IETF Logo Mail Archive

Re: [6tisch] Updates to minimal-security-06

Mališa Vučinić <malishav@gmail.com> Tue, 10 April 2018 09:21 UTC

Return-Path: <malishav@gmail.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A57B12420B for <6tisch@ietfa.amsl.com>; Tue, 10 Apr 2018 02:21:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.019
X-Spam-Level:
X-Spam-Status: No, score=-1.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9Z_KmWFvUaw for <6tisch@ietfa.amsl.com>; Tue, 10 Apr 2018 02:21:36 -0700 (PDT)
Received: from mail-ot0-x22d.google.com (mail-ot0-x22d.google.com [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B91E127369 for <6tisch@ietf.org>; Tue, 10 Apr 2018 02:21:36 -0700 (PDT)
Received: by mail-ot0-x22d.google.com with SMTP id h55-v6so11948180ote.9 for <6tisch@ietf.org>; Tue, 10 Apr 2018 02:21:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RpUiZkxuK2aohGCt84jE4q+TfDp2PFkYa619JlPr+0w=; b=iYL0vBPSt27WWiIQWX1jxJfA8t5LALUsN0wO/t7+zUPYsmw7YkgMhD6N4p3IQNVTqB DhtSJi3B9S5W+6/f0bfxafnuO3uthH/HYwcUhTlrPzrPfebDEALh/H5wPAZEVVSWu1CR 1gQv2BH4+pf1YLMkVo4/4fGblNW8si2Qbjeq7tEfAkJ5yAFPaHJijoiUpr7bV/6rdh3A pRB4kV46vZg9APNmRh4kXED0DUjSGhvWn2BmWKaXvgYm67B72efl/wFGZKCjAd0z6wlh EIuUCh9bALlIoMdhM9x2Rmxe4VVeDYJLq18LItemcWQrdNOsMD4e5hq4sBjDVMYMpfaf h4Xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RpUiZkxuK2aohGCt84jE4q+TfDp2PFkYa619JlPr+0w=; b=ttW/L6r18dVCyKcMwuwd4tjJ0Qa+2KMMqw0SEEg6KtNgQJDxpneBHGbMC2fUBoTcae 3cm13EH6H4+ez4z+3SJbhEfS333nAyhjKJrUZfAUEXT7DYZ+86167CQ4KOiXyhuNZRxq HqmFlXD63ex5pX1ZHw3bFG3ymkjz74MtSmEL7hQgz2UVq42EYP4txEm9neO/pDtNBXIm ut3Kia2KjfAaW3mxajQx4ebP14Tn4vsde3UKjxuby7nSWzhY+hpZsQQ4mF5xkC/zMoqh MHAWiSVH9VBI4rArBiw+XF70s2s+VAf1yhDJhFrvCEKH4HSeAsgQZ2MoRUTkFK0bXsPE 1OPw==
X-Gm-Message-State: ALQs6tA71u7mqpVUhmSZfC6lHCiDleVJfbBleSpAvRBcyaaz2lA9+ACl cW+nRCoVuAMLtZFQlkueha4A2itguzKpxvXH8jY=
X-Google-Smtp-Source: AIpwx49Ir4J5PKCECvW00akhlsGPQ7dnRAZAylN/6FOxsC92oPP36zCQMkEMHXq2WFPoUn6r79PHxoC+8CDYD5UIP/s=
X-Received: by 2002:a9d:4c16:: with SMTP id l22-v6mr11793946otf.176.1523352095338; Tue, 10 Apr 2018 02:21:35 -0700 (PDT)
MIME-Version: 1.0
References: <CANDGjydb27-u3r2vG5M6-mWj1fmin52Uq5qPu0d5n2OQsJQVyw@mail.gmail.com> <31648.1521740357@dooku.sandelman.ca> <CANDGjyeuj0jv17jz2v-iEJd2oxY3Lq0CxBPkcJvSRzWqy_thpQ@mail.gmail.com> <14716.1521930960@dooku.sandelman.ca> <CADJ9OA80gbZtX7aBVUR=y8G_pe7XWggZZJvTUWqggLALn_jC_g@mail.gmail.com>
In-Reply-To: <CADJ9OA80gbZtX7aBVUR=y8G_pe7XWggZZJvTUWqggLALn_jC_g@mail.gmail.com>
From: Mališa Vučinić <malishav@gmail.com>
Date: Tue, 10 Apr 2018 09:21:24 +0000
Message-ID: <CANDGjyc8ufh6i70MJ_-214EOpa0qqyC-beTWXO5XP6tOB0+f4g@mail.gmail.com>
To: Thomas Watteyne <thomas.watteyne@inria.fr>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "6tisch@ietf.org" <6tisch@ietf.org>, "c.amsuess@energyharvesting.at" <c.amsuess@energyharvesting.at>
Content-Type: multipart/alternative; boundary="00000000000082b57a05697b0cf2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/axn4nqtlwfs-2RCd2r7vVUpnc-8>
Subject: Re: [6tisch] Updates to minimal-security-06
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2018 09:21:40 -0000

Hi Thomas,

See inline.

