Re: [6tisch-security] (minutes 6tisch security call Thu Jan 22, 2015, 1pm EST) Re: (updated agenda) Re: (Important -- 6tisch security call rescheduled! New time/date *this* Thursday, January 22nd) --- Re: reminder -- 6tisch security call *tomorrow*, Tue J
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 26 January 2015 17:19 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F11941ACD0C for <6tisch-security@ietfa.amsl.com>; Mon, 26 Jan 2015 09:19:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.837
X-Spam-Level:
X-Spam-Status: No, score=-13.837 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FS_SINGLE_LETTER_J=0.672, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, WEIRD_PORT=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L7xgSt6z3x7l for <6tisch-security@ietfa.amsl.com>; Mon, 26 Jan 2015 09:19:16 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A65781ACD03 for <6tisch-security@ietf.org>; Mon, 26 Jan 2015 09:19:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=61928; q=dns/txt; s=iport; t=1422292757; x=1423502357; h=from:to:subject:date:message-id:mime-version; bh=p1XN4Q2GghY6nDEN23QXu+z08WHz8wPy2Nbbxhak5zg=; b=Mvvwz+gq27wJOOM5MQ6EOalspEjn70y+CbR2Wq/0BKMCZ8ecTmRJFrmo bCHNQice9M6zDt2n4KIiQniyRtb1eWqyclEK+/gZwqZjHcsVWNo3a9w6N P+yQlSy8gYYdicOrwFJ3BMXfSLR9y8eZ7QTjr6XFLgY6/cBc8VkmUgMLh 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AroJAB92xlStJV2a/2dsb2JhbABAEQYDgkNDUlkEgnzBCRM8gUYZAQuFbwIcfUMBAQEBAX2EDAEBAQQaAQgKOQIMFwEIDgMBAgEBAQsKAQMIAQIBAwMCBB8RFAMGBwIBBAESCAGIDwMRDTe/cYUtiXgNhRUBAQEBAQEBAQEBAQEBAQEBAQEBAQEXjEgBgQWBSAcJAgELEw8HCgELAQoHBAcHghU7ER2BEwWEQgaHNYEQgQdag0uCDYIEglo2gkmHdT2COYM9IoIybk5vAQGBQn4BAQE
X-IronPort-AV: E=Sophos; i="5.09,469,1418083200"; d="scan'208,217"; a="117640826"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-7.cisco.com with ESMTP; 26 Jan 2015 17:19:15 +0000
Received: from xhc-rcd-x08.cisco.com (xhc-rcd-x08.cisco.com [173.37.183.82]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id t0QHJDxq011047 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 26 Jan 2015 17:19:14 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.100]) by xhc-rcd-x08.cisco.com ([173.37.183.82]) with mapi id 14.03.0195.001; Mon, 26 Jan 2015 11:19:13 -0600
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Rene Struik <rstruik.ext@gmail.com>, tisch-security <6tisch-security@ietf.org>
Thread-Topic: [6tisch-security] (minutes 6tisch security call Thu Jan 22, 2015, 1pm EST) Re: (updated agenda) Re: (Important -- 6tisch security call rescheduled! New time/date *this* Thursday, January 22nd) --- Re: reminder -- 6tisch security call *tomorrow*, Tue J
Thread-Index: AdA5jBt1jf6/FBBSTUGG/FkDhRBc0Q==
Date: Mon, 26 Jan 2015 17:19:12 +0000
Deferred-Delivery: Mon, 26 Jan 2015 17:19:00 +0000
Message-ID: <E045AECD98228444A58C61C200AE1BD848B48A2A@xmb-rcd-x01.cisco.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.55.22.4]
Content-Type: multipart/alternative; boundary="_000_E045AECD98228444A58C61C200AE1BD848B48A2Axmbrcdx01ciscoc_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/6tisch-security/gH1tRdqjH7D3VPij9fQw-3ULYak>
Subject: Re: [6tisch-security] (minutes 6tisch security call Thu Jan 22, 2015, 1pm EST) Re: (updated agenda) Re: (Important -- 6tisch security call rescheduled! New time/date *this* Thursday, January 22nd) --- Re: reminder -- 6tisch security call *tomorrow*, Tue J
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jan 2015 17:19:23 -0000
Added these here https://bitbucket.org/6tisch/meetings/wiki/150122_webex_security Thanks a bunch René! Pascal From: 6tisch-security [mailto:6tisch-security-bounces@ietf.org] On Behalf Of Rene Struik Sent: vendredi 23 janvier 2015 23:25 To: tisch-security Subject: [6tisch-security] (minutes 6tisch security call Thu Jan 22, 2015, 1pm EST) Re: (updated agenda) Re: (Important -- 6tisch security call rescheduled! New time/date *this* Thursday, January 22nd) --- Re: reminder -- 6tisch security call *tomorrow*, Tue Ja... Dear colleagues: Please find below the minutes of the 6TiSCH Security conf call as of January 22, 2015, 1-2pm EST. Minutes 6TiSCH Security conf call, Wed January 22, 2015, 1-2pm EST {note taker: Rene Struik} {recording: see 6tisch bitbucket list} {discussion material (referenced in minutes): see Google Drive weblink https://drive.google.com/?tab=co&authuser=0#folders/0B2a6Ilxu1XfCNF9JaXR1ZXlzZlU} 1. Attendance: Michael Richardson, Subir Das, Tero Kivinen, Giuseppe Piro, Pascal Thubert, Rene Struik 2. Agenda The suggested updated agenda was approved. 1) administrativia {agenda bashing/minutes} [4 min] 2) 6tisch security conf call schedule moving forward [1 min] 3) input 6tisch security to architecture draft [15 min] -- RS to present result homework assignment of last call 4) presentation Giuseppe Piro re MAC security [30 min] 5) prep for IETF-92 in Dallas [10 min] 5) AOB 3. Minutes The minutes of all previous 6TiSCH security conference calls in the time window Dec 2, 2015 till Jan 14, 2015 that had not been formally approved yet were all approved. 