Re: [6lowpan] SOLACE things at SAAG

"Cullen Jennings (fluffy)" <> Sun, 04 November 2012 17:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 623F621F8626; Sun, 4 Nov 2012 09:55:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id EFiW7OlRIV1P; Sun, 4 Nov 2012 09:55:51 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 83F2721F8615; Sun, 4 Nov 2012 09:55:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=3877; q=dns/txt; s=iport; t=1352051747; x=1353261347; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=zx648dV1GzOpShKn+2bM3+/aAeY41xkQ6v7FWY9XXDo=; b=NoZG36LBQv5ZaV3RHwneAQYLTRJQB/Gr9qCius7XHPtpDemmfGOd4ZI4 Q2N2G4p/xJGD6ZEI6tpOECVwmTISG/9ZDX8s2EviC7JkY9GmBRA6sYd9K WPneGSUHxpMjBqBpWy/O2jmV1w79L7xYc3SZXs5+sWnEb+V1ylC0ygJ5z g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.80,711,1344211200"; d="scan'208";a="138628238"
Received: from ([]) by with ESMTP; 04 Nov 2012 17:55:47 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id qA4HtkgV032526 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 4 Nov 2012 17:55:46 GMT
Received: from ([]) by ([]) with mapi id 14.02.0318.001; Sun, 4 Nov 2012 11:55:46 -0600
From: "Cullen Jennings (fluffy)" <>
To: Stephen Farrell <>, Michael Richardson <>, "" <>, Sean Turner <>, Carsten Bormann <>
Thread-Topic: [6lowpan] SOLACE things at SAAG
Thread-Index: AQHNurWd8mDoYb2tQUy4Nk+S++c3Zw==
Date: Sun, 04 Nov 2012 17:55:46 +0000
Message-ID: <>
References: <015901cdb0d3$d38cf1f0$7aa6d5d0$> <> <> <02a101cdb5f5$51109a70$f331cf50$> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-tm-as-product-ver: SMEX-
x-tm-as-result: No--48.905900-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Sun, 04 Nov 2012 11:39:28 -0800
Cc: "" <>, "Keoh, Sye Loong" <>, "" <>
Subject: Re: [6lowpan] SOLACE things at SAAG
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Working group discussion for IPv6 over LowPan networks <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 04 Nov 2012 17:55:52 -0000

I have been doing some work with constrained devices and would be happy to talk about the problem in SAAG. I've spend a fair amount of time talking to few folks that I think of as part of the security mafia to try and understand how to describe some of the threats and try and get crisp about the overall goals - particularly in thinking about how the problem is different than security problems we have already solved. 

I do have a sketch of a proposed solution which I think helps people understand the problem but may or may not be the right path to a good solution.  If someone from the security community wanted to help me move this from a sketch to a well formed proposal, that would be great but I think the key thing for SAAG right now is the problem. 

I'm glad to do this with Carsten - he and I are at pretty opposite ends of the spectrum on some of this stuff but the union of our views likely covers a very large percentage of the broad communities views on the topic. 


On Oct 29, 2012, at 14:45 , Stephen Farrell <> wrote:

> Hiya,
> So Carsten volunteered to give saag a heads-up on the
> problem this time. If he and Cullen want to arm-wrestle
> that's fine:-) I'm sure either would do a fine job.
> I didn't mean to say anything about the solace draft
> being good, bad or indifferent. But I figured someone
> is working on this problem somewhere and would like
> to make sure that whatever solution looks like it'll
> be adopted is something that wouldn't cause saag folk
> to have fits.
> Cheers,
> S.
> On 10/29/2012 08:32 PM, Michael Richardson wrote:
>>>>>>> "Stephen" == Stephen Farrell <> writes:
>>   Stephen> Would it be timely to spend 10 minutes on this during the saag
>>   Stephen> session?
>> I think, if you want to talk something SOLACE related which is more
>> concrete than a possible SOLACE IRTF "charter", then maybe have Cullen
>> talk about:
>>   Stephen> I'd really like that the security area not end up being surprised
>>   Stephen> by whatever is eventually decided so getting a presentation at
>>   Stephen> saag would be useful at the point where you more or less know
>>   Stephen> the direction, but are still flexible enough to deal with someone
>>   Stephen> who e.g. points out significant security issues.
>> Except that:
>> 1) the constrained devices are more constrained than the IP phones
>>  described.
>> 2) the constrained devices probably can not be attacked/p0wned until
>>  after they get on the network, and so actually authenticating to the
>>  network is the "application"
>> Cullen's slides provide a really good starting explanation.
>> While the details of the ultimate answer are going to be a bit different
>> in small ways,  the basic architecture he presents has been articulated
>> repeatedly by many.
>> So, if your aim is to get more security geeks thinking about attacks,
>> and about defenses, in advance of an actual proposed protocol (and
>> SOLACE is an I*R*TF group, recall. A protocol might not be the result
>> anyway), then I suggest giving Cullen a few minutes to talk about his
>> slide 7,8,9.
>>   Stephen> It might be that waiting another meeting cycle or two would be
>>   Stephen> better if the basic ideas aren't yet firmed up.
>> One meeting cycle won't help.  Four might.
> _______________________________________________
> 6lowpan mailing list