[6tisch] rekeying the 6TiSCH network
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 20 August 2019 16:17 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA8C512082C for <6tisch@ietfa.amsl.com>; Tue, 20 Aug 2019 09:17:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=D+l3EuzL; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Hi/DJ4m/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GlFm2NwmPxky for <6tisch@ietfa.amsl.com>; Tue, 20 Aug 2019 09:17:24 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E326B120105 for <6tisch@ietf.org>; Tue, 20 Aug 2019 09:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5264; q=dns/txt; s=iport; t=1566317843; x=1567527443; h=from:to:cc:subject:date:message-id:mime-version; bh=hW01fRYau1F9FiJ16hHTdtsJ+0RsONz/mLY1XaiTukU=; b=D+l3EuzLmdHL/YQeKZ3+LBnnGlS4rJjZhiaXHKdFgBmyfewOZQDvYeC5 z9U8wK4QlpJB5tCcRTZp0Rp6kngMXSEkQ+4Al61lovazVee1OjCNgFGRe rNb3Ay/ENovD/PoVKG2OZ8+huf2dgMMBELZJLnH1q4edrtVxGg04FZamo k=;
IronPort-PHdr: 9a23:VI6i3xDgcID7VdrB3l+DUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qs03kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuNOLqciY3BthqX15+9Hb9Ok9QS47z
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A2AAAlHFxd/4MNJK1mDgwBAQEBAQIBAQEBBwIBAQEBgVYCAQEBAQsBgRUvUANtVSAECyqHZgOKfJJigwIDhFqBQoEQA1QJAQEBDAEBLQIBAYQ/AoJVIzcGDgIFAQEEAQEBAgEGBG2FJwyFTAEDExsTAQE3AQQNARpmFw8BBAENDRqDAYEdTQMODwECoGMCgTiIYYIlgnsBAQWFERiCFAmBNAGLaBiBQD+BV4JMhEo6gzuCJpQmlzMJAoIdjXeGXZhGjVuYDgIEAgQFAg4BAQWBZiKBWHAVgyeCQoNyihg7coEpjhQBAQ
X-IronPort-AV: E=Sophos;i="5.64,408,1559520000"; d="scan'208,217";a="310619767"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Aug 2019 16:17:22 +0000
Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x7KGHMwi020653 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 20 Aug 2019 16:17:22 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 20 Aug 2019 11:17:21 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 20 Aug 2019 11:17:21 -0500
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 20 Aug 2019 11:17:21 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UwpPPm8lVy+3yrc2BqEYSSpvqyWLGDWfU3Zm1lyfMc2G3I8w4dAOqarIZ8KhKxf6gQ7Iv/e3BJMq9uhsPa5OtskfafzBqYT2iP4tKtTKUoXB3rpkx0fGKwo2IiotGIHzjKYudjw3SK1f+g/sqSt2LOgPtDnG5evLLj8uEBMxQJsb7euAagVfi2RURbD3hn7B/BYMtX0hyZjVgZA88ezAB73pPDeLQ7VhfPo8ctZCuSaFx94mp1SqYDx7HYsj8sfqcuernZKLPIEYRx/fsSh+tzPcbB1ucoDippmx/b8sFsjSrSvW4VfqEE0C5BrnO0TkIjBlORvgnReYZr6XVMzvsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f0xmfr5+44sPmvZbme60zkGfGATRb8Fc9DnkWDW1+z4=; b=hez2HWrR1XmvsDhKe8HD/vUhe6V0LJBvr3VQdRRLKFG8oB59e48i+jYNLiKRVLYHwYPUi1Rim7L1IEeLoPX0ckMNP4qE0/QvmuNAUnP1/DN5wMFKSEMhR+BhduTGOdYDFvxc8sAwRi01Ru+RPceSSdVr4yvXuUkm9smdtaZdICEHT/Stnv2DpsTynO+GbMLK355vz+0UDBm71esG3x9ir4fst7RZMPJ4jjBuMnptRJZHgbzo/KSalm6gkmHAEURKLwiCyhuS0VcOUeHRGUhxFfIBBxn7cKqHD9QZuZPqZNiG0RK/pO0VZE1u09Xbr2bNwMBdf3p0OjzgHexIoYUwmw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f0xmfr5+44sPmvZbme60zkGfGATRb8Fc9DnkWDW1+z4=; b=Hi/DJ4m/HPQYGs0cKvhV430FaEuvq66sLYzGF4nBcPD3QqQqK0LMWu03desZW72TaeL53YBmX30PSAqRWNTtIGSI/51r/TISH82qItUeDkAmel+zpbCcnsaI5czlq4i91sfayO90etKU/DymxZQBexJJjWsO47Ej9wMeiDj9H28=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4064.namprd11.prod.outlook.com (20.179.150.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Tue, 20 Aug 2019 16:17:20 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e%3]) with mapi id 15.20.2178.018; Tue, 20 Aug 2019 16:17:20 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Mališa Vučinić <malisa.vucinic@inria.fr>, Michael Richardson <mcr+ietf@sandelman.ca>, Tero Kivinen <kivinen@iki.fi>
CC: "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: rekeying the 6TiSCH network
