Re: [Roll] [roll] #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used
"Popa, Daniel" <Daniel.Popa@itron.com> Fri, 24 January 2014 18:10 UTC
Return-Path: <Daniel.Popa@itron.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA8C41A00B8 for <roll@ietfa.amsl.com>; Fri, 24 Jan 2014 10:10:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nidYUx1KnOac for <roll@ietfa.amsl.com>; Fri, 24 Jan 2014 10:10:40 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0156.outbound.protection.outlook.com [207.46.163.156]) by ietfa.amsl.com (Postfix) with ESMTP id BC98D1A00C0 for <roll@ietf.org>; Fri, 24 Jan 2014 10:10:39 -0800 (PST)
Received: from BY2PR04MB807.namprd04.prod.outlook.com (10.141.224.149) by BY2PR04MB808.namprd04.prod.outlook.com (10.141.224.151) with Microsoft SMTP Server (TLS) id 15.0.859.15; Fri, 24 Jan 2014 18:10:37 +0000
Received: from BY2PR04MB807.namprd04.prod.outlook.com ([10.141.224.149]) by BY2PR04MB807.namprd04.prod.outlook.com ([10.141.224.149]) with mapi id 15.00.0859.013; Fri, 24 Jan 2014 18:10:37 +0000
From: "Popa, Daniel" <Daniel.Popa@itron.com>
To: Chris Lonvick <clonvick@cisco.com>
Thread-Topic: [roll] #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used
Thread-Index: AQHO+uwD2eu7e2v53EymWeo4If1VDpqEdBnggA/qn4CAAAqZ/w==
Date: Fri, 24 Jan 2014 18:10:36 +0000
Message-ID: <EAD2932B-5B25-42CD-8F36-9683404641DF@itron.com>
References: <067.78cf5d635bca77cded1fb433c133c835@trac.tools.ietf.org> <9546f1bf3d68401a8cdf837ca5528de4@BY2PR04MB807.namprd04.prod.outlook.com>, <alpine.LRH.2.00.1401240912530.20137@sjc-xdm-112.cisco.com>
In-Reply-To: <alpine.LRH.2.00.1401240912530.20137@sjc-xdm-112.cisco.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [193.253.170.230]
x-forefront-prvs: 01018CB5B3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019001)(6009001)(53754006)(55784002)(288314003)(129404003)(51704005)(24454002)(189002)(199002)(87936001)(94316002)(54356001)(36756003)(92726001)(2656002)(74876001)(47976001)(93516002)(4396001)(86362001)(87266001)(69226001)(50986001)(76482001)(74366001)(15202345003)(54316002)(85306002)(81686001)(56776001)(74706001)(81816001)(46102001)(51856001)(53806001)(80022001)(47736001)(49866001)(33656001)(83322001)(74502001)(74662001)(77982001)(66066001)(90146001)(31966008)(82746002)(59766001)(56816005)(63696002)(19580395003)(76786001)(76796001)(19580405001)(80976001)(81542001)(47446002)(15975445006)(81342001)(92566001)(83716003)(65816001)(93136001)(79102001)(83072002)(85852003); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR04MB808; H:BY2PR04MB807.namprd04.prod.outlook.com; CLIP:193.253.170.230; FPR:; InfoNoRecordsMX:1; A:1; LANG:en;
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: itron.com
Cc: "draft-ietf-roll-applicability-ami.all@tools.ietf.org" <draft-ietf-roll-applicability-ami.all@tools.ietf.org>, "roll@ietf.org" <roll@ietf.org>
Subject: Re: [Roll] [roll] #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Routing Over Low power and Lossy networks <roll@ietf.org>
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2014 18:10:42 -0000
Thanks Chris for feedback. I believe what you advice it is more or less what we intend to do. The difference is that we do not intend to explicitly use a security threat model and show how IEEE works against it, but rather to explain how IEEE 802.15.4 and IEEE p1901.2 security mechanisms can substitute to RPL-defined security mechanisms to provide the same security services as those described in Section 19.1 of RFC 6550, while at the same time giving the system designers & implementers the same degree of freedom to trade-off complexity against security strength, in order to meet HW & cost constraints of such low power field devices. Would this be enough ? Regards, Daniel Sent from my iPhone > On 24 janv. 2014, at 18:32, "Chris Lonvick" <clonvick@cisco.com> wrote: > > Hi Daniel, > > Has a threat model been defined for RPL? And do you know that the link-layer security provided by the two IEEE mechanisms will thwart the threats? This isn't meant to be an