IETF Logo Mail Archive

[6tsch] FW: draft-ohba-6tsch-security-00

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 25 June 2013 15:30 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6tsch@ietfa.amsl.com
Delivered-To: 6tsch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E699821F9A1E for <6tsch@ietfa.amsl.com>; Tue, 25 Jun 2013 08:30:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.854
X-Spam-Level:
X-Spam-Status: No, score=-9.854 tagged_above=-999 required=5 tests=[AWL=-0.745, BAYES_05=-1.11, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sB7yE9vXm0ep for <6tsch@ietfa.amsl.com>; Tue, 25 Jun 2013 08:30:33 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id 2596421F99C3 for <6tsch@ietf.org>; Tue, 25 Jun 2013 08:30:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20346; q=dns/txt; s=iport; t=1372174233; x=1373383833; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=iEx1owAljEb9lWkBLUN+IYTG/kdcFL7BHQtnQMrEluY=; b=G21JV6QeA8GftAVO7upbzPIKPRdCme2p7hwB/md85LfKIVPFEUnRD65T npcLA5/iFK26yMwBPgg8YSYbXw2kb8eXs73t0OtXwblXnUsqm7EyMpfge R4H9T0LFp+IVPCJL31y4qHONNstlXExZJsi1ZuntXodSEh7jeSQn74Jtg g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AogFABS3yVGtJXG+/2dsb2JhbABagkVEMUmDBbw0gQMWdIIjAQEBBCEBC1wCAQgRAQMBAQsFEQcCAwIyFAMEAQEFAwEBBBMIiAaOSZs6AZFUjxQ3AYJMNmEDhT6jSYMQgig
X-IronPort-AV: E=Sophos; i="4.87,938,1363132800"; d="scan'208,217"; a="227020921"
Received: from rcdn-core2-3.cisco.com ([173.37.113.190]) by rcdn-iport-1.cisco.com with ESMTP; 25 Jun 2013 15:30:32 +0000
Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by rcdn-core2-3.cisco.com (8.14.5/8.14.5) with ESMTP id r5PFUWVC014229 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <6tsch@ietf.org>; Tue, 25 Jun 2013 15:30:32 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.80]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.02.0318.004; Tue, 25 Jun 2013 10:30:31 -0500
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "6tsch@ietf.org" <6tsch@ietf.org>
Thread-Topic: [6tsch] draft-ohba-6tsch-security-00
Thread-Index: Ac5wf87yAAXeU4p+RJ2LFEqPqxPt0wAT5D2AABlp2YAAEwb6wAAN1Tjw
Date: Tue, 25 Jun 2013 15:30:31 +0000
Deferred-Delivery: Tue, 25 Jun 2013 15:30:00 +0000
Message-ID: <E045AECD98228444A58C61C200AE1BD841331D7E@xmb-rcd-x01.cisco.com>
References: <674F70E5F2BE564CB06B6901FD3DD78B12D258EB@tgxml338.toshiba.local> <CALEMV4Zq5B9vDGQr-Jnkc9umPCxw+sLAdNzGx3dJmgPv1GiA_Q@mail.gmail.com> <E045AECD98228444A58C61C200AE1BD841331338@xmb-rcd-x01.cisco.com> <674F70E5F2BE564CB06B6901FD3DD78B12D25F39@tgxml338.toshiba.local>
In-Reply-To: <674F70E5F2BE564CB06B6901FD3DD78B12D25F39@tgxml338.toshiba.local>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.61.160.6]
Content-Type: multipart/alternative; boundary="_000_E045AECD98228444A58C61C200AE1BD841331D7Exmbrcdx01ciscoc_"
MIME-Version: 1.0
Subject: [6tsch] FW: draft-ohba-6tsch-security-00
X-BeenThere: 6tsch@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tsch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tsch>, <mailto:6tsch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tsch>
List-Post: <mailto:6tsch@ietf.org>
List-Help: <mailto:6tsch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tsch>, <mailto:6tsch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2013 15:30:39 -0000

Dear all:

I realized that the list was not copied; fixing this now. The discussion is around section 2 that is missing the expansion of 6TSCH

Cheers,

Pascal

From: yoshihiro.ohba@toshiba.co.jp [mailto:yoshihiro.ohba@toshiba.co.jp]
Sent: mardi 25 juin 2013 11:04
To: Pascal Thubert (pthubert); xvilajosana@eecs.berkeley.edu; maria-rita.palattella@uni.lu
Cc: watteyne@eecs.berkeley.edu
Subject: RE: [6tsch] draft-ohba-6tsch-security-00



From: Pascal Thubert (pthubert) [mailto:pthubert@cisco.com]
Sent: Tuesday, June 25, 2013 5:46 PM
To: xvilajosana@eecs.berkeley.edu<mailto:xvilajosana@eecs.berkeley.edu>; ohba yoshihiro(大場 義洋 ○RDC□NSL); maria-rita.palattella@uni.lu<mailto:maria-rita.palattella@uni.lu>
Cc: watteyne@eecs.berkeley.edu<mailto:watteyne@eecs.berkeley.edu>
Subject: RE: [6tsch] draft-ohba-6tsch-security-00

Hello Xavi and Yoshi.

I’d agree that our terminology is not perfect for that definition. Let us discuss this at the next call.
“
  6TSCH:      Entity that sets up the schedule, controls the
               connectivity graph of the network, and the resources
               allocated to each scheduled cell in that connectivity
               graph.  It may be an adaptation layer, a distributed
               reservation protocol, a centralized path computation
               entity, or any combination thereof.

“
I think that the definition should 1) spell out the acronym “IPv6 over Time Slotted Channel Hopping”, and 2) explain that 6TSCH defines a set of IETF sublayers and protocols, as well as an architecture to bind them together, for use in TSCH based networks. Which in turns reminds me that people are getting confused when we tell them that 6TSCH pronounces “SIXTUS” and that we also have a sublayer called 6TUS. Shouldn’t we change something there?

Yoshi:  I think section 2 should refer to our terminology. There is already a XREF link at the end of the draft. If the terminology expands the acronym for 6TSCH you’re all set : )
[YO] As soon as we agree on the acronym for 6TSCH I will put it in section 2.

About section 3. Could we separate the commissioning from the bootstrapping? I would like to see a phase 0 when the device is prepared and the management systems are provisioned. In particular: What are the expectation on the device off the factory: Some builtin vendor crypto material / certificate? And then when the device is acquired and prepared for installation: Should the OT people configure an IPv6 address? Additional crypto material like a shared secret?

[YO] We could add text for phase 0 for commissioning (I think Figure 1 can still start with phase 1 since phase 0 does not need to be standardized).  The purpose of phase 0 is to install phase 1 KMP credentials in a physically secured and managed location before the devices are placed where they are expected to operate.

Regards,
Yoshihiro Ohba


Cheers,

Pascal

v2.23.0 | Report a Bug | By Email