IETF Logo Mail Archive

Re: [6tsch] draft-ohba-6tsch-security-00

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 27 June 2013 12:25 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6tsch@ietfa.amsl.com
Delivered-To: 6tsch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7487221F9CDD for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 05:25:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ej2FT6w-R3Xw for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 05:25:31 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 8166921F9CEA for <6tsch@ietf.org>; Thu, 27 Jun 2013 05:25:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5011; q=dns/txt; s=iport; t=1372335919; x=1373545519; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=KmDYBa96fTuViH1Ny0ZxXpFj8QfEHk0Kk7gqgfX9/18=; b=CtuzBA/DFGcfaELEeknFdVME1kNZyqYnoZWvtQu4IPjXwQrM8/CbZ7RQ cClPEEU2ZJnh8BU/t1QhnDG3zma7RDB5UDfV0yvjdgLmch9fID9OatzSs 1HY2bjW2IO4/6WGmTLBl41/QlPpwOSj8sD5Ag+nUFYJg0FDycpA5O+fv4 s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ah0FADguzFGtJXG//2dsb2JhbABbgwkxSb8IfhZ0giMBAQEBAwEBASQTMQMXBAIBCBEEAQELFAkHJwsUCQgCBAESCIgGDLpFjyQGMgIEgnxjA5NzhHuQHIMRgig
X-IronPort-AV: E=Sophos;i="4.87,951,1363132800"; d="scan'208";a="228072721"
Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by rcdn-iport-2.cisco.com with ESMTP; 27 Jun 2013 12:25:19 +0000
Received: from xhc-aln-x03.cisco.com (xhc-aln-x03.cisco.com [173.36.12.77]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id r5RCPIJD010200 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 27 Jun 2013 12:25:18 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.80]) by xhc-aln-x03.cisco.com ([173.36.12.77]) with mapi id 14.02.0318.004; Thu, 27 Jun 2013 07:25:18 -0500
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "yoshihiro.ohba@toshiba.co.jp" <yoshihiro.ohba@toshiba.co.jp>, "maria-rita.palattella@uni.lu" <maria-rita.palattella@uni.lu>, "6tsch@ietf.org" <6tsch@ietf.org>
Thread-Topic: [6tsch] draft-ohba-6tsch-security-00
Thread-Index: AQHOcwhYAAXeU4p+RJ2LFEqPqxPt05lJRf2wgAA2KJA=
Date: Thu, 27 Jun 2013 12:25:17 +0000
Deferred-Delivery: Thu, 27 Jun 2013 12:25:00 +0000
Message-ID: <E045AECD98228444A58C61C200AE1BD84133510C@xmb-rcd-x01.cisco.com>
References: <F085911F642A6847987ADA23E611780D1857A4E8@hoshi.uni.lux> <674F70E5F2BE564CB06B6901FD3DD78B12D27003@tgxml338.toshiba.local>
In-Reply-To: <674F70E5F2BE564CB06B6901FD3DD78B12D27003@tgxml338.toshiba.local>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.61.160.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [6tsch] draft-ohba-6tsch-security-00
X-BeenThere: 6tsch@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tsch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tsch>, <mailto:6tsch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tsch>
List-Post: <mailto:6tsch@ietf.org>
List-Help: <mailto:6tsch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tsch>, <mailto:6tsch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 12:25:36 -0000

Dear Yoshi:

I think that Wikipedia has a great discussion on Metcalf's law as http://en.wikipedia.org/wiki/Metcalfe%27s_law 

Would you all agree?

Pascal


-----Original Message-----
From: 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] On Behalf Of yoshihiro.ohba@toshiba.co.jp
Sent: jeudi 27 juin 2013 11:36
To: maria-rita.palattella@uni.lu; 6tsch@ietf.org
Subject: Re: [6tsch] draft-ohba-6tsch-security-00

Hi Maria,

Thank you for your feedback.  

We will revise Abstract.

For Metcalf's law reference, I would like to hear from Pascal.

We can add some introduction to PANA in Appendix.

I am happy to replace acronyms section with a reference to draft-palattella-6tsch-terminology.

Sorry for the confusing description about Phase-1.  I understood where the confusion came from. In the sentence "A symmetric key that is established as a result of successful Phase-1 KMP is used for encrypting the Phase-2 and Phase-3 credentials distributed from the authentication server to the node.", the symmetric key is a temporal key material generated from Phaes-1 KMP credentials, and it is not as part of Phase-1 KMP credentials.  I will think about improving the text.

We will fix typos and add a reference to draft-watteyne-6tsch-tsch-lln-context for EB.

Best Regards,
Yoshihiro Ohba

-----Original Message-----
From: 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] On Behalf Of Maria Rita PALATTELLA
Sent: Thursday, June 27, 2013 4:32 PM
To: 6tsch@ietf.org
Subject: Re: [6tsch] draft-ohba-6tsch-security-00

Hello Yoshihiro,

I am not a security expert, but I went through the draft and tried to understand, in order to provide some feedback.

Feel free to ignore them, if you find them inappropriate.

1) the abstract should be re-worded. I would expose the topic in a more general way (in order to be comprehensible for everyone) and then, refer to the specific algorithm PANA.

2) I would add a reference to Metcalf's law in the Intro.

3) Assuming that we are not all familiar with PANA (sorry for that!), I would provide a short description of the protocol. You may add it in the appendix, as we did for instance in the Watteyne-lln-tsch draft, for describing TSCH. Or you can add more information in Sec. 5.1, where you present PANA as a Phase-1 KMP candidate.
In both cases, everyone by reading your draft will have an almost complete view of the security framework you are suggesting.

4)  For the acronyms, we may add all of them in the terminology draft. In this way you should just refer to it, without any need to specify them again. @Pascal/Thomas: what do you think?
Or if you are using PANA notation, you may also refer to it.

5) I have hard time while reading Phase-1. It seems that includes Phase-1 credentials and a Phase-1 KMP. Is it correct? Then, It is not clear in which order these two steps are executed.
<<An authentication and key establishment  protocol called a Phase-1 KMP is conducted between the node and  the authentication server using Phase-1 credentials.>> From this sentence, it seems the sequence is Phase-1 credentials -> Phase-1 KMP <<Both symmetric and asymmetric key credentials can be used as Phase-1 credentials.  A symmetric key that is established as a result of successful Phase-1 KMP ....>> From this other sentence, it seems that the sequence is Phase-1 KMP - > is Phase-1 credentials. It seems to be confirmed also in the Example provided at page 6.
Maybe it is me missing something...
If you agree, I would suggest to revise a bit the description, clarifying such concept, and explaining them in the same order of their actual execution.

6) Typos:
- Initially all nodes but Node A - > I guess you didn't mean BUT
- we focus on Phase-2 KMP requirements in the next seciton. - > section
- PANA [RFC5191] is the Phase-1 KMP candidate since it supports mutual    authenticatio -> authentication
- IEEE 802.15.4 -> IEEE802.15.4 (without space)

6) In sec. 6 when talking about EB, you may add a reference to Watteyne-draft, where a description of EB is provided.


Best Regards,
Maria Rita


-----Original Message-----
From: 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] On Behalf Of yoshihiro.ohba@toshiba.co.jp
Sent: Monday, June 24, 2013 4:10 AM
To: 6tsch@ietf.org
Subject: [6tsch] draft-ohba-6tsch-security-00

6tsch-security draft has been submitted to IETF:

http://tools.ietf.org/html/draft-ohba-6tsch-security-00

Regards,
Yoshihiro Ohba

_______________________________________________
6tsch mailing list
6tsch@ietf.org
https://www.ietf.org/mailman/listinfo/6tsch
_______________________________________________
6tsch mailing list
6tsch@ietf.org
https://www.ietf.org/mailman/listinfo/6tsch

_______________________________________________
6tsch mailing list
6tsch@ietf.org
https://www.ietf.org/mailman/listinfo/6tsch

v2.23.0 | Report a Bug | By Email