IETF Logo Mail Archive

Re: [6tisch] [6tisch-security] proposed security text for architecture draft

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 14 November 2014 06:12 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B98921A0144; Thu, 13 Nov 2014 22:12:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.495
X-Spam-Level:
X-Spam-Status: No, score=-2.495 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YcwelnEDHS0S; Thu, 13 Nov 2014 22:11:59 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0C951A6F98; Thu, 13 Nov 2014 22:11:59 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id C076620098; Fri, 14 Nov 2014 01:14:10 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id A1962637F4; Fri, 14 Nov 2014 01:11:55 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 8A384637F2; Fri, 14 Nov 2014 01:11:55 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: yoshihiro.ohba@toshiba.co.jp
In-Reply-To: <674F70E5F2BE564CB06B6901FD3DD78B272A988F@TGXML210.toshiba.local>
References: <20507.1415811045@sandelman.ca> <674F70E5F2BE564CB06B6901FD3DD78B272A8EFA@TGXML210.toshiba.local> <5854.1415835364@sandelman.ca> <674F70E5F2BE564CB06B6901FD3DD78B272A9108@TGXML210.toshiba.local> <29465.1415934436@sandelman.ca> <674F70E5F2BE564CB06B6901FD3DD78B272A988F@TGXML210.toshiba.local>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Fri, 14 Nov 2014 01:11:55 -0500
Message-ID: <2187.1415945515@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/Ccva4tNl2mpfVgPieVVxDTc80co
Cc: 6tisch@ietf.org, 6tisch-security@ietf.org
Subject: Re: [6tisch] [6tisch-security] proposed security text for architecture draft
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2014 06:12:03 -0000

<yoshihiro.ohba@toshiba.co.jp> wrote:
    > Use of EAP-TLS and terminating TLS session at AAA server does not mean
    > that all parameters have to be coming from AAA server.  Especially when
    > PANA is used, PAA can be co-located with JCE and provide 6top data over
    > a secure PANA SA.  Actually this model applies to any EAP method.

So, we would be creating a masterkey with EAP-TLS, and then we would use PANA
as a transport for CoAP?

I understand why we want to use EAP when we have devices with humans at the
far end; 
1) it means the pieces in the middle do not need to know anything about the
   kind of authentication will be done

2) we can deploy new forms of authentication (such as challenge response
   methods, and things like EAP-SIM or EAP-AKA) without changes to the middle
   machines.

3) we can proxy things all the way back to the users home service, which is 
   how GSM roaming works these days.

I'm unaware that industrial/deterministic uses of 15.4 have requirements for
ths kind of thing.  I seem to recall a conversation about whether or not
including a SIM card into nodes would work from a power, size, and cost point
of view.  Having a replaceable SIM card would definitely be a really easy way
to imprint new devices.  If someone can do that, then we really don't need
any of this... 

-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email