IETF Logo Mail Archive

Re: [6tisch] Updates to minimal-security-06

Thomas Watteyne <thomas.watteyne@inria.fr> Mon, 26 March 2018 07:00 UTC

Return-Path: <thomas.watteyne@inria.fr>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67FFA126B72 for <6tisch@ietfa.amsl.com>; Mon, 26 Mar 2018 00:00:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDow2W_lTLAt for <6tisch@ietfa.amsl.com>; Mon, 26 Mar 2018 00:00:42 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2C6E1204DA for <6tisch@ietf.org>; Mon, 26 Mar 2018 00:00:41 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.48,364,1517871600"; d="scan'208,217";a="259764866"
Received: from mail-ua0-f172.google.com ([209.85.217.172]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES128-GCM-SHA256; 26 Mar 2018 09:00:39 +0200
Received: by mail-ua0-f172.google.com with SMTP id m47so11407804uae.6 for <6tisch@ietf.org>; Mon, 26 Mar 2018 00:00:39 -0700 (PDT)
X-Gm-Message-State: AElRT7Hr6Ec/ZutDX38waDtszg6+6m46NGzx3MxmrclSEPQGAfqlkG5w bRPHQD3zwLOY6vmMpcM0ehqrBq791dPyrOFmwTA=
X-Google-Smtp-Source: AG47ELsjaFbUXgRFeyKPmkFzCwRztMO27VGmU1oEHy6Djp4/qe/76mtDluammTClSbTbzj1IHHo1ld+ReuG29JZWEaA=
X-Received: by 10.176.80.100 with SMTP id z33mr20324919uaz.139.1522047638571; Mon, 26 Mar 2018 00:00:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.29.23 with HTTP; Mon, 26 Mar 2018 00:00:18 -0700 (PDT)
In-Reply-To: <14716.1521930960@dooku.sandelman.ca>
References: <CANDGjydb27-u3r2vG5M6-mWj1fmin52Uq5qPu0d5n2OQsJQVyw@mail.gmail.com> <31648.1521740357@dooku.sandelman.ca> <CANDGjyeuj0jv17jz2v-iEJd2oxY3Lq0CxBPkcJvSRzWqy_thpQ@mail.gmail.com> <14716.1521930960@dooku.sandelman.ca>
From: Thomas Watteyne <thomas.watteyne@inria.fr>
Date: Mon, 26 Mar 2018 09:00:18 +0200
X-Gmail-Original-Message-ID: <CADJ9OA80gbZtX7aBVUR=y8G_pe7XWggZZJvTUWqggLALn_jC_g@mail.gmail.com>
Message-ID: <CADJ9OA80gbZtX7aBVUR=y8G_pe7XWggZZJvTUWqggLALn_jC_g@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Mališa Vučinić <malishav@gmail.com>, "6tisch@ietf.org" <6tisch@ietf.org>, "c.amsuess@energyharvesting.at" <c.amsuess@energyharvesting.at>
Content-Type: multipart/alternative; boundary="94eb2c192582d4244805684b544e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/F9z-WcgjLANvr_SwnqAifYVR0pA>
Subject: Re: [6tisch] Updates to minimal-security-06
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2018 07:00:47 -0000

There are two seperated discussions going on in this thread. @Malisa, if
you agree, let's split the thread.
I have clarifying questions about both.

*About OBSERVE*

The issue raised is that, during the join request/response exchange between
the pledge and the JRC, the JRC never learns the IPv6 address of the pledge
(thanks to the Stateless-Proxy CoAP option). This means that, if the join
request is carried by a CoAP FETCH message with Observe, the JRC has no
means of addressing the joined node when the Observe triggers.
Doing a second GET with Observe once the pledge has joined defeats the
purpose of going for FETCH.
Any other option?

*About COSE_Key*

The issue raised is that, during a rekey of key K2 by the JRC, the JRC
cannot specify an ASN from which the new key is to be used.
A strong requirement is for a node NOT have a node rejoin for each rekey.
Must we use the COSE_Key structure?
Is the the message sent by the JRC containing the new key end-to-end
ACK'ed, i.e. does the JRC know it got received?

Thomas

On Sat, Mar 24, 2018 at 11:36 PM, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Mališa Vučinić <malishav@gmail.com> wrote:
>     mcr> I think that the mechanism that was explained at:
>     mcr>   https://tools.ietf.org/html/draft-richardson-6tisch-
> minimal-rekey-02#
>     mcr> section-4
>
>     mcr> is a better workable solution.  Deploy all the new keys (it may
> take some
>     mcr> days on sleep networks), and then have nodes switch when they see
> traffic
>     mcr> with the new key.
>
>     > Thanks, Michael, for the reminder on this document, I have to say
> that I forgot
>     > about it.. IIUC, the issue you have with the mechanism I proposed is
> that the
>     > JRC in some cases may not know how long it could take to deploy the
> keys so
>     > that it cannot properly set the ASN. I think that's a valid concern
> and that it
>     > would indeed be better if we could decouple the JRC from the inner
> network
>     > specifics as much as possible.
>
> Exactly.
> It does not have to change significantly what you have, it just has to
> include the (new) keyIndex.
>
>     > To do this and support rekeying with your proposal, we need to
> differentiate
>     > between "start using this key" and "install the key but don't start
> using it
>     > until you see it being used in the network", for 6LBR and joined
> nodes to
>     > follow, respectively. We can likely do this by extending the
> COSE_Key map with
>     > an additional parameter for this purpose, which I prefer to pulling
> in the
>     > whole COMI machinery, as is suggested in the minimal-rekey draft.
>
> I agree, we don't need COMI, just the text about when to start using the
> new key.
> Shall I suggest some text it github?
>
>     > Essentially, the process would be:
>     > - the JRC deploys the new key(s) to all the nodes except to the 6LBR.
>     > - nodes will install them, but keep using the old keys because the
> new COSE_Key
>     > parameter is set to "install the key but don't start using it until
> you see it
>     > being used in the network".
>
> I'd say that you always do this with any new key if you have no keys.
> I don't think we need a flag.
>
> In fact, even for the "0th key", you would start using it as soon as you
> see
> something that passes with that key, such as authenticating the Beacon that
> you used to find the Proxy in the first place....
>
>     > - deploy the key to the 6LBR, with the COSE_Key parameter set to
> "start using
>     > now".
>     > - once a node sees the new key being used and the replay protection
> and the
>     > authenticity check at L2 passes, it removes the old keys and starts
> using the
>     > new key for all outgoing traffic
>
> Yes.
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh
> networks [
> ]   Michael Richardson, Sandelman Software Works        | network
> architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on
> rails    [
>
>
> _______________________________________________
> 6tisch mailing list
> 6tisch@ietf.org
> https://www.ietf.org/mailman/listinfo/6tisch
>
>


-- 
________________________________________

Thomas Watteyne, PhD
Research Scientist & Innovator, Inria
Sr Networking Design Eng, Analog Devices
Founder & co-lead, UC Berkeley OpenWSN
Co-chair, IETF 6TiSCH

www.thomaswatteyne.com
________________________________________

v2.23.0 | Report a Bug | By Email