Re: [6tisch] [Anima] Scope question [was: autonomic bootstrap: gap analysis]
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Wed, 18 June 2014 06:37 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80E2F1A0009; Tue, 17 Jun 2014 23:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jElDcRBWAj8a; Tue, 17 Jun 2014 23:37:49 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B20CC1A0007; Tue, 17 Jun 2014 23:37:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8185; q=dns/txt; s=iport; t=1403073469; x=1404283069; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=9+ZIVMN7aArTmaku+db5ZHfIxWdxT8YBFeQGmZeiOp0=; b=eguDN4D6ifPSLoabp0LSe+4mdxiF0Pb729OCAWm69fDE/w7PaomLvrj8 3kcwj9x9yNRexNcSGlm3e7FsZ1hPCE857weLUIpK6PQN53BjFq0t+wofb VEEi/HFmkK0z5nIVEMZfJSpsgCQABSwUADx3s2sJGfxn5RXMxBdXxvACN Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiAIAKcyoVOtJA2D/2dsb2JhbABagw1SWqoNAQEBAQEBBQGRaYc/AYEQFnWEAwEBAQMBAQEBNy0HCwUHBAIBCBEEAQEBChQJBycLFAkIAgQBDQUIEQKIHwgNyyIXhWKDYIUCMQcGgyeBFgScBpIVg0KCMA
X-IronPort-AV: E=Sophos;i="5.01,499,1400025600"; d="scan'208";a="333909412"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-8.cisco.com with ESMTP; 18 Jun 2014 06:37:48 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s5I6bmJ5021596 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 18 Jun 2014 06:37:48 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.126]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.03.0123.003; Wed, 18 Jun 2014 01:37:48 -0500
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, "Michael Behringer (mbehring)" <mbehring@cisco.com>
Thread-Topic: [Anima] Scope question [was: autonomic bootstrap: gap analysis]
Thread-Index: AQHPimWl+r7+Wyo420qLfv6C2sl4f5t2aUfA
Date: Wed, 18 Jun 2014 06:37:47 +0000
Deferred-Delivery: Wed, 18 Jun 2014 06:37:00 +0000
Message-ID: <E045AECD98228444A58C61C200AE1BD842C4027D@xmb-rcd-x01.cisco.com>
References: <26717.1402949592@sandelman.ca> <539F771A.3000008@gmail.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF21BB3FF4@xmb-rcd-x14.cisco.com> <53A09C73.2060309@gmail.com>
In-Reply-To: <53A09C73.2060309@gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.61.221.222]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/CGW-Lt9kvwVC-fizJ95SHsCMizQ
Cc: "6tisch@ietf.org" <6tisch@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Subject: Re: [6tisch] [Anima] Scope question [was: autonomic bootstrap: gap analysis]
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jun 2014 06:37:52 -0000
Hello Brian >> Brian, we have always positioned AN also in the IoT context, and I agree >> with Sheng, AN can be used everywhere. Especially when it comes to devices >> that will be deployed and managed in the thousands or even millions, >> autonomic concepts are a requirement, not a nice to have. > Fully agree. But when I see people asking whether we will use YANG, I find > myself wondering about low-end devices in an IoT context. 6TiSCH uses YANG to model the configuration data of the 6top sublayer. There was no perceived contradiction between that modelling and the constrained environment that we are targeting for. AN is definitely a key technology for large scale IoT applications. In the specific use case of industrial, additional policies may still have to be applied to impose zone and conduits structures, but the more autonomicity the better. Cheers, Pascal > -----Original Message----- > From: Anima [mailto:anima-bounces@ietf.org] On Behalf Of Brian E > Carpenter > Sent: mardi 17 juin 2014 21:52 > To: Michael Behringer (mbehring) > Cc: 6tisch-security; anima@ietf.org > Subject: Re: [Anima] Scope question [was: autonomic bootstrap: gap > analysis] > > On 17/06/2014 18:59, Michael Behringer (mbehring) wrote: > >> -----Original Message----- > >> From: Anima [mailto:anima-bounces@ietf.org] On Behalf Of Brian E > >> Carpenter > >> Sent: 17 June 2014 01:01 > >> To: anima@ietf.org > >> Cc: 6tisch-security > >> Subject: [Anima] Scope question [was: autonomic bootstrap: gap > >> analysis] > >> > >> Michael's message is very interesting. For present purposes, i.e. > >> getting ready for the UCAN BOF, do we need to add some points to the > >> relevant use case draft > >> (http://tools.ietf.org/html/draft-behringer-autonomic- > >> bootstrap)? > >> > >> More generally - I think the AN protagonists have been thinking of > >> the scope of AN being carrier, enterprise, and home networks. > >> Should we add IoT to the scope? I think it's an important question, > >> because it would put new meanings on "simple" and "available > >> resources". It seems obvious that IoT networks need to be completely > >> autonomic, but is it the > >> *same* autonomic? > > > > Brian, we have always positioned AN also in the IoT context, and I agree > with Sheng, AN can be used everywhere. Especially when it comes to devices > that will be deployed and managed in the thousands or even millions, > autonomic concepts are a requirement, not a nice to have. > > Fully agree. But when I see people asking whether we will use YANG, I find > myself wondering about low-end devices in an IoT context. > > Brian > > > We have positioned draft-pritikin-bootstrapping-keyinfrastructures as a > high-level solution in 