4. 6tisch security call schedule moving forward RS suggested he had posted the conf call schedule through March 9th, after polling preferences via a Doodle poll. For details, see http://www.ietf.org/mail-archive/web/6tisch-security/current/msg00397.html 5. Input 6tisch security to the architecture draft (draft-ietf-6tisch-architecture-04) RS reported on the outcome of the homework assignment of the 6tisch security call of the previous week (Jan 14, 2015). He had scrutinized the three text proposals that were on the table and had reviewed those with aim of establishing which elements reflected consensus of the 6tisch security group and also suggested "consensus text" the text in the document titled "join process text - suggested text for architecture document, v2 (Rene Struik, January 21, 2015)" (available via the Google Drive link). He suggested to go over the (hopefully) consensus text, identity areas where this could be improved on the call, and then post a revision reflecting this as input to the architecture document prior to the 6tisch call of the next day (Friday January 23, 2015, 11am EST). Further comments, if any, could then be made as part of the review process of the architecture doc, rather than rehashing this more now, thus allowing Pascal Thubert to move forward with the architecture document and the 6tisch security group to focus on drilling down on more detail of the join protocol itself. MR suggested he was happy with this process. RS briefly went over the document, identifying some feedback received from Subir Das and Yoshi Ohba by email. He also highlighted that he had incorporated the suggestion by MR on the previous call to cross-reference some actual protocols that could be considered. A brief discussion ensued. PTh suggested that it would be good to add some language to the effect that the actual decision of the joining node to become part of the network may depend on authorization of the network itself. It was decided to leave out further minutiae, such as "authorization of the root of the RPL network", etc., so as to focus on the join process itself, without adding too much routing protocol baggage for now. RS suggested that this would also avoid issues that could arise in case distributed JCE's would be considered, which would not correspond to a single, fixed node. SD suggested to swap the order in which the join protocol phases and the device roles were presented in the text. He further on noted that some of the terminology re joining node, join assistant, and JCE was not entirely in with what was depicted in Fig. 1. Finally, he suggested a few small edits, such as clarifying that a "one-hop neighbor" would be one "radio hop" away and not one IP hop, etc. RS agreed to try and incorporate this feedback and post a revised text document, aimed to be ready for inclusion with the architecture document. {Everybody hereby earned drink credits for reaching this mile stone and getting this topic off our chest (violins, harps, and trumpet sounds could be heard on the background)...!} 6. Presentation Giuseppe Piro re MAC security GP gave a presentation on some issues with 802.15.4-2011 security in the context of the join protocol (see document "l2-sec-issues-join - v2 (Giuseppe Piro, January 22, 2015), available via Google Drive link). The context (Slide #7) was that of a joining node that tries to become part of a fully secure network (i.e., the join assistant and the path towards the JCE is secured). The main problem identified was that, in 802.15.4-2011, it is not possible to mix secured and unsecured traffic (due to some details in the incoming frame security procedure (clause 7.2.3, Step f)). GP described a potential work-around, where one would install a random key (termed "fake_l2"key" on Slide #11), which only purpose was to jump the specification hurdle (so, it would never be reallly used). He also described how one could end up in the exempt status stage (by constructing a device descriptor for the joining node on the fly and setting the exempt flag). After the presentation, a brief discussion followed. TK suggested that mixing of secured and unsecured traffic was possible, since "nobody would implement Step f) if one had an incoming frame without security". RS noted that GP's presentation assumed an implementation compliant with the 802.15.4-2011 specification, not one that deviated from this. TK suggested that the work-around in the presentation would fail, since it relied on KeyIDMode 0x00, which he thought would be undefined. Since the conference call was living on borrowed time (65 minutes into the call), there was no time to verify this claim on-the-fly. Upon TK mentioning