Re: [6lowpan] SOLACE things at SAAG

"Cullen Jennings (fluffy)" <fluffy@cisco.com> Sun, 04 November 2012 17:55 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: 6lowpan@ietfa.amsl.com
Delivered-To: 6lowpan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 623F621F8626; Sun, 4 Nov 2012 09:55:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFiW7OlRIV1P; Sun, 4 Nov 2012 09:55:51 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 83F2721F8615; Sun, 4 Nov 2012 09:55:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3877; q=dns/txt; s=iport; t=1352051747; x=1353261347; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=zx648dV1GzOpShKn+2bM3+/aAeY41xkQ6v7FWY9XXDo=; b=NoZG36LBQv5ZaV3RHwneAQYLTRJQB/Gr9qCius7XHPtpDemmfGOd4ZI4 Q2N2G4p/xJGD6ZEI6tpOECVwmTISG/9ZDX8s2EviC7JkY9GmBRA6sYd9K WPneGSUHxpMjBqBpWy/O2jmV1w79L7xYc3SZXs5+sWnEb+V1ylC0ygJ5z g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAP2qllCtJV2c/2dsb2JhbABEwzmBCIIeAQEBAgEBAQEBDwEnNAsQAgEIEgYKFBAnCxcOAgQBDQUIDAcHh2IGC5kxnwuMAYVbYQOkVIFrgm+CGQ
X-IronPort-AV: E=Sophos;i="4.80,711,1344211200"; d="scan'208";a="138628238"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-2.cisco.com with ESMTP; 04 Nov 2012 17:55:47 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id qA4HtkgV032526 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 4 Nov 2012 17:55:46 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.217]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.02.0318.001; Sun, 4 Nov 2012 11:55:46 -0600
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Michael Richardson <mcr+ietf@sandelman.ca>, "saag@ietf.org" <saag@ietf.org>, Sean Turner <turners@ieca.com>, Carsten Bormann <cabo@tzi.org>
Thread-Topic: [6lowpan] SOLACE things at SAAG
Thread-Index: AQHNurWd8mDoYb2tQUy4Nk+S++c3Zw==
Date: Sun, 4 Nov 2012 17:55:46 +0000
Message-ID: <C5E08FE080ACFD4DAE31E4BDBF944EB1118ADA6E@xmb-aln-x02.cisco.com>
References: <015901cdb0d3$d38cf1f0$7aa6d5d0$@a-star.edu.sg> <CAC8QAccHFddngBnWynnVbSc=hhwbCmXbh9QRo=jcqPxfGYeiHg@mail.gmail.com> <1116.1351177270@sandelman.ca> <02a101cdb5f5$51109a70$f331cf50$@a-star.edu.sg> <A6012D01-F7B0-406F-8585-FFEF4A0E92D9@tzi.org> <508EBD6B.1070606@cs.tcd.ie> <10703.1351542774@obiwan.sandelman.ca> <508EEB07.8080807@cs.tcd.ie>
In-Reply-To: <508EEB07.8080807@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.78.123]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19338.004
x-tm-as-result: No--48.905900-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-ID: <81E1CB44A01F564E8B2605302FA46364@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Sun, 04 Nov 2012 11:39:28 -0800
Cc: "roll@ietf.org" <roll@ietf.org>, "Keoh, Sye Loong" <sye.loong.keoh@philips.com>, "6lowpan@ietf.org" <6lowpan@ietf.org>
Subject: Re: [6lowpan] SOLACE things at SAAG
X-BeenThere: 6lowpan@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Working group discussion for IPv6 over LowPan networks <6lowpan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lowpan>, <mailto:6lowpan-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6lowpan>
List-Post: <mailto:6lowpan@ietf.org>
List-Help: <mailto:6lowpan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lowpan>, <mailto:6lowpan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2012 17:55:52 -0000

I have been doing some work with constrained devices and would be happy to talk about the problem in SAAG. I've spend a fair amount of time talking to few folks that I think of as part of the security mafia to try and understand how to describe some of the threats and try and get crisp about the overall goals - particularly in thinking about how the problem is different than security problems we have already solved. 

I do have a sketch of a proposed solution which I think helps people understand the problem but may or may not be the right path to a good solution.  If someone from the security community wanted to help me move this from a sketch to a well formed proposal, that would be great but I think the key thing for SAAG right now is the problem. 

I'm glad to do this with Carsten - he and I are at pretty opposite ends of the spectrum on some of this stuff but the union of our views likely covers a very large percentage of the broad communities views on the topic. 

Cullen



On Oct 29, 2012, at 14:45 , Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

> 
> Hiya,
> 
> So Carsten volunteered to give saag a heads-up on the
> problem this time. If he and Cullen want to arm-wrestle
> that's fine:-) I'm sure either would do a fine job.
> 
> I didn't mean to say anything about the solace draft
> being good, bad or indifferent. But I figured someone
> is working on this problem somewhere and would like
> to make sure that whatever solution looks like it'll
> be adopted is something that wouldn't cause saag folk
> to have fits.
> 
> Cheers,
> S.
> 
> On 10/29/2012 08:32 PM, Michael Richardson wrote:
>> 
>>>>>>> "Stephen" == Stephen Farrell <stephen.farrell@cs.tcd.ie> writes:
>>   Stephen> Would it be timely to spend 10 minutes on this during the saag
>>   Stephen> session?
>> 
>> I think, if you want to talk something SOLACE related which is more
>> concrete than a possible SOLACE IRTF "charter", then maybe have Cullen
>> talk about:
>> 
>> http://www.lix.polytechnique.fr/hipercom/SmartObjectSecurity/papers/CullenJennings.pdf
>> http://www.lix.polytechnique.fr/hipercom/SmartObjectSecurity/slides/Cullen1.pdf
>> 
>>   Stephen> I'd really like that the security area not end up being surprised
>>   Stephen> by whatever is eventually decided so getting a presentation at
>>   Stephen> saag would be useful at the point where you more or less know
>>   Stephen> the direction, but are still flexible enough to deal with someone
>>   Stephen> who e.g. points out significant security issues.
>> 
>> Except that:
>> 1) the constrained devices are more constrained than the IP phones
>>  described.
>> 
>> 2) the constrained devices probably can not be attacked/p0wned until
>>  after they get on the network, and so actually authenticating to the
>>  network is the "application"
>> 
>> Cullen's slides provide a really good starting explanation.
>> While the details of the ultimate answer are going to be a bit different
>> in small ways,  the basic architecture he presents has been articulated
>> repeatedly by many.
>> 
>> So, if your aim is to get more security geeks thinking about attacks,
>> and about defenses, in advance of an actual proposed protocol (and
>> SOLACE is an I*R*TF group, recall. A protocol might not be the result
>> anyway), then I suggest giving Cullen a few minutes to talk about his
>> slide 7,8,9.
>> 
>>   Stephen> It might be that waiting another meeting cycle or two would be
>>   Stephen> better if the basic ideas aren't yet firmed up.
>> 
>> One meeting cycle won't help.  Four might.
>> 
> _______________________________________________
> 6lowpan mailing list
> 6lowpan@ietf.org
> https://www.ietf.org/mailman/listinfo/6lowpan