IETF Logo Mail Archive

[6tisch-security] Who initiates Phase 2?

Mališa Vučinić <malisa.vucinic@inria.fr> Wed, 30 November 2016 09:28 UTC

Return-Path: <malisa.vucinic@inria.fr>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F076129E15 for <6tisch-security@ietfa.amsl.com>; Wed, 30 Nov 2016 01:28:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.397
X-Spam-Level:
X-Spam-Status: No, score=-8.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H59ED24D1mut for <6tisch-security@ietfa.amsl.com>; Wed, 30 Nov 2016 01:28:25 -0800 (PST)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C26F129E22 for <6tisch-security@ietf.org>; Wed, 30 Nov 2016 01:25:00 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.31,573,1473112800"; d="scan'208";a="202280982"
Received: from unknown (HELO [128.93.84.195]) ([128.93.84.195]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 30 Nov 2016 10:24:58 +0100
From: =?utf-8?Q?Mali=C5=A1a_Vu=C4=8Dini=C4=87?= <malisa.vucinic@inria.fr>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-Id: <F3B7D5FA-D6D5-49B3-9CE7-2C20355A6681@inria.fr>
Date: Wed, 30 Nov 2016 10:24:59 +0100
To: tisch-security <6tisch-security@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/jQBBB1pg-O1G6SSEKvHTWaALlvA>
Subject: [6tisch-security] Who initiates Phase 2?
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2016 09:28:27 -0000

Michael,

Coming back to the discussion on who initiates the exchange in Phase 2 of the join protocol.

My understanding of the IETF 97 meeting outcome is that Phase 1 and Phase 2 will be ran in sequence. Phase 1 runs to completion with manufacturer-installed certificate as the start state and locally-relevant credential as the end state. Phase 2 immediately takes over and uses the locally-relevant credential as the start state and network-wide K2 as the end state. 

In that setup, I don’t really see why it matters who initiates Phase 2. Being it JCE, we end up having a PUT and a response (two messages). Being it JN, we end up with a GET and a response (two messages). Either way, messages are exchanged in a sequence initiated by the party that initiated Phase 1. Matching CoAP’s client/server role to the role in the key agreement protocol is not necessary, I believe. Am I missing something?

Mališa

v2.8.7 | Report a Bug | By Email