Re: [6tisch] rekeying the 6TiSCH network
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Wed, 21 August 2019 10:53 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B6071200B4 for <6tisch@ietfa.amsl.com>; Wed, 21 Aug 2019 03:53:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=JAt2ffMB; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=n4ukt1hC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HCkQS8-fdIHH for <6tisch@ietfa.amsl.com>; Wed, 21 Aug 2019 03:53:24 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 297AD120041 for <6tisch@ietf.org>; Wed, 21 Aug 2019 03:53:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3906; q=dns/txt; s=iport; t=1566384804; x=1567594404; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=iGMPAX+5HUZpSGDrtAspFjwuCnUj2vwbxpEfne3T+QI=; b=JAt2ffMBQLRuIeSNiunSYvyDTuP0guWh1ZCoobS+C1oPQDNq/MKZqJga Fik+JN/X+22C7fCS1mVuRbeoTmQLojaihB+kqtMznvAQuzuAxxAibBpUi Btk2YayvROl3jqUcX7n9vASBX30B16mdk3hzAhykCTTFYTY9PD7B76Hry s=;
IronPort-PHdr: 9a23:aEJtKR2GH8oPhcJNsmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxKGt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSwdDjMwXmwI6B8vQEVH7MfTndTASF8VZX1gj9Ha+YgBY
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CtAADIIV1d/49dJa1kDg4BAQEEAQEHBAEBgVUFAQELAYFEUANtVSAECyqEH4NHA4p9TYIPl2WBLoEkA1QJAQEBDAEBGAsKAgEBgUuCL0UCF4JFIzYHDgIFAQEEAQEDAQYEbYUnDIVKAQEBBAEBEBERDAEBLAwLBAIBCA4DAQMBAQECAiYCAgIlCxUCBggBAQQBEggagwGBagMdAQIMnzcCgTiIYXOBMoJ7AQEFgTIBg2MFE4IWAwaBDCgBi2gYgUA/gVeCTD6CYQEBgWODCTKCJo8XnEIJAoIdlFSCMYcwjmWNW4E2llgCBAIEBQIOAQEFgVcJKIFYcBU7gmyCQgwXg0+FFIUEO3KBKYt+AQE
X-IronPort-AV: E=Sophos;i="5.64,412,1559520000"; d="scan'208";a="311142332"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Aug 2019 10:53:23 +0000
Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x7LArMPV018325 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 21 Aug 2019 10:53:23 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 21 Aug 2019 05:53:22 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 21 Aug 2019 05:53:21 -0500
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 21 Aug 2019 05:53:21 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fiCCDUmtgJfpvnaua7TgpHV7jm7xqJYLkwrzY7vghwbNExh12I6t9fFKfYsGWEhvAMjS5z9B7008Tadj7sGkUuZ7ivwpdvB6HxEgOmp4OoCLZY+/IFAtOydebv39QvDytKMUGXhcuS54iNRpjfHL8AZdpqKnlCMdhQXSABLHusc4wo7g5X5CcOdxhA5oWlqtbGsmHEqIIPncaY1FiQ5WzmsKAH89ZLLPBK3iRQYYmJDVfvZKklaaRoiVr208QEV9Yn3vhCf8h+m035Zfl0//zkSl63sBX/eXDlLaueZFiM4DNwzaUY1up8PptZjL6KBSXq/lCVsFmNnY4g38rNwxMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iGMPAX+5HUZpSGDrtAspFjwuCnUj2vwbxpEfne3T+QI=; b=JkNjuUKCMD8B00sXOCQUIwa3kjH0WglXuYi8lEHexVm3IVsisZlq3ZxIoRwEQOzjlh9Yacg0guc7giM4Kz0R5kmXCqYyGw4GJ2omZpY89aUC9J+09oJlITcp1tm+PzwuUt2qVoQuuCXDdk5WsfHIDykIo7wpQOTp2CB/KpW5mmBnFB0R/9uFtoQAhJ1Ix/tqESZ/7Mp2n7n9PvPyMthi0hNbyzi9kcv/oA3DeDDo6MLshr9EC53XxVklyaUmbe6OtoZ0WLDiPDkulJDryCLBPSXHHJdtnRSxxPrt+2nfymAtZC1pgXu/GJODNo4aq4oYgoxAp7F9qQcQnv9uPNeinQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iGMPAX+5HUZpSGDrtAspFjwuCnUj2vwbxpEfne3T+QI=; b=n4ukt1hCEqfsz6VqulTL/MTuwA192RWNDyYmBHL1Usu0gjWZI8Ipr350jVbZ8gRJ/+Kg+4cPPf5LrqAPO0sxvmXGESzF7z6tkBIFy/TBwkKeOpHfI4gRSuoAhY0YcLxK+FMaxcwcP83p49UuFSZJe+/ThldNN9c5f9jfS3qToAU=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4399.namprd11.prod.outlook.com (52.135.36.