[6lowapp] Multicast, do we need it
Cullen Jennings <fluffy@cisco.com> Sat, 31 October 2009 17:33 UTC
Return-Path: <fluffy@cisco.com>
X-Original-To: 6lowapp@core3.amsl.com
Delivered-To: 6lowapp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 842F23A691D for <6lowapp@core3.amsl.com>;
Sat, 31 Oct 2009 10:33:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.376
X-Spam-Level:
X-Spam-Status: No, score=-110.376 tagged_above=-999 required=5 tests=[AWL=0.223,
BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wep08U3vnVMJ for
<6lowapp@core3.amsl.com>; Sat, 31 Oct 2009 10:33:38 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140])
by core3.amsl.com (Postfix) with ESMTP id 36E773A694C for <6lowapp@ietf.org>;
Sat, 31 Oct 2009 10:33:38 -0700 (PDT)
Authentication-Results: ams-iport-1.cisco.com;
dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjgAAKoR7EqQ/uCWe2dsb2JhbACbUwEBFiQGqBaXeIQ5BA
X-IronPort-AV: E=Sophos;i="4.44,659,1249257600"; d="scan'208";a="53281442"
Received: from ams-core-1.cisco.com ([144.254.224.150]) by
ams-iport-1.cisco.com with ESMTP; 31 Oct 2009 17:33:56 +0000
Received: from ams3-vpn-dhcp4750.cisco.com (ams3-vpn-dhcp4750.cisco.com
[10.61.82.141]) by ams-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id
n9VHXSjM024626 for <6lowapp@ietf.org>; Sat, 31 Oct 2009 17:33:55 GMT
From: Cullen Jennings <fluffy@cisco.com>
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Date: Sat, 31 Oct 2009 11:33:55 -0600
Message-Id: <82431E68-B3B1-4FF7-A1FE-51F8B17D1D54@cisco.com>
To: 6lowapp@ietf.org
Mime-Version: 1.0 (Apple Message framework v1076)
X-Mailer: Apple Mail (2.1076)
Subject: [6lowapp] Multicast, do we need it
X-BeenThere: 6lowapp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Application protocols for constrained nodes and networks
<6lowapp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/6lowapp>,
<mailto:6lowapp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6lowapp>
List-Post: <mailto:6lowapp@ietf.org>
List-Help: <mailto:6lowapp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lowapp>,
<mailto:6lowapp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2009 17:33:39 -0000
So we have a use case now where a light switch gets flicked and several lights are perceived by humans as coming on at the same time. A few people have explained to me that the way we need to meet this is the switch multicasts the on command to the lights. This brings up two questions, reliability and security. On reliability, I'm assuming we would send an unreliable multicast "on" command followed by a reliable unicast "on" command to each light individually. Any light that missed the multicast command would be delayed until they got the unicast command. Is this assumption correct on one way to deal with the reliability issues for things that need it? Do people have something else in mind? I could care less what the approach is but I want to be able to explain, at a sketch level, what the plan is to meet this use case. Now on to the security. Multicast security, particularly with very short messages if obviously solvable but not trivial security issue. As far as I can tell, this use case would force us to have a object security model. I don't pretend to be a security person in the slightest so hopefully I won't get the next part too wrong but someone who has a clue can correct me. Say were doing AES in CBC mode with a 96 byte MAC - It seems that the object will need to have somewhere in the order of: IV 16 bytes Mac 12 bytes Key identifiers 4 bytes time or sequence replay protection 4 bytes Various version code points 4 bytes Padding 1 to 16 bytes The smallest message possible is already looking like 56 bytes. One can argue any of these numbers up or down but my point is, I don't know if our effective MTU is 40,50,60, 128, or 1200. Various people have asserted all the above numbers and I understand that the real answer is not going to be hard and fast and it all depends. But it seems like we might be in the range where it's feasible to use CMS, perhaps with AES in CBC mode with HMAC-SHA-96 and some sort of scheme wit unicast challenge response to set up a sliding sequence counter window for replay protection or perhaps AES with CTR mode might be able to make it smaller. I'm not proposing this group would do this type of security work, I imagine we would go find it in something existing but this is just a back of envelope calculation on the lower bound of object security approach. And this brings up a a whole other issue, how to do replay protection on multicast messages. Clearly replaying the "unlock door" command would not be good. I have a hard time imaging anyone being keen on synchronized time between the devices. I've also seen that whatever discovery protocol is done might also need to use some secure multicast. So I am working on the assumption that we need multicast and we need object security inside it. And that this complicated out lives particularly if we want the messages to be small. Do folks agree this assumption? If folks agree, any ideas on what existing security standards we can use. I'd probably start by looking at what could be done with CMS. IS that a good starting point? One or two people suggested to me that we could use EAP but I don't know if they meant for this or something else. So as always, back to my usual questions, what is it people want to do for any of this. If there looks like there might be agreement, I can try and figure out what would be needed in the charter.
- [6lowapp] Multicast, do we need it Cullen Jennings
- Re: [6lowapp] Multicast, do we need it Don Sturek