IETF Logo Mail Archive

Re: [6tsch] draft-ohba-6tsch-security-00

<yoshihiro.ohba@toshiba.co.jp> Thu, 27 June 2013 09:35 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: 6tsch@ietfa.amsl.com
Delivered-To: 6tsch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC7DC21F9C74 for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 02:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.088
X-Spam-Level:
X-Spam-Status: No, score=-6.088 tagged_above=-999 required=5 tests=[AWL=-1.999, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lYH5BtZkJtgg for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 02:35:43 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by ietfa.amsl.com (Postfix) with ESMTP id EF2CE21F9C67 for <6tsch@ietf.org>; Thu, 27 Jun 2013 02:35:42 -0700 (PDT)
Received: from tsbmgw-mgw02.tsbmgw-mgw02.toshiba.co.jp ([133.199.200.50]) by imx2.toshiba.co.jp with ESMTP id r5R9Zejb014397 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 27 Jun 2013 18:35:40 +0900 (JST)
Received: from tsbmgw-mgw02 (localhost [127.0.0.1]) by tsbmgw-mgw02.tsbmgw-mgw02.toshiba.co.jp (8.13.8/8.14.5) with ESMTP id r5R9ZeKO001126; Thu, 27 Jun 2013 18:35:40 +0900
Received: from localhost ([127.0.0.1]) by tsbmgw-mgw02 (JAMES SMTP Server 2.3.1) with SMTP ID 473; Thu, 27 Jun 2013 18:35:40 +0900 (JST)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by tsbmgw-mgw02.tsbmgw-mgw02.toshiba.co.jp (8.13.8/8.14.5) with ESMTP id r5R9Zeh1001117; Thu, 27 Jun 2013 18:35:40 +0900
Received: (from root@localhost) by arc1.toshiba.co.jp id r5R9Ze3h008153; Thu, 27 Jun 2013 18:35:40 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id UAA08152; Thu, 27 Jun 2013 18:35:40 +0900
Received: from mx2.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id r5R9ZdTP006903; Thu, 27 Jun 2013 18:35:39 +0900 (JST)
Received: from TGXML330.toshiba.local by toshiba.co.jp id r5R9ZcrR012366; Thu, 27 Jun 2013 18:35:39 +0900 (JST)
Received: from TGXML338.toshiba.local ([169.254.4.194]) by TGXML330.toshiba.local ([133.199.60.204]) with mapi id 14.03.0123.003; Thu, 27 Jun 2013 18:35:38 +0900
From: yoshihiro.ohba@toshiba.co.jp
To: maria-rita.palattella@uni.lu, 6tsch@ietf.org
Thread-Topic: [6tsch] draft-ohba-6tsch-security-00
Thread-Index: AQHOcwhYAAXeU4p+RJ2LFEqPqxPt05lJRf2w
Date: Thu, 27 Jun 2013 09:35:37 +0000
Message-ID: <674F70E5F2BE564CB06B6901FD3DD78B12D27003@tgxml338.toshiba.local>
References: <F085911F642A6847987ADA23E611780D1857A4E8@hoshi.uni.lux>
In-Reply-To: <F085911F642A6847987ADA23E611780D1857A4E8@hoshi.uni.lux>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
x-originating-ip: [133.196.20.79]
msscp.transfermailtomossagent: 103
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [6tsch] draft-ohba-6tsch-security-00
X-BeenThere: 6tsch@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tsch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tsch>, <mailto:6tsch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tsch>
List-Post: <mailto:6tsch@ietf.org>
List-Help: <mailto:6tsch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tsch>, <mailto:6tsch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 09:35:49 -0000

Hi Maria,

Thank you for your feedback.  

We will revise Abstract.

For Metcalf's law reference, I would like to hear from Pascal.

We can add some introduction to PANA in Appendix.

I am happy to replace acronyms section with a reference to draft-palattella-6tsch-terminology.

Sorry for the confusing description about Phase-1.  I understood where the confusion came from. In the sentence "A symmetric key that is established as a result of successful Phase-1 KMP is used for encrypting the Phase-2 and Phase-3 credentials distributed from the authentication server to the node.", the symmetric key is a temporal key material generated from Phaes-1 KMP credentials, and it is not as part of Phase-1 KMP credentials.  I will think about improving the text.

We will fix typos and add a reference to draft-watteyne-6tsch-tsch-lln-context for EB.

Best Regards,
Yoshihiro Ohba

-----Original Message-----
From: 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] On Behalf Of Maria Rita PALATTELLA
Sent: Thursday, June 27, 2013 4:32 PM
To: 6tsch@ietf.org
Subject: Re: [6tsch] draft-ohba-6tsch-security-00

Hello Yoshihiro,

I am not a security expert, but I went through the draft and tried to understand, in order to provide some feedback.

Feel free to ignore them, if you find them inappropriate.

1) the abstract should be re-worded. I would expose the topic in a more general way (in order to be comprehensible for everyone) and then, refer to the specific algorithm PANA.

2) I would add a reference to Metcalf's law in the Intro.

3) Assuming that we are not all familiar with PANA (sorry for that!), I would provide a short description of the protocol. You may add it in the appendix, as we did for instance in the Watteyne-lln-tsch draft, for describing TSCH. Or you can add more information in Sec. 5.1, where you present PANA as a Phase-1 KMP candidate.
In both cases, everyone by reading your draft will have an almost complete view of the security framework you are suggesting.

4)  For the acronyms, we may add all of them in the terminology draft. In this way you should just refer to it, without any need to specify them again. @Pascal/Thomas: what do you think?
Or if you are using PANA notation, you may also refer to it.

5) I have hard time while reading Phase-1. It seems that includes Phase-1 credentials and a Phase-1 KMP. Is it correct? Then, It is not clear in which order these two steps are executed.
<<An authentication and key establishment  protocol called a Phase-1 KMP is conducted between the node and  the authentication server using Phase-1 credentials.>> From this sentence, it seems the sequence is Phase-1 credentials -> Phase-1 KMP <<Both symmetric and asymmetric key credentials can be used as Phase-1 credentials.  A symmetric key that is established as a result of successful Phase-1 KMP ....>> From this other sentence, it seems that the sequence is Phase-1 KMP - > is Phase-1 credentials. It seems to be confirmed also in the Example provided at page 6.
Maybe it is me missing something...
If you agree, I would suggest to revise a bit the description, clarifying such concept, and explaining them in the same order of their actual execution.

6) Typos:
- Initially all nodes but Node A - > I guess you didn't mean BUT
- we focus on Phase-2 KMP requirements in the next seciton. - > section
- PANA [RFC5191] is the Phase-1 KMP candidate since it supports mutual    authenticatio -> authentication
- IEEE 802.15.4 -> IEEE802.15.4 (without space)

6) In sec. 6 when talking about EB, you may add a reference to Watteyne-draft, where a description of EB is provided.


Best Regards,
Maria Rita


-----Original Message-----
From: 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] On Behalf Of yoshihiro.ohba@toshiba.co.jp
Sent: Monday, June 24, 2013 4:10 AM
To: 6tsch@ietf.org
Subject: [6tsch] draft-ohba-6tsch-security-00

6tsch-security draft has been submitted to IETF:

http://tools.ietf.org/html/draft-ohba-6tsch-security-00

Regards,
Yoshihiro Ohba

_______________________________________________
6tsch mailing list
6tsch@ietf.org
https://www.ietf.org/mailman/listinfo/6tsch
_______________________________________________
6tsch mailing list
6tsch@ietf.org
https://www.ietf.org/mailman/listinfo/6tsch

v2.23.0 | Report a Bug | By Email