that the draft 802.15.4 revision text on security should be used, RS asked whether this draft was available to the 6tisch audience. TK mentioned that he would send a request to Bob Heile (Chair of IEEE 802.15) to request drafts (normally only available to 802.15 voters) to be made available to interested 6tisch stakeholders. [call concluded at 2.15pm EST] Best regards, Rene On 1/21/2015 10:30 AM, Rene Struik wrote: Dear colleagues: Giuseppe Piro offered to give a presentation on MAC security aspects, resulting in the updated agenda below. Dial-in info at bottom of email. Remember: 6tisch security call is now tomorrow, Thu Jan 21, 2015, 1pm EST, with duration not to exceed one hour. Please call-in on time and test your speaker/mike beforehand. Suggested updated agenda: 1) administrativia {agenda bashing/minutes} [4 min] 2) 6tisch security conf call schedule moving forward [1 min] 3) input 6tisch security to architecture draft [15 min] -- RS to present result homework assignment of last call 4) presentation Giuseppe Piro re MAC security [30 min] 5) prep for IETF-92 in Dallas [10 min] 5) AOB Link to suggested text (item #3 above): https://drive.google.com/file/d/0B2a6Ilxu1XfCbVhfd0ZONXoxc00/view?usp=sharing On 1/20/2015 4:54 PM, Rene Struik wrote: Dear colleagues: Due to connectivity problems, those on the 6tisch security call today concluded that it was best to reschedule the call. The rescheduled 6tisch security call will take place this Thursday, January 22, 2015, 1-2pm EST. (Please note that this is only once; schedule moving forward will otherwise remain the same) Agenda and dial-in info remain the same (please scroll down). Best regards, Rene On 1/20/2015 4:35 PM, Rene Struik wrote: I posted the document on Google drive, see weblink below. https://drive.google.com/file/d/0B2a6Ilxu1XfCa3RyZzlZb3RRREk/view?usp=sharing On 1/20/2015 1:13 AM, Rene Struik wrote: Dear colleagues: Please find attached my analysis of the three text proposals. I hope this helps in zooming in on consensus text. I will present this in more detail as item #3 on the agenda for the 6tisch security call of tomorrow, Tue Jan 20, 2015, 4.30pm EST. We can discuss this in more detail during that call (I won't have much time beforehand). Best regards, Rene [excerpt of minutes of 6tisch security conf call as of January 14, 2015, 11am-12pm EST] TW asked whether RS could review the three text proposals currently on the table and suggest a way forward that takes into account consensus and what was discussed during the call. RS agreed to take this on as homework assignment, with target to report back on this to the group by the end of Monday next week (January 19, 2015). On 1/19/2015 2:20 PM, Rene Struik wrote: Dear colleagues: Just a quick reminder that we have a 6TiSCH security conf call tomorrow, Tue January 20, 2015, 4.30-5.30pm EST. Suggested agenda: 1) administrativia {agenda bashing/minutes} 2) 6tisch security conf call schedule moving forward 3) input 6tisch security to architecture draft -- RS to present result homework assignment of last call 4) prep for IETF-92 in Dallas 5) AOB For dial-in info, please see bottom of this email. As to item #2 above, if you wish to weigh-in, please do respond to the Doodle poll by end of *today*, see https://doodle.com/q63844gqd59urrae. <https://doodle.com/q63844gqd59urrae> Best regards, Rene -------- Forwarded Message -------- Subject: reminder -- 6tisch security call *tomorrow*, Wed Jan 14, 2015, 11am EST (dial-in info at bottom) Date: Tue, 13 Jan 2015 19:37:04 -0500 From: Rene Struik <rstruik.ext@gmail.com><mailto:rstruik.ext@gmail.com> To: tisch-security <6tisch-security@ietf.org><mailto:6tisch-security@ietf.org> Dear colleagues: Just a quick reminder that we *do* have a conf call tomorrow, Wed Jan 14, 2015, 11am EST. Currently, the main agenda item is item #4b of last week: input to the 6tisch architecture draft. It would also be good to have some more comments on the draft I posted. Minutes of calls later tonight (sorry - extremely busy). For conf call dial-in info, see bottom of email. Best regards, Rene == Note: next week's call is on Wed Jan 14, 2015, 11am EST. On 1/6/2015 11:48 AM, Rene Struik wrote: Dear colleagues: Happy New Year! According to the agreed-upon 6tisch security conf call schedule, we will resume the conference call series today, Tue Jan 6, 2015, 5pm EST. I propose we continue the discussion where we left off prior to Christmas (essentially, item 3c below), except that we may have a short presentation first (item #2). Agenda: 1) administrativia {agenda bashing/minutes} 2) {still to be confirmed} presentation Giuseppe Piro 3) join protocol details -- a) (done) status update MAC behavior -- b) (brief!) recap of routing/communication flow aspects -- c) incremental deployment aspects 4) input 6tisch security to other 6tisch documents -- a) terminology