Re: [6tisch] Secdir last call review of draft-ietf-6tisch-enrollment-enhanced-beacon-06

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 17 January 2020 22:50 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B2E412006B; Fri, 17 Jan 2020 14:50:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PW2Q4bESQf8t; Fri, 17 Jan 2020 14:50:01 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41C0B12004C; Fri, 17 Jan 2020 14:50:01 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 5489C3897D; Fri, 17 Jan 2020 17:49:31 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 43D2E5D4; Fri, 17 Jan 2020 17:49:59 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Yoav Nir <ynir.ietf@gmail.com>, secdir@ietf.org, last-call@ietf.org, 6tisch@ietf.org, draft-ietf-6tisch-enrollment-enhanced-beacon.all@ietf.org
In-Reply-To: <157919779948.26195.4879220696306890525@ietfa.amsl.com>
References: <157919779948.26195.4879220696306890525@ietfa.amsl.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain
Date: Fri, 17 Jan 2020 17:49:59 -0500
Message-ID: <1093.1579301399@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/QKZLZkwn02i3HVXDayzOjlHBN8Q>
Subject: Re: [6tisch] Secdir last call review of draft-ietf-6tisch-enrollment-enhanced-beacon-06
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 22:50:03 -0000

<#secure method=pgpmime mode=sign>

Yoav Nir via Datatracker <noreply@ietf.org> wrote:

    > The draft is short and to the point and easy to understand.  The security
    > considerations (and privacy considerations!) sections are well written and
    > cover everything.  I'm just missing one clause.

    > The first paragraph reads:
    > All of the contents of this Information Element are sent in the
    > clear.  The containing Enhanced Beacon is not encrypted.

    > What I'm missing is "...and this is fine because the 6tisch-Join-Info structure
    > contains no sensitive information."

point taken.  How do you feel about this:

# Security Considerations

All of the contents of this Information Element are sent in the clear.
The containing Enhanced Beacon is not encrypted.
This is a restriction in the cryptographic architecture of the TSCH
mechanism.
In order to decrypt or do integrity checking of layer-2 frames in TSCH, the
TSCH Absolute Slot Number (ASN) is needed.
The Enhanced Beacon provides the ASN to new (and long-sleeping) nodes.

The Enhanced Beagon is authenticated at the layer-2 level using 802.15.4
mechanisms using the network-wide keying material.  Nodes which are enrolled
will have the network-wide keying material and can validate the beacon.

Pledges which have not yet enrolled are unable to authenticate the beacons,
and will be forced to temporarily take the contents on trust.
After enrollment, the pledge will be able to return to the beacon and
validate it.

In addition to the enrollment and join information described in this
document, the Enhanced Beacon contains a description of the TSCH schedule to
be used by the transmitter of this packet.
The schedule can provide an attacker with a list of channels and frequencies
on which communication will occur.
Knowledge of this can help an attacker to more efficiently jam
communications, although there is future work being considered to make some
of the schedule less visible.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-