[6tisch-security] minutes from call 2014-10-28
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 04 November 2014 15:30 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A95D1A8A10 for <6tisch-security@ietfa.amsl.com>; Tue, 4 Nov 2014 07:30:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.487
X-Spam-Level:
X-Spam-Status: No, score=-0.487 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_NO_TEXT=1.997, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01, WEIRD_PORT=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77_KiB2-3ai2 for <6tisch-security@ietfa.amsl.com>; Tue, 4 Nov 2014 07:30:30 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79AFD1A8A0E for <6tisch-security@ietf.org>; Tue, 4 Nov 2014 07:30:30 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 9F40220028 for <6tisch-security@ietf.org>; Tue, 4 Nov 2014 10:32:07 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id 3F06B637F4; Tue, 4 Nov 2014 10:30:28 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 27EDA637F2 for <6tisch-security@ietf.org>; Tue, 4 Nov 2014 10:30:28 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: tisch-security <6tisch-security@ietf.org>
X-Attribution: mcr
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Tue, 04 Nov 2014 10:30:28 -0500
Message-ID: <7180.1415115028@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch-security/3ZVVbRjHZr09aPI_9ms364wBQL8
Subject: [6tisch-security] minutes from call 2014-10-28
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 15:30:32 -0000
My appologies for taking so long to get these out.
The call this week is in 30 minutes at:
> Meeting number: 645 146 419 Meeting password: timeslot Audio
> connection: 1-877-668-4493 Call-in toll free number (US/Canada)
> 1-650-479-3208 Call-in toll number (US/Canada)
> https://ietf.webex.com/ietf/j.php?MTID=m026b87ec5a630ca1ec44f2e79329ba02
> etherpad for meeting:
> http://etherpad.tools.ietf.org:9000/p/6tisch-security-6top-xml.txt
> please note that google/browser-using-google-data might complain about it
> being a phising site, it is likely a false positive, and I've let
> ietf-action know about it.
2014-10-28 call started 11am EST.
Attending
- Thomas Watteyne
- Michael Richardson
- Jonathan Simon
- Kris Pister
- Mike Seewald
- Nancy Cam-Winget
We started the meeting by attempting to recap the discussion in the Mailing
List. Michael asks Kris to do the recap. The thread starts at:
http://www.ietf.org/mail-archive/web/6tisch-security/current/msg00212.html
The result of the discussion is that we have some terminology problems with
the use of "join key" --- we agreed that we would use the following terms:
join network - A 802.15.4e network whose well known global
encryption and authentication key is "JOIN6TISCH".
unique join key - a symmetric key shared between a newly joining node, and
the JCE. This key supports smaller installations for which
asymmetric methods are considered too large
well known beacon key - this is the key "JOIN6TISCH"
MR discussed that while the unique join key might in some situations not be
unique (we can not prevent use of pin "0000" a la Bluetooth headsets), we
should never make a protocol that depends upon the key being known by more
than one node.
We then had a discussion about the term "trust anchors".
MCR said that the use of this term will cause some security people to assume
that this is related to the set of trust anchors present in web browsers;
that some interaction with the Verisign/Komodo/etc. is intended, when it
really is about connection to some industry consortia, or perhaps only to the
vendor's CA.
We covered the problem of the node knowing if it is joining the right
network, that "this is the JCE you are looking for" (Star Wars droids
reference). The oil refinery situation was raised; where competitors have
equipment within radio distance of each other, and often sell/lease it among
themselves.
MR: suggestion: certificate given by JCE to node, contains authorization with
"I am your owner". there is a set of delegation in supply chain. node can
authenticatie that. node need to go to its vendor
KP: so go out to the Internet and contact the vendor?
MR: don't suggest node or JCE do this online. Michael Belinger raised fraud and
reselling. issue is that, when you purchase a node, you have to
install. vendor could veto a resell market if was involved online. example
with lightbulbs
MR: opinion is that the way you get that certificate is out of scope. Here is
your MAC id and certificate of who owns you
We had a discussion about possible ways that this introduces a vendor-lockin
DRM, and the negative press that might result. This is the reason for the
802.1AR installation of a LDevID after the join process, as this
permits/supports resell and further econonic activity without permission of
the vendor.
We agreed that there would never be a requirement to go out to the Internet.
MCR explained purpose of draft-richardson-6tisch-idevid-cert... tried to
explain relative to SIDR, but SIDR work was not known.
We discussed why we have a well-known-beacon key at all: mixing traffic from
other sources users of that spectrum, and also concern that some MACs may be
unable to deal with unencrypted and encrypted traffic being received at the
same time.
We had a discussion about the 10/11 flows which are summarized as follows:
MR: DTLS session bnetwee JCE and join assistant, doubly encryped (L2 hop by hop and e2e DTLC/6top)
MR: TLS session setup consists of 2 exchanges:
. client hello (client presents his capabilities)
. server helo (new node) responds his capabilities)
. those packets re 100-150 bytes. possibly 60-70 bytes. suspect will be 2 frames
. allow to agree on cipher, need crypto agility
. would be ideal is JCE presents 2 options, AES-TCM and other
. second exchange involves client certification, and response with server certificate and DH
. packet ~1-2kB size. can be in smaller pieces
. biggest pieces in this is supplier chain of certificate that proves own this node
. upper part of chain COULD be cached by join assistant. but, most of
statements will be mote-specific
Agenda for next, second DODAG, how do we get that mode online:
text in section 3 starting with:
"The specific mechanism to enable end to end connectivity with the JCE"
--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
- [6tisch-security] minutes from call 2014-10-28 Michael Richardson
- Re: [6tisch-security] minutes from call 2014-10-28 Thomas Watteyne