IETF Logo Mail Archive

Re: [6tisch] Updates to minimal-security-06

Mališa Vučinić <malishav@gmail.com> Fri, 23 March 2018 10:53 UTC

Return-Path: <malishav@gmail.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BE4F12D810 for <6tisch@ietfa.amsl.com>; Fri, 23 Mar 2018 03:53:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s-HbqA_AxbHe for <6tisch@ietfa.amsl.com>; Fri, 23 Mar 2018 03:53:06 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47C3A1205D3 for <6tisch@ietf.org>; Fri, 23 Mar 2018 03:53:06 -0700 (PDT)
Received: by mail-oi0-x233.google.com with SMTP id 1-v6so4214462oix.7 for <6tisch@ietf.org>; Fri, 23 Mar 2018 03:53:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NS5LJ6262wnKvI+Djj49CQR1NUTQvRscIjc4C3ZUqwg=; b=oqQ13r+Dabd5v2W+elE/qNCLqXYUMftzZccI7RrRBbqNciAiDxabWLrFjhQd7Lgqxw X5N7MgKMQItiOUwTt9QfFGn9DSutppaKA/kSdXDIn9wlcywXg6gikp+YVLgtrluykTsz nSctgchhUcEEgdL2fk6K/sV1px1HPhGokJuQhToV6QiW7MD/ttji3LGuLsaUOOuzXepK BKaVDAJ9qgDQI7HVp8HTZAp313rFf935DY9WurJjO/Q+oxcJ0OkjhPCUFRIVxz/nfM/M JmMuyzarXWC5S80DbDntryC+UFbHJN1L4kMmOOpAZO3uczMoS/99RSwA/gNc8NV7xkeC zP3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NS5LJ6262wnKvI+Djj49CQR1NUTQvRscIjc4C3ZUqwg=; b=Rgl6+seszP+nDTw89wQ65z86CX+n2WjGSe7XKhdHBkS+tOHfWhXY0jwDdC5m006R4o B7Klw6G6N10a9AgSQ8VdyD0+Uh1vtVlU4uSKzKKYBG31FtmYtSOWaEn9DPNzrgal2E0n eq6/ojh2D24/qx4tgrZpgedya2mUp6RFSMObiqbgiw1Xev4Cmh0fNmI7EF+JQGZvbf/6 4mVtKUEsLDxGmYF8keLKS1zURPcQdY0xIWEfpzNHLHv5SYsN04ov/JC+9NEqwZsD5t0r P8wYLkcU1iEXoH5hHfghGrxuePlRVsjTngkHuOpln5RM2BYrsARsX2+4QDU09w5Axd1B naMw==
X-Gm-Message-State: AElRT7Ffg04iZbfFI+wLF836oZUKMco1f60rCJ9dAtotxnJO7Tzw/7tP jGHmIRMey1DDAHLXsHMNPKHcqEjlKaUWwQjeS/mFnA==
X-Google-Smtp-Source: AG47ELsLtBY7NzhxC+FNaM+v5ifbct4yvOXwaTSq7IBfsrCd3eOqDblmsHdyEm1hy8KDqrUgOx251p/Ocb1SVl0kOek=
X-Received: by 10.202.222.139 with SMTP id v133mr17010038oig.290.1521802385480; Fri, 23 Mar 2018 03:53:05 -0700 (PDT)
MIME-Version: 1.0
References: <CANDGjydb27-u3r2vG5M6-mWj1fmin52Uq5qPu0d5n2OQsJQVyw@mail.gmail.com> <31648.1521740357@dooku.sandelman.ca>
In-Reply-To: <31648.1521740357@dooku.sandelman.ca>
From: Mališa Vučinić <malishav@gmail.com>
Date: Fri, 23 Mar 2018 10:52:54 +0000
Message-ID: <CANDGjyeuj0jv17jz2v-iEJd2oxY3Lq0CxBPkcJvSRzWqy_thpQ@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "6tisch@ietf.org" <6tisch@ietf.org>, "c.amsuess@energyharvesting.at" <c.amsuess@energyharvesting.at>
Content-Type: multipart/alternative; boundary="001a113d62509ae2480568123a97"
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/qN_RwlclX2MhNy39i52Bu9GVK6I>
Subject: Re: [6tisch] Updates to minimal-security-06
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 10:53:08 -0000

On Thu, Mar 22, 2018 at 5:39 PM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Mališa Vučinić <malisa.vucinic@inria.fr> wrote:
>     > in the network. Other than adding the Observe option, together with
> the
>     > new link-layer key we also need to carry the ASN at which this key is
>     > scheduled to be rolled out. What COSE parameter the ASN will be
>
> I disagree with this method.
>
> I think that the mechanism that was explained at:
>
> https://tools.ietf.org/html/draft-richardson-6tisch-minimal-rekey-02#section-4
>
> is a better workable solution.  Deploy all the new keys (it may take some
> days on sleep networks), and then have nodes switch when they see traffic
> with the new key.
>

Thanks, Michael, for the reminder on this document, I have to say that I
forgot about it.. IIUC, the issue you have with the mechanism I proposed is
that the JRC in some cases may not know how long it could take to deploy
the keys so that it cannot properly set the ASN. I think that's a valid
concern and that it would indeed be better if we could decouple the JRC
from the inner network specifics as much as possible.

One of my goals with this extension to minimal-security is to remove any
need for an additional protocol between the 6LBR and the JRC.
6LBR can act as any other pledge before triggering the network formation
process by sending a Join Request itself. The only additional parameter
that the 6LBR needs in respect to the pledges is the IPv6 address of the
JRC and this can be done during one-touch provisioning. Once it receives
the Join Response, 6LBR can start advertising the network by using the
link-layer keys it received.

To do this and support rekeying with your proposal, we need to
differentiate between "start using this key" and "install the key but don't
start using it until you see it being used in the network", for 6LBR and
joined nodes to follow, respectively. We can likely do this by extending
the COSE_Key map with an additional parameter for this purpose, which I
prefer to pulling in the whole COMI machinery, as is suggested in the
minimal-rekey draft.

Essentially, the process would be:
- the JRC deploys the new key(s) to all the nodes except to the 6LBR.
- nodes will install them, but keep using the old keys because the new
COSE_Key parameter is set to "install the key but don't start using it
until you see it being used in the network".
- deploy the key to the 6LBR, with the COSE_Key parameter set to "start
using now".
- once a node sees the new key being used and the replay protection and the
authenticity check at L2 passes, it removes the old keys and starts using
the new key for all outgoing traffic

What do you think?

Mališa
-- 
Mališa

v2.23.0 | Report a Bug | By Email