6tisch. It explains how you CAN bootstrap a network, > zero-touch AND secure, and fits perfectly to the 6tisch requirements. The > corresponding use case is described in draft-behringer-autonomic-bootstrap. > > > > To me, the bootstrap problem is one of the real solid examples of > autonomic behaviour, because to bootstrap a device into a network I MUST > have some functionality on the devices, ie, distribution is absolutely > mandatory here. > > > > So this is one of the criteria for the use cases: Is distribution a > requirement? Because if it is, then this points very clearly to an autonomic > solution. > > > > Michael > > > > > >> Regards > >> Brian > >> > >> On 17/06/2014 08:13, Michael Richardson wrote: > >>> I recognize that bootstrap is only one of the autonomic mechanisms > >>> that are relevant to this group. I have much reading on the other > >>> aspects which I hope to get done. > >>> > >>> The 6tisch security design team has been working on a "zero-touch" > >>> mechanism that would permit constrained devices to join a > >> Lowpower/Loss Network (LLN) > >>> in a secure way. We have considered adapting EAP-TLS (as ZigbeeIP has > >>> done), or turning the WirelessHART (IEC62591) packet flow into > >>> something more IPv6-like. While there are significant bits of > >>> design space to explore while trying to optimize packet count, size > >>> and total energy risk of the join protocol; the idea that there > >>> should be a set of authorization tokens From the device vendor which > >>> would permit the network and new nodes to recognize each other has > >>> been central to all > >> discussions. > >>> while draft-pritikin-bootstrapping-keyinfrastructures and > >>> draft-behringer-autonomic-bootstrap-00 > >>> > >>> have proposed valid high level concepts, I believe that > >>> specification of the authz token is critical for the IoT space. A > >>> great concern that is that the LLNs created remain operational for > >>> decades at a time, and that the components can individually and also > >>> in aggregate be both (re-)sold, and/or the service provider > >>> operating the network be > >> replaced. > >>> (There are real life examples where a part of a 100 square mile > >>> refinery is actually sold to a competitor; obviously it doesn't get > >>> moved. On the other side, one has the very real risk that you > >>> bought your sensor network From a "Nortel") > >>> > >>> I was pointed at 802.1AR's device ID mechanism. Really, 802.1AR is > >>> about an API between a (constrained) device and it's cryptographic > >> hardware > >>> module/TPM. It profiles a number of IETF PKIX specifications in a useful > >>> way, but there is little there in terms of actual protocol. When it > >>> comes to what does an *DevID look like, in it's section 7.2.8, > >>> saying that the DN should contain a "serialNumber" attribute: > >>> > >>> The formatting of this field shall contain a unique X.500 > >>> Distinguished Name (DN). This may include the unique device > >>> serial > >> number assigned by the manufacturer > >>> or any other suitable unique DN value that the issuer prefers. > >>> > >>> What I have observed is that there needs to be a way to clearly > >>> delegate from > >>> Factory(Vendor) to VAR to DISTRIBUTOR to RESELLER to Plant-OWNER to > >>> SERVICE-PROVIDER. It would significantly reduce the number of > >> certificates > >>> in (non-constrained device) databases for some levels of this > >>> hierarchy if the IDevID were aggregateable in some fashion. RFC3779 > >>> came to mind, which deals with delegation of Autonomous Systems > >>> Numbers (ASN) and IP address ranges from RIRs to LIRs to ISPs and > >> Enterprises. > >>> RFC3779: X.509 Extensions for IP Addresses and AS > >>> Identifiers > >>> > >>> I created: > >>> X509.v3 certificate extension for authorization of device ownership > >>> draft-richardson-6tisch-idevid-cert-00 > >>> > >>> which cribbed together via nroff2xml and a search and replace. > >>> > >>> The Pritikin and Behringer documents seem to assume that the > >>> ultimate goal of the trusted enrollment process is to create a path > >>> in which "EST"= Enrollment over Secure Transport could operate that > >>> would permit a new locally significant certificate to be loaded into > >>> the new > >> device. > >>> I agree with that goal. > >>> > >>> There is the question of how that trust circuit is created, and in > >>> discussion it seemed that it involve some kind of leap-of-faith TLS > >>> setup which would be authenticated by the "authz" tokens later on. > >>> I disagree; I think that with appropriate evaluation of path > >>> constraints that the authentication can occur within the TLS > >>> protocol. (Even easier if done in IKEv2) > >>> > >>> -- > >>> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software > >> Works > >>> -= IPv6 IoT consulting =- > >>> > >> _______________________________________________ > >> Anima mailing list > >> Anima@ietf.org > >> https://www.ietf.org/mailman/listinfo/anima > > . > > > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima
- Re: [6tisch] [Anima] Scope question [was: autonom… Pascal Thubert (pthubert)
- Re: [6tisch] [Anima] Scope question [was: autonom… Brian E Carpenter