IETF Logo Mail Archive

Re: [6tsch] draft-ohba-6tsch-security-00

Maria Rita PALATTELLA <maria-rita.palattella@uni.lu> Thu, 27 June 2013 07:31 UTC

Return-Path: <maria-rita.palattella@uni.lu>
X-Original-To: 6tsch@ietfa.amsl.com
Delivered-To: 6tsch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4513321F9799 for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 00:31:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hfQ5v2OpMiTq for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 00:31:37 -0700 (PDT)
Received: from hercules.uni.lu (hercules.uni.lu [158.64.76.33]) by ietfa.amsl.com (Postfix) with ESMTP id D63BF21F9A81 for <6tsch@ietf.org>; Thu, 27 Jun 2013 00:31:36 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.87,950,1363129200"; d="scan'208";a="25073406"
Received: from unknown (HELO REED.uni.lux) ([10.21.2.9]) by hercules.uni.lu with ESMTP; 27 Jun 2013 09:31:34 +0200
Received: from HOSHI.uni.lux ([fe80::499:a33:4e68:4af9]) by REED.uni.lux ([fe80::31bb:b7a3:7abb:813e%10]) with mapi id 14.03.0123.003; Thu, 27 Jun 2013 09:31:33 +0200
From: Maria Rita PALATTELLA <maria-rita.palattella@uni.lu>
To: "6tsch@ietf.org" <6tsch@ietf.org>
Thread-Topic: RE:draft-ohba-6tsch-security-00
Thread-Index: AQHOcwhY5pjd85S6EkmMDKI1SVLFXg==
Date: Thu, 27 Jun 2013 07:31:32 +0000
Message-ID: <F085911F642A6847987ADA23E611780D1857A4E8@hoshi.uni.lux>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.34.0.9]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [6tsch] draft-ohba-6tsch-security-00
X-BeenThere: 6tsch@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tsch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tsch>, <mailto:6tsch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tsch>
List-Post: <mailto:6tsch@ietf.org>
List-Help: <mailto:6tsch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tsch>, <mailto:6tsch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 07:31:41 -0000

Hello Yoshihiro,

I am not a security expert, but I went through the draft and tried to understand, in order to provide some feedback.

Feel free to ignore them, if you find them inappropriate.

1) the abstract should be re-worded. I would expose the topic in a more general way (in order to be comprehensible for everyone) and then, refer to the specific algorithm PANA.

2) I would add a reference to Metcalf's law in the Intro.

3) Assuming that we are not all familiar with PANA (sorry for that!), I would provide a short description of the protocol. You may add it in the appendix, as we did for instance in the Watteyne-lln-tsch draft, for describing TSCH. Or you can add more information in Sec. 5.1, where you present PANA as a Phase-1 KMP candidate.
In both cases, everyone by reading your draft will have an almost complete view of the security framework you are suggesting.

4)  For the acronyms, we may add all of them in the terminology draft. In this way you should just refer to it, without any need to specify them again. @Pascal/Thomas: what do you think?
Or if you are using PANA notation, you may also refer to it.

5) I have hard time while reading Phase-1. It seems that includes Phase-1 credentials and a Phase-1 KMP. Is it correct? Then, It is not clear in which order these two steps are executed.
<<An authentication and key establishment  protocol called a Phase-1 KMP is conducted between the node and  the authentication server using Phase-1 credentials.>>
>From this sentence, it seems the sequence is Phase-1 credentials -> Phase-1 KMP
<<Both symmetric and asymmetric key credentials can be used as Phase-1 credentials.  A symmetric key that is established as a result of successful Phase-1 KMP ....>>
>From this other sentence, it seems that the sequence is Phase-1 KMP - > is Phase-1 credentials. It seems to be confirmed also in the Example provided at page 6.
Maybe it is me missing something...
If you agree, I would suggest to revise a bit the description, clarifying such concept, and explaining them in the same order of their actual execution.

6) Typos:
- Initially all nodes but Node A - > I guess you didn't mean BUT
- we focus on Phase-2 KMP requirements in the next seciton. - > section
- PANA [RFC5191] is the Phase-1 KMP candidate since it supports mutual    authenticatio -> authentication
- IEEE 802.15.4 -> IEEE802.15.4 (without space)

6) In sec. 6 when talking about EB, you may add a reference to Watteyne-draft, where a description of EB is provided.


Best Regards,
Maria Rita


-----Original Message-----
From: 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] On Behalf Of yoshihiro.ohba@toshiba.co.jp
Sent: Monday, June 24, 2013 4:10 AM
To: 6tsch@ietf.org
Subject: [6tsch] draft-ohba-6tsch-security-00

6tsch-security draft has been submitted to IETF:

http://tools.ietf.org/html/draft-ohba-6tsch-security-00

Regards,
Yoshihiro Ohba

_______________________________________________
6tsch mailing list
6tsch@ietf.org
https://www.ietf.org/mailman/listinfo/6tsch

v2.23.0 | Report a Bug | By Email