IETF Logo Mail Archive

Re: [6tisch] #32 (terminology): New terms for security

Thomas Watteyne <watteyne@eecs.berkeley.edu> Fri, 19 December 2014 12:56 UTC

Return-Path: <twatteyne@gmail.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE1371A9108 for <6tisch@ietfa.amsl.com>; Fri, 19 Dec 2014 04:56:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8h6WUdye_P7F for <6tisch@ietfa.amsl.com>; Fri, 19 Dec 2014 04:56:36 -0800 (PST)
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 267E81A9130 for <6tisch@ietf.org>; Fri, 19 Dec 2014 04:56:36 -0800 (PST)
Received: by mail-wi0-f178.google.com with SMTP id em10so1648022wid.17 for <6tisch@ietf.org>; Fri, 19 Dec 2014 04:56:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=3nePbJSgYjm9GgdIXLirCF6cTQTK0E+CFsjbemALbjc=; b=SeWlpPBmAMOQjVz5jgCv+uz0OefKvDPnTRKAAwAWRBOc5if+xX7l9A7mfDBxWGP4Gz DqjoSqKKOlHozEVQnQthrTJ1TkVTAzVJpOR/cQvemgPKlHBczz50jJYk2alygFSbHz8S xdEyXukP87GyrzjOQIX+DnMT+jF1yQEgUnIldpG3RprXvFSgpVhSIlhz/W45zpWYaroP bWywX1MXQdmEszBugmkHvMEZ9u/+JG5dwjmw7HKmHDs/TFSagvzzoAe3+fQ166OCRbLn UrvhAVSX7jaWlt8N8XgcaYL6yI+x2oXFOSwmkkxbdVj56p0/oMG9nxG0kYZ9YDJbu18y wBTQ==
X-Received: by 10.194.77.38 with SMTP id p6mr5674341wjw.62.1418993794907; Fri, 19 Dec 2014 04:56:34 -0800 (PST)
MIME-Version: 1.0
Sender: twatteyne@gmail.com
Received: by 10.194.68.199 with HTTP; Fri, 19 Dec 2014 04:56:14 -0800 (PST)
In-Reply-To: <E045AECD98228444A58C61C200AE1BD848A9DFB0@xmb-rcd-x01.cisco.com>
References: <E045AECD98228444A58C61C200AE1BD848A9DF4C@xmb-rcd-x01.cisco.com> <E045AECD98228444A58C61C200AE1BD848A9DFB0@xmb-rcd-x01.cisco.com>
From: Thomas Watteyne <watteyne@eecs.berkeley.edu>
Date: Fri, 19 Dec 2014 13:56:14 +0100
X-Google-Sender-Auth: ruRdyTN9uGnHCKIxEfmR9JO5NHU
Message-ID: <CADJ9OA9ULEn+Y7j+WanwN68aNEPh-4CM0Q50eMU=-AJenYGf2A@mail.gmail.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Content-Type: multipart/alternative; boundary="047d7bfcf2881584fb050a913d4a"
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/KvEijvhtvHHSFB0xzptqRog_654
Cc: "6tisch@ietf.org" <6tisch@ietf.org>
Subject: Re: [6tisch] #32 (terminology): New terms for security
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Dec 2014 12:56:39 -0000

+1 on Pascal's suggestions.

Maria Rita, are those definitions you would have time to add to the draft?

