Re: [6lowpan] IEEE 802.15.9 KMP over 802.15.4 and 802.15.7 approved
Robert Moskowitz <rgm@labs.htt-consult.com> Tue, 15 November 2011 06:19 UTC
Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: 6lowpan@ietfa.amsl.com
Delivered-To: 6lowpan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8C7B1F0C38 for <6lowpan@ietfa.amsl.com>; Mon, 14 Nov 2011 22:19:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AFsU2SHXAKuB for <6lowpan@ietfa.amsl.com>; Mon, 14 Nov 2011 22:19:50 -0800 (PST)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by ietfa.amsl.com (Postfix) with ESMTP id C623411E80AB for <6lowpan@ietf.org>; Mon, 14 Nov 2011 22:19:49 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 2ADB862A91; Tue, 15 Nov 2011 06:19:28 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BzRteMuEYN4Q; Tue, 15 Nov 2011 01:19:07 -0500 (EST)
Received: from nc2400.htt-consult.com (dhcp-54ca.meeting.ietf.org [130.129.84.202]) (Authenticated sender: rgm@labs.htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPA id 2BBA562A86; Tue, 15 Nov 2011 01:19:05 -0500 (EST)
Message-ID: <4EC20459.1090606@labs.htt-consult.com>
Date: Tue, 15 Nov 2011 14:19:05 +0800
From: Robert Moskowitz <rgm@labs.htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.23) Gecko/20110928 Fedora/3.1.15-1.fc14 Thunderbird/3.1.15
MIME-Version: 1.0
To: "Benjamin A. Rolfe" <ben@blindcreek.com>
References: <4EBD7EC9.4090705@labs.htt-consult.com> <7122CCCC-BF56-4A67-B255-DF126BEA495D@yegin.org> <4EC145FC.4030601@labs.htt-consult.com> <CADrU+d++Z4gVVeQmu0nh2Y9kxsSyaEFKwtnP+y3SAtMzs9iYCA@mail.gmail.com> <4EC16CDB.5010503@blindcreek.com>
In-Reply-To: <4EC16CDB.5010503@blindcreek.com>
Content-Type: multipart/alternative; boundary="------------020300010301080202010903"
Cc: 6lowpan@ietf.org
Subject: Re: [6lowpan] IEEE 802.15.9 KMP over 802.15.4 and 802.15.7 approved
X-BeenThere: 6lowpan@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Working group discussion for IPv6 over LowPan networks <6lowpan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lowpan>, <mailto:6lowpan-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6lowpan>
List-Post: <mailto:6lowpan@ietf.org>
List-Help: <mailto:6lowpan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lowpan>, <mailto:6lowpan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Nov 2011 06:19:51 -0000
On 11/15/2011 03:32 AM, Benjamin A. Rolfe wrote: > Excellent points that will make the PAR stronger. > > Many on this list have been through the IEEE 802 project process, but > for those that may not have it might help to explain the purpose of > the PAR, which is to ask IEEE-SA to authorize a new project, in this > case a recommended practice. The scope clause defines the direction of > the project and can be thought of as the 'normative' part of the PAR. > The other clauses provide the New Standards committee (NesCom) > background, and not in any way limitations. > > I see positive potential for the project. As Robert points out there > are many security methods applied over and with 802.15 standards and > for some (like me) it can be a mystifying topic. I am looking to TG9 > to help. > > As currently drafted the scope is not limited to the particular > protocols mentioned as examples. The 802.15 operating procedures allow > a very open process and input is welcome from all that choose to > participate. If/when it is approved the first steps will be to define, > within the scope of the project, what specific protocols are relevant > to the RP. I commend Bob for reaching out at this early stage to > solicit input on the project, and encourage continued participation. > The experience of those that have used 802.15.4 and other standards in > the 802.15 family will be of great value. > > So as a potential user of the RP (who isn't qualified to contribute > much beyond desire ;-), thanks all for the help on the PAR and I look > forward to continued contributions! Oh, you are going to contribute, but as a MAC expert. I THINK I have the Frame Control bits figured out and the use of the Payload IE over the Header IE, but not only does this need to be worked out but consider a controller that is receiving a string of datagrams with Forced ACKs for sensor 1 when sensor 2 starts sending a chain. Does the controller NAK sensor 2 until it finishes with sensor 1? Should KMP processing be single-threaded? What