Re: [6tisch-security] [Anima] autonomic bootstrap: gap analysis
Behcet Sarikaya <sarikaya2012@gmail.com> Tue, 17 June 2014 20:00 UTC
Return-Path: <sarikaya2012@gmail.com>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 947891A0160; Tue, 17 Jun 2014 13:00:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6HoNdtAWjvE1; Tue, 17 Jun 2014 13:00:11 -0700 (PDT)
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D661E1A0123; Tue, 17 Jun 2014 13:00:10 -0700 (PDT)
Received: by mail-yk0-f178.google.com with SMTP id q9so5636555ykb.37 for <multiple recipients>; Tue, 17 Jun 2014 13:00:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=vwPj4T7GE9QKb47LQpXtDx/E2h2usp75U/ONdcdjGew=; b=jbFvO2WpFa/zK20tPCMB+E6tOnzBr24FJMDhrx1bnlWogOvH3FTEKLmt32annfAPUT NtWJsPbcxFamkr6q4kAGugmGY459OVFOhNOkWlUTZSuuT1RRPuLLJtRg7+dpGLtd5TdV tbtxFvvBrkBwLXmeYEcXQwWP7qEymGean7fciGNiQO/3QA6tITdlrXso9qJMTmLsWSLL Ee+yAfq8X3Kal1gNr/DDDGI0KbyWoBdCikL2lNSJ+d+io54cu/yYySinPD19sokXyYyY Omox/pFc92x2+4xorLVTsj+rpptYcqGn3jp1/3PL7Ueiex/RLAvwQqbJTAhwh2E8tgZA rgvQ==
MIME-Version: 1.0
X-Received: by 10.236.153.9 with SMTP id e9mr46117448yhk.15.1403035210089; Tue, 17 Jun 2014 13:00:10 -0700 (PDT)
Received: by 10.170.156.130 with HTTP; Tue, 17 Jun 2014 13:00:10 -0700 (PDT)
In-Reply-To: <26717.1402949592@sandelman.ca>
References: <26717.1402949592@sandelman.ca>
Date: Tue, 17 Jun 2014 15:00:10 -0500
Message-ID: <CAC8QAcfHz2b0QSjwk0P0ofZBxHbQS64f_7ehM5YGk+WzWUH64Q@mail.gmail.com>
From: Behcet Sarikaya <sarikaya2012@gmail.com>
To: anima@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch-security/fK4R1ZDs54p2l2CKGZ-LOse-mSk
X-Mailman-Approved-At: Tue, 17 Jun 2014 17:22:13 -0700
Cc: 6tisch-security <6tisch-security@ietf.org>
Subject: Re: [6tisch-security] [Anima] autonomic bootstrap: gap analysis
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: sarikaya@ieee.org
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 20:00:12 -0000
Hi Michael, I had a draft on this for quite longtime, the link is: http://tools.ietf.org/html/draft-sarikaya-ace-secure-bootstrapping-00 you forgot to mention this one? Behcet On Mon, Jun 16, 2014 at 3:13 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > I recognize that bootstrap is only one of the autonomic mechanisms that > are relevant to this group. I have much reading on the other aspects > which I hope to get done. > > The 6tisch security design team has been working on a "zero-touch" mechanism > that would permit constrained devices to join a Lowpower/Loss Network (LLN) > in a secure way. We have considered adapting EAP-TLS (as ZigbeeIP has > done), or turning the WirelessHART (IEC62591) packet flow into something more > IPv6-like. While there are significant bits of design space to explore > while trying to optimize packet count, size and total energy risk of the > join protocol; the idea that there should be a set of authorization tokens > From the device vendor which would permit the network and new nodes to > recognize each other has been central to all discussions. > > while draft-pritikin-bootstrapping-keyinfrastructures and > draft-behringer-autonomic-bootstrap-00 > > have proposed valid high level concepts, I believe that specification of the > authz token is critical for the IoT space. A great concern that is that the > LLNs created remain operational for decades at a time, and that the > components can individually and also in aggregate be both (re-)sold, > and/or the service provider operating the network be replaced. > > (There are real life examples where a part of a 100 square mile refinery > is actually sold to a competitor; obviously it doesn't get moved. On the > other side, one has the very real risk that you bought your sensor network > From a "Nortel") > > I was pointed at 802.1AR's device ID mechanism. Really, 802.1AR is about an > API between a (constrained) device and it's cryptographic hardware > module/TPM. It profiles a number of IETF PKIX specifications in a useful > way, but there is little there in terms of actual protocol. When it comes to > what does an *DevID look like, in it's section 7.2.8, saying that the DN > should contain a "serialNumber" attribute: > > The formatting of this field shall contain a unique X.500 > Distinguished Name (DN). This may include the unique device serial number assigned by the manufacturer > or any other suitable unique DN value that the issuer prefers. > > What I have observed is that there needs to be a way to clearly delegate from > Factory(Vendor) to VAR to DISTRIBUTOR to RESELLER to Plant-OWNER to > SERVICE-PROVIDER. It would significantly reduce the number of certificates > in (non-constrained device) databases for some levels of this hierarchy if > the IDevID were aggregateable in some fashion. RFC3779 came to mind, which > deals with delegation of Autonomous Systems Numbers (ASN) and IP address > ranges from RIRs to LIRs to ISPs and Enterprises. > RFC3779: X.509 Extensions for IP Addresses and AS Identifiers > > I created: > X509.v3 certificate extension for authorization of device ownership > draft-richardson-6tisch-idevid-cert-00 > > which cribbed together via nroff2xml and a search and replace. > > The Pritikin and Behringer documents seem to assume that the ultimate goal of > the trusted enrollment process is to create a path in which "EST"= Enrollment > over Secure Transport could operate that would permit a new locally > significant certificate to be loaded into the new device. > I agree with that goal. > > There is the question of how that trust circuit is created, and in discussion > it seemed that it involve some kind of leap-of-faith TLS setup which would be > authenticated by the "authz" tokens later on. I disagree; I think that with > appropriate evaluation of path constraints that the authentication can occur > within the TLS protocol. (Even easier if done in IKEv2) > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima >
- [6tisch-security] autonomic bootstrap: gap analys… Michael Richardson
- [6tisch-security] Scope question [was: autonomic … Brian E Carpenter
- Re: [6tisch-security] [Anima] Scope question [was… Michael Behringer (mbehring)
- Re: [6tisch-security] [Anima] Scope question [was… Pascal Thubert (pthubert)
- Re: [6tisch-security] [Anima] Scope question [was… Michael Behringer (mbehring)
- Re: [6tisch-security] [Anima] Scope question [was… Balazs Lengyel
- Re: [6tisch-security] [Anima] Scope question [was… Sheng Jiang
- Re: [6tisch-security] [Anima] Scope question [was… Laurent Ciavaglia
- Re: [6tisch-security] [Anima] Scope question [was… Brian E Carpenter
- Re: [6tisch-security] [Anima] autonomic bootstrap… Behcet Sarikaya
- Re: [6tisch-security] [Anima] autonomic bootstrap… Michael Behringer (mbehring)