onerous exercise. :-) What has been done in several WGs has been to define a simple threat model (usually taken from RFC 3552) and then describe how the security mechanisms will thwart the threats. For example, see sections 2 and 3 in RFC 5426 (TLS for syslog). > > If you can point to the threat model for RPL then you can probably state (just once in the Security Considerations section) how the IEEE link-layer security mechanisms will address the threats so therefore the security mechanisms already contained within RPL will not be needed. > > Hope this helps, > Chris > >> On Tue, 14 Jan 2014, Popa, Daniel wrote: >> >> Hello all, >> >> Chris: >> >> Just to clarify: The applicability statement for AMI network focuses on use of RPL (+ 6LowPAN/IPv6) over standard IEEE wireless and PLC link-layer technologies (i.e., IEEE Std 802.15.4g/4e and IEEE Std P1901.2, respectively). Each of these standards is coming with a link-layer security specification. >> >> Following you recommendation: we can add a new section - "Security Considerations" - to the section where we describe the link-layer security features (i.e., to the Section 9.2.3 called "Security features provided by the MAC sub-layer"). Alternatively, we can keep the Section 9.2.3 as it is and in the content that will be provided we describe how the link-layer security features will meet the requirements of the RPL security services. Which of these approaches will better answer your request? >> >> Would such clarifications meet your expectations? >> >> Regards, >> Daniel >> >> -----Message d'origine----- >> De : roll issue tracker [mailto:trac+roll@grenache.tools.ietf.org] >> Envoyé : mardi 17 décembre 2013 06:51 >> À : draft-ietf-roll-applicability-ami.all@tools.ietf.org; mariainesrobles@gmail.com >> Cc : roll@ietf.org >> Objet : [roll] #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used >> >> #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used >> >> Source: http://www.ietf.org/mail-archive/web/secdir/current/msg04477.html >> >> >> From: Chris Lonvick <clonvick at cisco.com> >> Date: Fri, 13 Dec 2013 11:41:54 -0800 (PST) >> >> >> >> “The authors note that other security mechanisms may be used, which would mean that the security functions of RPL would not be needed. I would recommend that a section of the Security Considerations be added for each instance where the RPL security mechanism are not to be used. Each of those sections should show how the replacement mechanisms will meet the requirements of the RPL security services that are described in 6550.” >> >> -- >> -------------------------------------+---------------------------------- >> -------------------------------------+--- >> Reporter: | Owner: draft-ietf-roll- >> mariainesrobles@gmail.com | applicability- >> Type: defect | ami.all@tools.ietf.org >> Priority: major | Status: new >> Component: applicability-ami | Milestone: >> Severity: Active WG Document | Version: >> | Keywords: >> -------------------------------------+---------------------------------- >> -------------------------------------+--- >> >> Ticket URL: <http://trac.tools.ietf.org/wg/roll/trac/ticket/136> >> roll <http://tools.ietf.org/wg/roll/> >>
- Re: [Roll] [roll] #136 (applicability-ami): - dra… roll issue tracker
- [Roll] [roll] #136: - draft-ietf-roll-applicabili… roll issue tracker
- Re: [Roll] [roll] #136: - draft-ietf-roll-applica… Popa, Daniel
- Re: [Roll] [roll] #136: - draft-ietf-roll-applica… roll issue tracker
- Re: [Roll] [roll] #136: - draft-ietf-roll-applica… Popa, Daniel
- Re: [Roll] [roll] #136: - draft-ietf-roll-applica… roll issue tracker
- Re: [Roll] [roll] #136: - draft-ietf-roll-applica… Michael Richardson
- Re: [Roll] [roll] #136: - draft-ietf-roll-applica… Chris Lonvick
- Re: [Roll] [roll] #136: - draft-ietf-roll-applica… Chris Lonvick
- Re: [Roll] [roll] #136: - draft-ietf-roll-applica… roll issue tracker
- Re: [Roll] [roll] #136 (applicability-ami): - dra… roll issue tracker
- Re: [Roll] [roll] #136 (applicability-ami): - dra… roll issue tracker