about timeouts if the sensor moves out of range during the KMP exchange then moves back within range. Well within the KMP this SHOULD be handled but the chaining? Both sides SHOULD flush out partial transmit/receive sequences on the same timing. And this is only 15.4, I need some senior guidance in cracking 15.7. There are other points for discussion as well. All this is JUST to open up 802.15 to workable security solutions independent of the higher layer selection. > > -B > > >> Bob, >> >> I have to say I object to the following statement in the PAR: >> >> "Lack of key management support in IEEE Std 802.15.4 and IEEE Std >> 802.15.7 results in weak keys which is a common avenue for attacking >> the security system." >> >> "results in weak keys" implies this is always the case, which is >> simply not true. This should be rephrased as "may result in weak >> keys". Users of 802.15.4 such as ZigBee have put in place a KMP which >> does not result in weak keys, >> >> And I agree with Alper - if you are mentioning IETF and 802.1X, you >> really have to mention PANA as it is entirely relevant. >> >> Robert >> >> On Mon, Nov 14, 2011 at 4:46 PM, Robert Moskowitz >> <rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com>> wrote: >> >> On 11/14/2011 03:17 PM, Alper Yegin wrote: >> > >> >> >> >> > Hi Bob, >> >> >> >> > >> >> >> >> > This PAR document still does not refer to >> IETF's PANA (IETF >> >> RFC that >> >> >> >> > is already adopted by the Zigbee IP spec.) I'm >> hoping the PAR >> >> changes >> >> >> >> > you are referring are already addressing that. >> Please let us >> >> know. >> >> It was a procedural question as to what is 'wanted' here. >> Strictly IEEE standards or broader interpretation? The 802EC >> clearified that a broader inclusion was desired so words have >> been added to point out that Zibgee IP has addressed this within >> their upper layer. A 'literal' interpretation was that 802.1X >> does not work over 802.15.4 or 15.7 so there was no comparable >> standard. >> >> Also 802.1 pointed out the need to include the potential need of >> an Registry Authority (6.1b) and that too was added. The final >> posted PAR will reflect these two changes. >> >> >> > >> >> >> >> > Thanks. >> >> >> >> > >> >> >> >> > Alper >> >> >> >> > >> >> >> >> > >> >> >> >> > On Nov 11, 2011, at 10:00 PM, Robert Moskowitz >> wrote: >> >> >> >> > >> >> >> >> >> The IEEE 802ec approved the PAR this >> afternoon. The PAR >> >> documents >> >> >> >> >> are at: >> >> >> >> >> >> >> >> >> >> >> >> https://mentor.ieee.org/802.15/dcn/11/15-11-0613-05-0kmp-key-management-protocol-par.doc >> >> >> >> >> >> >> >> >> >> >> https://mentor.ieee.org/802.15/dcn/11/15-11-0665-05-0kmp-kmp-5c-draft.doc >> >> >> >> >> >> >> We did agree to two procedural changes in >> the PAR, so >> >> there will be >> >> >> >> >> a rev 6 posted sometime soon. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> 6lowpan >> >> mailing >> >> >> >> >> list 6lowpan@ietf.org <mailto:6lowpan@ietf.org> >> >> >> >> >> >> https://www.ietf.org/mailman/listinfo/6lowpan >> >> >> >> > >> >> >> >> > >> >> >> _______________________________________________ >> 6lowpan mailing list >> 6lowpan@ietf.org <mailto:6lowpan@ietf.org> >> https://www.ietf.org/mailman/listinfo/6lowpan >> >> >> >> >> -- >> >> Robert Cragie >> >> Gridmerge Ltd. >> 89 Greenfield Crescent, >> Wakefield, WF4 4WA, UK >> +44 1924 910888 >> +1 415 513 0064 >> http://www.gridmerge.com <http://www.gridmerge.com/> >> >> >> >> _______________________________________________ >> 6lowpan mailing list >> 6lowpan@ietf.org >> https://www.ietf.org/mailman/listinfo/6lowpan > -- Robert Moskowitz Senior Technical Advisor Security & Standards Verizon Business Systems C:248-219-2059 F:248-968-2824 E:robert.moskowitz@verizonbusiness.com There's no limit to what can be accomplished if it doesn't matter who gets the credit
- [6lowpan] IEEE 802.15.9 KMP over 802.15.4 and 802… Robert Moskowitz
- Re: [6lowpan] IEEE 802.15.9 KMP over 802.15.4 and… Alper Yegin
- Re: [6lowpan] IEEE 802.15.9 KMP over 802.15.4 and… Robert Moskowitz
- Re: [6lowpan] IEEE 802.15.9 KMP over 802.15.4 and… Robert Cragie
- Re: [6lowpan] IEEE 802.15.9 KMP over 802.15.4 and… Benjamin A. Rolfe
- Re: [6lowpan] IEEE 802.15.9 KMP over 802.15.4 and… Robert Moskowitz
- [6lowpan] (what is the problem statement) Re: IEE… Rene Struik