draft -- b) architecture draft Conf call time: 5pm EST = 7am Japan = 2pm PST = 11pm Paris time. {The next call, on January 6, 2014) is also at 5pm EST (see schedule till half of January 2015)}. Note: next week's call is on Wed Jan 14, 2015, 11am EST. Dial-in info at end of this email. Best regards, Rene -------- Forwarded Message -------- Subject: Suggested agenda for 6tisch security call of *today*, Tue December 16, 2014, 5pm EST (dial-in info at bottom) Date: Tue, 16 Dec 2014 09:21:20 -0500 From: Rene Struik <rstruik.ext@gmail.com><mailto:rstruik.ext@gmail.com> To: tisch-security <6tisch-security@ietf.org><mailto:6tisch-security@ietf.org> Dear colleagues: I propose we continue the discussion where we left off last week. Agenda: 1) administrativia {agenda bashing/minutes} 2) join protocol details -- a) (brief!) status update MAC behavior -- b) continuation of routing/communication flow aspects {last week, we did not finish the only two slides on this 3) input 6tisch security to other 6tisch documents Conf call time: 5pm EST = 7am Japan = 2pm PST = 11pm Paris time. {The next call, on January 6, 2014) is also at 5pm EST (see schedule till half of January 2015)}. Dial-in info at end of this email. Best regards, Rene -------- Forwarded Message -------- Subject: suggested agenda for 6tisch security call of tomorrow, Tue December 9, 2014, 9am EST (dial-in info at bottom) Date: Mon, 08 Dec 2014 17:16:40 -0500 From: Rene Struik <rstruik.ext@gmail.com><mailto:rstruik.ext@gmail.com> To: tisch-security <6tisch-security@ietf.org><mailto:6tisch-security@ietf.org> Dear colleagues: For last week's Tue Dec 2, 2014, 9am EST conf call I prepared some material and posted prior to the call. During the call, we discussed all MAC-related aspects relevant for the join protocol and did not discuss higher-layer aspects I prepared material for yet. I suggest we continue the systematic discussion of last week and take that topic on now. This leads to the following suggested agenda for this week (essentially a continuation of last week's one): Same as last week's, except with #1a-b) focus on routing/communication flow related aspects join protocol; #2a): confirm concensus on MAC (as discussed last week) and routing/communication flow aspects #2c) {as consequence of two items above} what to squeeze into architecture draft The detailed agenda and dial-in info is below (#A, resp. #B). Best regards, Rene A) Suggested agenda Tue Dec 9, 2014, 9am EST call Proposed agenda: 0) Agenda bashing 1) Join protocol details a) desired properties b) realizable properties #1a-b) focus on routing/communication flow related aspects join protocol (we discussed MAC-related join-relevant aspects during the conf call of Tue Dec 2, 2014, 9am EST). For slides, see https://drive.google.com/folderview?id=0B2a6Ilxu1XfCNF9JaXR1ZXlzZlU&usp=sharing (same slides as sent out prior to Dec 2, 2014, 9am EST call) Relevant slides: Slides 23-25 (contained in entire slide deck (ppt), but also in excerpt (pdf)) 2) Next steps: a) consensus on 1#a and 1#b #2a): confirm consensus on MAC (as discussed last week) and routing/communication flow aspects #2c) {as consequence of two items above} what to squeeze into architecture draft b) form tiger team to work out details - project phases - communication of sub-results c) what to squeeze into architecture draft, etc. I will prepare material to facilitate discussion on 1) and 2), to be discussed during the call. B) Dial-in information: English : New York Time 6tisch security Tuesday, December 9, 2014 | 9:00 am Eastern Standard Time (GMT-05:00) Meeting number: 641 709 118 Meeting password: joinjoin Audio connection: 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) Access code: 641 709 118 Meeting link: https://ietf.webex.com/ietf/j.php?MTID=m1aa12258a83109b4ae291fb0c2bd92d6 The etherpad we have used is at: http://etherpad.tools.ietf.org:9000/p/6tisch-security-6top-xml.txt -- email: rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com> | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 -- email: rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com> | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 -- email: rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com> | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 -- email: rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com> | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 -- email: rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com> | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 -- email: rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com> | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 -- email: rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com> | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- Re: [6tisch-security] (minutes 6tisch security ca… Pascal Thubert (pthubert)