Thread-Index: AdVXckOY/3jnRzg5QPaDNBx+4YyLTA==
Date: Tue, 20 Aug 2019 16:17:15 +0000
Deferred-Delivery: Tue, 20 Aug 2019 16:16:49 +0000
Message-ID: <MN2PR11MB356576EF7D90B7515043744DD8AB0@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:44f3:1300:8170:98a7:7988:d19d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c874420c-dd44-4772-9dda-08d72589e081
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4064;
x-ms-traffictypediagnostic: MN2PR11MB4064:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB406405D324435CB5206781DAD8AB0@MN2PR11MB4064.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 013568035E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(366004)(136003)(376002)(396003)(199004)(189003)(6666004)(478600001)(52536014)(14454004)(5660300002)(7736002)(33656002)(6436002)(81156014)(81166006)(66446008)(64756008)(66556008)(66476007)(66946007)(76116006)(71200400001)(8936002)(9686003)(54896002)(6306002)(55016002)(4326008)(256004)(53936002)(74316002)(14444005)(8676002)(2171002)(25786009)(71190400001)(6506007)(486006)(186003)(4744005)(7696005)(46003)(790700001)(6116002)(476003)(86362001)(2906002)(316002)(110136005)(99286004)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4064; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: WOcMsJNUtUkzagWi/aJVTP61JP2N+soqNulnh1je0ENMfik8m+H3Q5F6Lo0uLMMmQmS97/MK3ADhf3zt0y/XT7kyAeZ/zO/9gHzkQwXB4KT3fjZ1BRimoXCfHxgey9w28x0Se0djFOAUbCNMphfOcZ5YCpTf/zh1gafqMBGrrPbdsHayrCR4ZMu+hbA9eQjuWE0DTK7uqu2a9YavPnuLsNSyqDVUYvHWSXFLMnbE9m6nvS52AsGUlw8lzeL45ifBx2DYdLlLxcOh9nPcTllAxJmRRhYj+hif6YXYLgXJtJEHBJnRUh9XZAvpiB/7XZiiAQDZFc0pmKbYxKkxl+JxmIwzVgMMLv0yn8nRsBKv3UU6dDkiQmcz6cQVH+sfOT4ha5fnZIrdQpgcypajGqrDuhDaq/JdEH3zBONUYEkO7WM=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB356576EF7D90B7515043744DD8AB0MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c874420c-dd44-4772-9dda-08d72589e081
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2019 16:17:20.1703 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8WLJpkZTXsBg0JONmtwtCEJ6wuSDikFDcfpCf+qSQMweE6CXeLJtpyesf9VK/5paCPkZF2DUzw5VbdEOBJLlSg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4064
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.23, xch-aln-013.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/B9ubdxWxIldRys0cCHAPYfOaono>
Subject: [6tisch] rekeying the 6TiSCH network
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2019 16:17:26 -0000
Dear all: I'm looking for a consensus on how to address the following review comment on the 6TiSCH Architecture by Benjamin: > It would be good to see some architectural discussion about key management > for the link-layer keys. (Given that 802.15.4 leaves key management as out of > scope, it is clearly our problem.) Thus far I don't even have a sense for when it is > possible to rotate a network's keys. > To which I answered: PT> I'll take that to a separate thread with Michael, Tero and Malisa. It is certainly possible to rotate keys. We had a draft about rekeying that went stale. We isolated cases where this is desirable in the discussion on the minimal security draft. I'm unclear how deep we need to go in this regards vs. what belongs to the minimal security specification. What do you think? Pascal
- [6tisch] rekeying the 6TiSCH network Pascal Thubert (pthubert)
- Re: [6tisch] rekeying the 6TiSCH network Michael Richardson
- Re: [6tisch] rekeying the 6TiSCH network Don Sturek
- Re: [6tisch] rekeying the 6TiSCH network Pascal Thubert (pthubert)
- Re: [6tisch] rekeying the 6TiSCH network Pascal Thubert (pthubert)
- Re: [6tisch] rekeying the 6TiSCH network Michael Richardson
- Re: [6tisch] rekeying the 6TiSCH network Benjamin Kaduk