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Wed, 21 Aug 2019 10:53:20 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e%3]) with mapi id 15.20.2178.018; Wed, 21 Aug 2019 10:53:20 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Don Sturek <d.sturek@att.net>, Michael Richardson <mcr+ietf@sandelman.ca>, Benjamin Kaduk <kaduk@mit.edu>, Mališa Vučinić <malisa.vucinic@inria.fr>, Tero Kivinen <kivinen@iki.fi>, "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: [6tisch] rekeying the 6TiSCH network
Thread-Index: AdVXckOY/3jnRzg5QPaDNBx+4YyLTAAIAfYAAAB4GwAAHeBUMA==
Date: Wed, 21 Aug 2019 10:53:12 +0000
Deferred-Delivery: Wed, 21 Aug 2019 10:53:08 +0000
Message-ID: <MN2PR11MB356504F977CE55E70EBB6FD6D8AA0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <MN2PR11MB356576EF7D90B7515043744DD8AB0@MN2PR11MB3565.namprd11.prod.outlook.com> <12588.1566331392@localhost> <D981A2BD.43D45%d.sturek@att.net>
In-Reply-To: <D981A2BD.43D45%d.sturek@att.net>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:44f3:1300:8170:98a7:7988:d19d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 34a8d5f0-9023-43e1-b598-08d72625c7cd
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MN2PR11MB4399;
x-ms-traffictypediagnostic: MN2PR11MB4399:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <MN2PR11MB439968B2AE6B25ECF67B68B6D8AA0@MN2PR11MB4399.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0136C1DDA4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(396003)(376002)(39860400002)(136003)(366004)(189003)(199004)(13464003)(229853002)(2906002)(7736002)(6246003)(316002)(2171002)(6666004)(55016002)(6306002)(71190400001)(256004)(14444005)(9686003)(71200400001)(66574012)(8936002)(81156014)(81166006)(86362001)(8676002)(53936002)(6436002)(2501003)(33656002)(76176011)(52536014)(11346002)(446003)(5660300002)(46003)(7696005)(186003)(102836004)(6116002)(305945005)(25786009)(76116006)(476003)(66946007)(110136005)(14454004)(74316002)(66446008)(64756008)(66556008)(66476007)(486006)(478600001)(99286004)(6506007)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4399; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: yEDECrBUHwtvgzYVyOynWaYLJiltC6jRnF2vbu3zIQ2TiY/fF047430pKJsKDXFLaQYrSDT6WBrm5aOFIvlyQbVLqFKzwUHqCPIVH98M5fW8pLyAFKUwqSlJ9fIf4eHLWkOggEYAnP6bKTJbv9VFfrgpuGWvuarKF/9IFsHO/pjSyQ8CIZSADgBkYKtlZAh70T2Djx5pWs4EL4Lh9g4PSqf1zLb3Q3dFACqOCy6tDj0+QWxrrkluV6fpHiD6pgcvrNHgHbK9eHxznEIwca9tL0fZCroV/iyVLjIA+UcbdNdlGfSGw3QTU08jDB4uolCWT0xxwDrRIvTF58/lWXlbEwuNPigyrQPo7GYNpKlkDaFn4owr+XfAnTZ3RSvZPguPONvh0kvVkeLP1WnHY1qXvUiY9yBvQTgJKIKDp8J6N/w=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 34a8d5f0-9023-43e1-b598-08d72625c7cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2019 10:53:20.1558 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8W9T2C0YBt9Bt8WSr4OUqfZDRCWDuP8q7YBQ927ZRYEWKblCeP9iw1MaOkiDsQOfCSp84cz9+NOeApEQBJ/9Wg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4399
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/QspoFVDD8Q8tZTkaifg-i0XlwR4>
Subject: Re: [6tisch] rekeying the 6TiSCH network
