUhSm_AkpfcWEQY>
Subject: Re: [Ace] Group Communication Security Disagreements
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2016 09:33:43 -0000
Hi all, Thank you all for the feedback on the group communication security discussion. We noticed that two concerns have been raised with the current specification. 1) Symmetric keys do not provide source authentication. Here, most people on the mailing list agreed that symmetric keys provides basic security and is sufficient for lighting applications. It is not intended to be used in the wider internet for more sensitive group communication security use-cases. 2) How to ensure that the symmetric key group communication security solution is not used in situations it is not designed for? We propose to address the received feedback by making the following modifications to the document: 1) We will add an additional section where we specify how asymmetric cryptography can be used for secure group communication. This will help for all those cases where source authentication is desired. 2) Add a security considerations section where we explain that the asymmetric key solution is the recommended approach but that there are situations where low latency group communication makes it difficult to use asymmetric cryptography and where source authentication is less important. You could call it an applicability statement. If this proposed modifications makes sense then we can try to submit a new draft with these changes. Abhinav ________________________________________________________ The contents of this e-mail and any attachments are confidential to the intended recipient. They may not be disclosed to or used by or copied in any way by anyone other than the intended recipient. If this e-mail is received in error, please immediately notify the sender and delete the e-mail and attached documents. Please note that neither the sender nor the sender's company accept any responsibility for viruses and it is your responsibility to scan or otherwise check this e-mail and any attachments.
- Re: [Ace] Group Communication Security Disagreeme… Michael Richardson
- Re: [Ace] Group Communication Security Disagreeme… Mohit Sethi
- Re: [Ace] Group Communication Security Disagreeme… Hannes Tschofenig
- Re: [Ace] Group Communication Security Disagreeme… Mohit Sethi
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Hannes Tschofenig
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Hannes Tschofenig
- Re: [Ace] Group Communication Security Disagreeme… Derek Atkins
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns
- [Ace] (on signature verification times) Re: Group… Rene Struik
- [Ace] Group Communication Security Disagreements Hannes Tschofenig
- Re: [Ace] Group Communication Security Disagreeme… Derek Atkins
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Paul Duffy
- Re: [Ace] Group Communication Security Disagreeme… Michael Richardson
- Re: [Ace] Group Communication Security Disagreeme… Grunwald, Markus
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns
- Re: [Ace] Group Communication Security Disagreeme… Michael Richardson
- Re: [Ace] Group Communication Security Disagreeme… Kathleen Moriarty
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns
- Re: [Ace] Group Communication Security Disagreeme… Ludwig Seitz
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Somaraju Abhinav
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns