Re: [6tisch] [6tisch-security] minutes from call 2014-10-28
Thomas Watteyne <watteyne@eecs.berkeley.edu> Tue, 04 November 2014 17:16 UTC
Return-Path: <twatteyne@gmail.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8CD71A9149; Tue, 4 Nov 2014 09:16:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.276
X-Spam-Level:
X-Spam-Status: No, score=-1.276 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LRgXrQ3oNbNJ; Tue, 4 Nov 2014 09:16:31 -0800 (PST)
Received: from mail-pd0-x22b.google.com (mail-pd0-x22b.google.com [IPv6:2607:f8b0:400e:c02::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41A801A90DF; Tue, 4 Nov 2014 09:16:31 -0800 (PST)
Received: by mail-pd0-f171.google.com with SMTP id r10so14054313pdi.30 for <multiple recipients>; Tue, 04 Nov 2014 09:16:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=G2rQyfOC9IP8fi+L6hWLate4i7MHvtlPrE2M6s8k4b0=; b=u5IQbZHKy2L0HkwFb3CAKgPi3KSBRWPikaHSIDsrszO7l7A6kF/njtqKYSjkFB/WgG A7779T4MjCGLSanbtNgw4HWOQXNhNT6RMUwJcIDBBXqCLUDAvN0GySidL3gYD/0pyQOi qr47kL1YMQsSJnTXD7hPPMcQiLvfn2Ao5MvuzGKAphv45PCkTK20GXcu9bgQxMhHu8fO MHoGWtXM5fJWbZ90ea5pguCZZrTXIJFL3bYJ7/3astaZhoaaHIxKchsefeLELN9cT9tx S4omjNQIpotoqKDXIimYgr+XLtAH67C/rmNuPP0FObGNYHRq6+uxV26EW3dD5ib2zihw Pysw==
X-Received: by 10.70.45.40 with SMTP id j8mr11591897pdm.130.1415121390357; Tue, 04 Nov 2014 09:16:30 -0800 (PST)
MIME-Version: 1.0
Sender: twatteyne@gmail.com
Received: by 10.66.88.42 with HTTP; Tue, 4 Nov 2014 09:16:10 -0800 (PST)
In-Reply-To: <7180.1415115028@sandelman.ca>
References: <7180.1415115028@sandelman.ca>
From: Thomas Watteyne <watteyne@eecs.berkeley.edu>
Date: Tue, 04 Nov 2014 09:16:10 -0800
X-Google-Sender-Auth: Vh5aEJJxu9mBSvhT6utJsJheqwk
Message-ID: <CADJ9OA9PmO3mOhqbp22_aFD00Yjn2huyWAVM-k5KH4Du1B9Ycg@mail.gmail.com>
To: "6tisch@ietf.org" <6tisch@ietf.org>, tisch-security <6tisch-security@ietf.org>
Content-Type: multipart/alternative; boundary="047d7bf18b76c9549005070b9f83"
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/r6xhQvuNU4m_uFZ8AnIi1c8o-GU
Subject: Re: [6tisch] [6tisch-security] minutes from call 2014-10-28
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 17:16:34 -0000
[adding the 6TiSCH ML] On Tue, Nov 4, 2014 at 7:30 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > My appologies for taking so long to get these out. > The call this week is in 30 minutes at: > > Meeting number: 645 146 419 Meeting password: timeslot Audio > > connection: 1-877-668-4493 Call-in toll free number (US/Canada) > > 1-650-479-3208 Call-in toll number (US/Canada) > > > > https://ietf.webex.com/ietf/j.php?MTID=m026b87ec5a630ca1ec44f2e79329ba02 > > > etherpad for meeting: > > http://etherpad.tools.ietf.org:9000/p/6tisch-security-6top-xml.txt > > > please note that google/browser-using-google-data might complain > about it > > being a phising site, it is likely a false positive, and I've let > > ietf-action know about it. > > > 2014-10-28 call started 11am EST. > > Attending > - Thomas Watteyne > - Michael Richardson > - Jonathan Simon > - Kris Pister > - Mike Seewald > - Nancy Cam-Winget > > We started the meeting by attempting to recap the discussion in the Mailing > List. Michael asks Kris to do the recap. The thread starts at: > > http://www.ietf.org/mail-archive/web/6tisch-security/current/msg00212.html > > The result of the discussion is that we have some terminology problems with > the use of "join key" --- we agreed that we would use the following terms: > > join network - A 802.15.4e network whose well known global > encryption and authentication key is "JOIN6TISCH". > unique join key - a symmetric key shared between a newly joining node, > and > the JCE. This key supports smaller installations for > which > asymmetric methods are considered too large > well known beacon key - this