IETF Logo Mail Archive

Re: [6tisch-security] EALS and how to go from 6tisch-minimal-security to zero-touch enrollment

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 10 March 2017 18:59 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 687661296D7 for <6tisch-security@ietfa.amsl.com>; Fri, 10 Mar 2017 10:59:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zpetxzb4pB4k for <6tisch-security@ietfa.amsl.com>; Fri, 10 Mar 2017 10:59:55 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 230081296CD for <6tisch-security@ietf.org>; Fri, 10 Mar 2017 10:59:55 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 118E8E22E; Fri, 10 Mar 2017 14:22:43 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 662B46381A; Fri, 10 Mar 2017 13:59:53 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "6tisch-security@ietf.org" <6tisch-security@ietf.org>
In-Reply-To: <D4E7F01F.78F49%goran.selander@ericsson.com>
References: <D4E34D31.783F2%goran.selander@ericsson.com> <7579.1488907684@obiwan.sandelman.ca> <14442.1489106136@obiwan.sandelman.ca> <D4E7F01F.78F49%goran.selander@ericsson.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Fri, 10 Mar 2017 13:59:53 -0500
Message-ID: <27932.1489172393@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/PRGDZ10umfOlaPOmrXo2emTl7Vw>
Cc: =?utf-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>, =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>, Shahid Raza <shahid.raza@ri.se>
Subject: Re: [6tisch-security] EALS and how to go from 6tisch-minimal-security to zero-touch enrollment
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2017 18:59:57 -0000

Göran Selander <goran.selander@ericsson.com> wrote:
    >> In order for the pledge to be passive, and the JRC to manage the bulk
    >> (certificates and vouchers take a dozen fraglets, sadly), I would like
    >> the zero-touch process to be driven by the JRC.

...

    >> EALS also proposes to move the voucher nonce and ownership voucher
    >> into the protocol itself, eliminating the provisional state, and
    >> ownership voucher.
    >>
    >> This moves the entire exchange control back to the JRC.  No CoMI
    >> interface would be needed for communicating the voucher.
    >>
    >> EALS suggests that the enrollment occur over CoAP, driven by the
    >> pledge.

    > Actually, we mention that the EDHOC protocol may be reversed, and it
    > may be driven by the JRC, but first authenticating the pledge enables
    > the authorization step to come earlier.

Yes, EDHOC is reversed, and so the JRC can control when each pledge enrolls.
The JRC would not initiate a message_1 until it is ready for that pledge to
enroll.   Once it has received message_2, the JRC will know securely exactly
who is trying to connect, and if it still has concerns, or there just isn't
network bandwidth yet, it could delay sending message_3 until it is ready.

What we need to do is figure out is how the JRC inserted delays might affect
retransmission timers.  I think that the messages are all CoAP transactions
initiated from the EDHOC initiator.

Actually, that brings up a question:

>  +--------------------------------------->|    Third party
>  |                                        | < - - - - - - - - >
>  |  EDHOC message_3 (EXT_3 = Authz info)  |    authorization
>  |<---------------------------------------+

how does the initatior know that message_3 arrived okay?
I seem to be missing an ACK for this message.


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email