On Sat, Dec 6, 2014 at 1:22 AM, Pascal Thubert (pthubert) <
pthubert@cisco.com> wrote:
>
> My own revue:
>
> Cheers
>
> > >     JCE                 the Join Coordination Entity.  This acronym is
> > >                         chosen to parallel the PCE.
>
> [PT] I'd remove "This acronym is chosen to parallel the PCE." And say that
> this is a central entity like the PCE that is in charge of authorization in
> the network and providing security material to the joining devices.
>
> > >     joining node        The newly unboxed constrained node that needs
> to
> > >                         join a network.
>
> [PT] The joining node (JN) leverages the JA and the JCE to learn or
> refresh its knowledge of the network operational state, typically the TSCH
> schedule, and to obtain security material such as keys, so as to
> participate to the production network.
>
>
> > >     join protocol       the protocol which secures initial
> communication
> > >                         between the joining node and the JCE
> > >
> > >     join assistant      A constrained node near the joining node that
> > >                         will act as it's first 6LR, and will relay
> > >                         traffic to/from the joining node.
> > >
> [PT] Again, add the acronym
>
> > >     unique join key     a key shared between a newly joining node, and
> > >                         the JCE.  This key supports smaller
> installations
> > >                         for which asymmetric methods are considered too
> > >                         large
> > >
> > >     production network  A 802.15.4e network whose encryption/
> > >                         authentication keys are determined by some
> > >                         algorithm/protocol.  There may have
> network-wide
> > >                         group keys, or per-link keys.
> > >
> > >     production network key  A L2-key known by all authorized nodes,
> used
> > >                         for multicast messages
> > >
> > >     per-peer L2 key     a key that results from an exchange (such as
> MLE)
> > >                         that creates a pair-wise L2 key which is known
> > >                         only to the two nodes involved,
> > >                         [I-D.piro-6tisch-security-issues] calls this a
> > >                         LinkKey
> > >
> > >     The following terms are used in this document and come from other
> > >     documents:
> > >
> > >     DevID               [IEEE.802.1AR] defines the secure DEVice
> > >                         IDentifier as a device identifier that is
> > >                         cryptographically bound to the device and is
> > >                         composed of the Secure Device Identifier Secret
> > >                         and the Secure Device Identifier Credential.
> > >
> > >     IDevID              The Initial secure DEVice IDentifier (IDevID)
> is
> > >                         the Device Identifier which was installed on
> the
> > >                         device by the manufacturer.
> > >
> > >     LDevID              A Locally significant secure DEVice IDentifiers
> > >                         (LDevIDs) is a Secure Device Identifier
> > >                         credential that is unique in the local
> > >                         administrative domain in which the device is
> > >                         used.  The LDevID is usually a new certificate
> > >                         provisioned by some local means, such as the
> 6top
> > >                         mechanism defined in this document.
> > >
> > >     CoAP                The CoAP protocol, defined in [RFC7252] is an
> > >                         HTTP-like resource access protocol.  CoAP runs
> > >                         over UDP.
> > >
> > >     DTLS                The datagram version of TLS, defined in
> > >                         [RFC6347], and which can be used to secure CoAP
> > >                         in the same way that TLS secures HTTP.
> > >
> > >     ARO                 [RFC6775]defines a number of new Neighbor
> > >                         Discovery options including the Address
> > >                         Registration Option
> > >
> > >     DAR/DAC             [RFC6775]defines the Duplicate Address Request
> > >                         and Duplicate Address Confirmation options to
> > >                         turn the multicasted Duplicate Address
> Detection
> > >                         protocol into a client/server process
> > >
> > >     EARO                [I-D.thubert-6lo-rfc6775-update-reqs]extends
> the
> > >                         ARO option to include some additional fields
> > >                         necessary to distinguish duplicate addresses
> from
> > >                         nodes that have moved networks when there are
> > >                         mulitple LLNs linked over a backbone.
> > >
> > > --
> > >
> -------------------------------------------------+----------------------
> > > -------------------------------------------------+---
> > >  Reporter:  Michael Richardson                   |      Owner:
> > >   <mcr+ietf@sandelman.ca>                        |  pthubert@cisco.com
> > >      Type:  defect                               |     Status:  new
> > >  Priority:  major                                |  Milestone:
> > > Component:  terminology                          |    Version:
> > >  Severity:  Active WG Document                   |   Keywords:
> > >
> -------------------------------------------------+----------------------
> > > -------------------------------------------------+---
> > >
> > > Ticket URL: <http://trac.tools.ietf.org/wg/6tisch/trac/ticket/32>
> > > 6tisch <http://tools.ietf.org/6tisch/>
> >
> > _______________________________________________
> > 6tisch mailing list
> > 6tisch@ietf.org
> > https://www.ietf.org/mailman/listinfo/6tisch
>
> _______________________________________________
> 6tisch mailing list
> 6tisch@ietf.org
> https://www.ietf.org/mailman/listinfo/6tisch
>

v2.23.0 | Report a Bug | By Email