is the key "JOIN6TISCH" > > MR discussed that while the unique join key might in some situations not be > unique (we can not prevent use of pin "0000" a la Bluetooth headsets), we > should never make a protocol that depends upon the key being known by more > than one node. > > We then had a discussion about the term "trust anchors". > MCR said that the use of this term will cause some security people to > assume > that this is related to the set of trust anchors present in web browsers; > that some interaction with the Verisign/Komodo/etc. is intended, when it > really is about connection to some industry consortia, or perhaps only to > the > vendor's CA. > > We covered the problem of the node knowing if it is joining the right > network, that "this is the JCE you are looking for" (Star Wars droids > reference). The oil refinery situation was raised; where competitors have > equipment within radio distance of each other, and often sell/lease it > among > themselves. > > MR: suggestion: certificate given by JCE to node, contains authorization > with > "I am your owner". there is a set of delegation in supply chain. node > can > authenticatie that. node need to go to its vendor > > KP: so go out to the Internet and contact the vendor? > MR: don't suggest node or JCE do this online. Michael Belinger raised > fraud and > reselling. issue is that, when you purchase a node, you have to > install. vendor could veto a resell market if was involved online. > example > with lightbulbs > > MR: opinion is that the way you get that certificate is out of scope. Here > is > your MAC id and certificate of who owns you > > We had a discussion about possible ways that this introduces a > vendor-lockin > DRM, and the negative press that might result. This is the reason for the > 802.1AR installation of a LDevID after the join process, as this > permits/supports resell and further econonic activity without permission of > the vendor. > > We agreed that there would never be a requirement to go out to the > Internet. > > MCR explained purpose of draft-richardson-6tisch-idevid-cert... tried to > explain relative to SIDR, but SIDR work was not known. > > We discussed why we have a well-known-beacon key at all: mixing traffic > from > other sources users of that spectrum, and also concern that some MACs may > be > unable to deal with unencrypted and encrypted traffic being received at the > same time. > > We had a discussion about the 10/11 flows which are summarized as follows: > > MR: DTLS session bnetwee JCE and join assistant, doubly encryped (L2 hop > by hop and e2e DTLC/6top) > MR: TLS session setup consists of 2 exchanges: > . client hello (client presents his capabilities) > . server helo (new node) responds his capabilities) > . those packets re 100-150 bytes. possibly 60-70 bytes. suspect will > be 2 frames > . allow to agree on cipher, need crypto agility > . would be ideal is JCE presents 2 options, AES-TCM and other > . second exchange involves client certification, and response with > server certificate and DH > . packet ~1-2kB size. can be in smaller pieces > . biggest pieces in this is supplier chain of certificate that proves > own this node > . upper part of chain COULD be cached by join assistant. but, most of > statements will be mote-specific > > Agenda for next, second DODAG, how do we get that mode online: > text in section 3 starting with: > "The specific mechanism to enable end to end connectivity with the JCE" > > > > > > > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > > _______________________________________________ > 6tisch-security mailing list > 6tisch-security@ietf.org > https://www.ietf.org/mailman/listinfo/6tisch-security > >
- Re: [6tisch] [6tisch-security] minutes from call … Thomas Watteyne