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2019 10:53:26 -0000
Yes, Don. So far I have not seen any 6TiSCH implementation using 802.15.9 but I guess it could be added. If people did try please let us now, now is a good time. It results that at the moment we do not have text on 15.9 at all. It seems a bit late to add it now. What do others think? All the best, Pascal > -----Original Message----- > From: Don Sturek <d.sturek@att.net> > Sent: mardi 20 août 2019 22:17 > To: Michael Richardson <mcr+ietf@sandelman.ca>; Pascal Thubert (pthubert) > <pthubert@cisco.com>; Benjamin Kaduk <kaduk@mit.edu>; Mališa Vučinić > <malisa.vucinic@inria.fr>; Tero Kivinen <kivinen@iki.fi>; 6tisch@ietf.org > Subject: Re: [6tisch] rekeying the 6TiSCH network > > Š. On the rekeying topic for IEEE 802.15.4. > > Have a look at IEEE 802.15.9. It takes existing key establishment > protocols (IEEE 802.1x, etc.) and provides encapsulation over IEEE 802.15.4. > > IEEE 802.15.9 does not solve all of your rekey needs but the tools are there > when you agree on how you want rekeying to work. > > Don > > > > On 8/20/19, 1:03 PM, "6tisch on behalf of Michael Richardson" > <6tisch-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote: > > > > >Pascal Thubert (pthubert) <pthubert@cisco.com> wrote: > > > I'm looking for a consensus on how to address the following review > > > comment on the 6TiSCH Architecture by Benjamin: > > > > >> It would be good to see some architectural discussion about key > > >> management > > >> for the link-layer keys. (Given that 802.15.4 leaves key > >management > > >> as out of > > >> scope, it is clearly our problem.) Thus far I don't even have a > >sense > > >> for when it is > > >> possible to rotate a network's keys. > > > > PT> I'll take that to a separate thread with Michael, Tero and > >Malisa. It > > PT> is certainly possible to rotate keys. We had a draft about > >rekeying > > PT> that went stale. We isolated cases where this is desirable in the > > PT> discussion on the minimal security draft. I'm unclear how deep we > > PT> need to go in this regards vs. what belongs to the minimal > >security > > PT> specification. > > > >6tisch-minimal-security has a section 8.2 "Parameter Update Exchange" > >Maybe it should include "(and Rekey)" > > > >We further have section 8.4.3.1 and 8.4.3.2 to explain how to use that > >to rekey the entire network. > > > >I'm not sure what's in the Architecture document about this, but I'd > >rather that it just said less. > > > >-- > >Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > >-= IPv6 IoT consulting =- > > > > > > > >_______________________________________________ > >6tisch mailing list > >6tisch@ietf.org > >https://www.ietf.org/mailman/listinfo/6tisch >
- [6tisch] rekeying the 6TiSCH network Pascal Thubert (pthubert)
- Re: [6tisch] rekeying the 6TiSCH network Michael Richardson
- Re: [6tisch] rekeying the 6TiSCH network Don Sturek
- Re: [6tisch] rekeying the 6TiSCH network Pascal Thubert (pthubert)
- Re: [6tisch] rekeying the 6TiSCH network Pascal Thubert (pthubert)
- Re: [6tisch] rekeying the 6TiSCH network Michael Richardson
- Re: [6tisch] rekeying the 6TiSCH network Benjamin Kaduk