Re: [6tisch-security] Question re draft-ietf-6tisch-minimal-security
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 25 April 2017 13:49 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2F4912F3D5; Tue, 25 Apr 2017 06:49:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mkZmU6LRwGlW; Tue, 25 Apr 2017 06:49:24 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC62E12ECEF; Tue, 25 Apr 2017 06:49:23 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4186B2055A; Tue, 25 Apr 2017 10:14:50 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 5A897636E0; Tue, 25 Apr 2017 09:49:22 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Fred Baker <fredbakersba@gmail.com>
cc: draft-ietf-6tisch-minimal-security@ietf.org, 6tisch-security@ietf.org
In-Reply-To: <834D3954-2B6A-4036-BFFD-48B2613AB60D@gmail.com>
References: <834D3954-2B6A-4036-BFFD-48B2613AB60D@gmail.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 25 Apr 2017 09:49:22 -0400
Message-ID: <20136.1493128162@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/_79VRpED7Fv1z75dPNOaHMg5U8Q>
Subject: Re: [6tisch-security] Question re draft-ietf-6tisch-minimal-security
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2017 13:49:26 -0000
Fred Baker <fredbakersba@gmail.com> wrote: > The specification makes a number of comments about an IPv6 address > based on EUI64. RFC 7217/7721 provides a way to build a stable IPv6 > address that is not based on the MAC address, and > draft-gont-6man-address-usage-recommendations (which has not been > adopted, but which I presume will eventually be adopted) recommends > using it. What plans might 6tisch have in that direction? I thought we dealt with this in the "Privacy Considerations" section, which is attached. These aren't iPhones that wander from starbucks to starbucks. In the 6tisch-minimal with PSK-based authorization, it doesn't much matter how the IID is generated. It's essentially never used for security function, in fact, many of the devices out there just make up non-stable random EUI64s and IIDs on each boot anyway. Many consider that a bug. In the zero-touch situation, we expect the 802.1AR IDevID certificate to include the IID. If the manufacturer wants to run 7217 in the factory and produce the IID that way, they can/should do that. This obscures the manufacturers' IEEE assigned 32-bit OUI, which can be seen as privacy enhancing, but may be very security negative when it comes to auditing. Once in production, we replace all 8-byte EUIs (and derived IPv6 IIDs) with 2-byte assigned addresses. This is the text from the draft: # Privacy Considerations This specification relies on the uniqueness of EUI64 that is transferred in clear as part of the security context identifier. (EDNOTE: should we say IID here?) Privacy implications of using such long-term identifier are discussed in {{RFC7721}} and comprise correlation of activities over time, location tracking, address scanning and device-specific vulnerability exploitation. Since the join protocol is executed rarely compared to the network lifetime, long-term threats that arise from using EUI64 are minimal. In addition, the join response message contains an optional short address which can be assigned by JRC to the pledge. The short address is independent of the long-term identifier EUI64 and is encrypted in the response. For that reason, it is not possible to correlate the short address with the EUI64 used during the join. Use of short addresses once the join protocol completes mitigates the aforementioned privacy risks. In addition, EDHOC may be used for identity protection during the join protocol by generating a random context identifier in place of the EUI64 {{I-D.selander-ace-cose-ecdhe}}. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- Re: [6tisch-security] Question re draft-ietf-6tis… Michael Richardson