Mališa

On Mon, Mar 26, 2018 at 9:00 AM Thomas Watteyne <thomas.watteyne@inria.fr>
wrote:

> There are two seperated discussions going on in this thread. @Malisa, if
> you agree, let's split the thread.
> I have clarifying questions about both.
>
> *About OBSERVE*
>
> The issue raised is that, during the join request/response exchange
> between the pledge and the JRC, the JRC never learns the IPv6 address of
> the pledge (thanks to the Stateless-Proxy CoAP option). This means that, if
> the join request is carried by a CoAP FETCH message with Observe, the JRC
> has no means of addressing the joined node when the Observe triggers.
> Doing a second GET with Observe once the pledge has joined defeats the
> purpose of going for FETCH.
> Any other option?
>

This discussion is now under the thread: *Observe for rekeing (was: Updates
to minimal-security-06).*

I agree with your summary. Right now we are discussing whether the joined
node can expose a resource (e.g. /j), that the JRC can POST to and update
the key as it knows implicitly joined node's IPv6 address.


> *About COSE_Key*
>
> The issue raised is that, during a rekey of key K2 by the JRC, the JRC
> cannot specify an ASN from which the new key is to be used.
> A strong requirement is for a node NOT have a node rejoin for each rekey.
> Must we use the COSE_Key structure?
> Is the the message sent by the JRC containing the new key end-to-end
> ACK'ed, i.e. does the JRC know it got received?
>

Moving the discussion about the rekeying mechanism to the thread: *Rekeying
for minimal-security (was: Updates to minimal-security-06).*


>
> Thomas
>
> On Sat, Mar 24, 2018 at 11:36 PM, Michael Richardson <
> mcr+ietf@sandelman.ca> wrote:
>
>>
>> Mališa Vučinić <malishav@gmail.com> wrote:
>>     mcr> I think that the mechanism that was explained at:
>>     mcr>
>> https://tools.ietf.org/html/draft-richardson-6tisch-minimal-rekey-02#
>>     mcr> section-4
>>
>>     mcr> is a better workable solution.  Deploy all the new keys (it may
>> take some
>>     mcr> days on sleep networks), and then have nodes switch when they
>> see traffic
>>     mcr> with the new key.
>>
>>     > Thanks, Michael, for the reminder on this document, I have to say
>> that I forgot
>>     > about it.. IIUC, the issue you have with the mechanism I proposed
>> is that the
>>     > JRC in some cases may not know how long it could take to deploy the
>> keys so
>>     > that it cannot properly set the ASN. I think that's a valid concern
>> and that it
>>     > would indeed be better if we could decouple the JRC from the inner
>> network
>>     > specifics as much as possible.
>>
>> Exactly.
>> It does not have to change significantly what you have, it just has to
>> include the (new) keyIndex.
>>
>>     > To do this and support rekeying with your proposal, we need to
>> differentiate
>>     > between "start using this key" and "install the key but don't start
>> using it
>>     > until you see it being used in the network", for 6LBR and joined
>> nodes to
>>     > follow, respectively. We can likely do this by extending the
>> COSE_Key map with
>>     > an additional parameter for this purpose, which I prefer to pulling
>> in the
>>     > whole COMI machinery, as is suggested in the minimal-rekey draft.
>>
>> I agree, we don't need COMI, just the text about when to start using the
>> new key.
>> Shall I suggest some text it github?
>>
>>     > Essentially, the process would be:
>>     > - the JRC deploys the new key(s) to all the nodes except to the
>> 6LBR.
>>     > - nodes will install them, but keep using the old keys because the
>> new COSE_Key
>>     > parameter is set to "install the key but don't start using it until
>> you see it
>>     > being used in the network".
>>
>> I'd say that you always do this with any new key if you have no keys.
>> I don't think we need a flag.
>>
>> In fact, even for the "0th key", you would start using it as soon as you
>> see
>> something that passes with that key, such as authenticating the Beacon
>> that
>> you used to find the Proxy in the first place....
>>
>>     > - deploy the key to the 6LBR, with the COSE_Key parameter set to
>> "start using
>>     > now".
>>     > - once a node sees the new key being used and the replay protection
>> and the
>>     > authenticity check at L2 passes, it removes the old keys and starts
>> using the
>>     > new key for all outgoing traffic
>>
>> Yes.
>>
>> --
>> ]               Never tell me the odds!                 | ipv6 mesh
>> networks [
>> ]   Michael Richardson, Sandelman Software Works        | network
>> architect  [
>> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on
>> rails    [
>>
>>
>> _______________________________________________
>> 6tisch mailing list
>> 6tisch@ietf.org
>> https://www.ietf.org/mailman/listinfo/6tisch
>>
>>
>
>
> --
> ________________________________________
>
> Thomas Watteyne, PhD
> Research Scientist & Innovator, Inria
> Sr Networking Design Eng, Analog Devices
> Founder & co-lead, UC Berkeley OpenWSN
> Co-chair, IETF 6TiSCH
>
> www.thomaswatteyne.com
> ________________________________________
>

v2.23.0 | Report a Bug | By Email