Re: [6tisch] [6tisch-security] proposed security text for architecture draft
Michael Richardson <mcr+ietf@sandelman.ca> Fri, 14 November 2014 06:12 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B98921A0144; Thu, 13 Nov 2014 22:12:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.495
X-Spam-Level:
X-Spam-Status: No, score=-2.495 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YcwelnEDHS0S; Thu, 13 Nov 2014 22:11:59 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0C951A6F98; Thu, 13 Nov 2014 22:11:59 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id C076620098; Fri, 14 Nov 2014 01:14:10 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id A1962637F4; Fri, 14 Nov 2014 01:11:55 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 8A384637F2; Fri, 14 Nov 2014 01:11:55 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: yoshihiro.ohba@toshiba.co.jp
In-Reply-To: <674F70E5F2BE564CB06B6901FD3DD78B272A988F@TGXML210.toshiba.local>
References: <20507.1415811045@sandelman.ca> <674F70E5F2BE564CB06B6901FD3DD78B272A8EFA@TGXML210.toshiba.local> <5854.1415835364@sandelman.ca> <674F70E5F2BE564CB06B6901FD3DD78B272A9108@TGXML210.toshiba.local> <29465.1415934436@sandelman.ca> <674F70E5F2BE564CB06B6901FD3DD78B272A988F@TGXML210.toshiba.local>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Fri, 14 Nov 2014 01:11:55 -0500
Message-ID: <2187.1415945515@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/Ccva4tNl2mpfVgPieVVxDTc80co
Cc: 6tisch@ietf.org, 6tisch-security@ietf.org
Subject: Re: [6tisch] [6tisch-security] proposed security text for architecture draft
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2014 06:12:03 -0000
<yoshihiro.ohba@toshiba.co.jp> wrote: > Use of EAP-TLS and terminating TLS session at AAA server does not mean > that all parameters have to be coming from AAA server. Especially when > PANA is used, PAA can be co-located with JCE and provide 6top data over > a secure PANA SA. Actually this model applies to any EAP method. So, we would be creating a masterkey with EAP-TLS, and then we would use PANA as a transport for CoAP? I understand why we want to use EAP when we have devices with humans at the far end; 1) it means the pieces in the middle do not need to know anything about the kind of authentication will be done 2) we can deploy new forms of authentication (such as challenge response methods, and things like EAP-SIM or EAP-AKA) without changes to the middle machines. 3) we can proxy things all the way back to the users home service, which is how GSM roaming works these days. I'm unaware that industrial/deterministic uses of 15.4 have requirements for ths kind of thing. I seem to recall a conversation about whether or not including a SIM card into nodes would work from a power, size, and cost point of view. Having a replaceable SIM card would definitely be a really easy way to imprint new devices. If someone can do that, then we really don't need any of this... -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [6tisch] proposed security text for architecture … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … Pascal Thubert (pthubert)
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba
- Re: [6tisch] [6tisch-security] proposed security … Rene Struik
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … Subir Das
- Re: [6tisch] [6tisch-security] proposed security … Pascal Thubert (pthubert)
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- [6tisch] (procedural) Re: [6tisch-security] propo… Rene Struik
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba
- Re: [6tisch] [6tisch-security] proposed security … Pascal Thubert (pthubert)
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … Pascal Thubert (pthubert)
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba
- Re: [6tisch] [6tisch-security] proposed security … Rafa Marin Lopez
- Re: [6tisch] [6tisch-security] proposed security … Subir Das
- Re: [6tisch] [6tisch-security] proposed security … Pascal Thubert (pthubert)
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba
- Re: [6tisch] [6tisch-security] proposed security … Rafa Marin Lopez
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … Michael Richardson
- Re: [6tisch] [6tisch-security] proposed security … yoshihiro.ohba