IETF Logo Mail Archive

Re: [6tsch] draft-ohba-6tsch-security-00

Maria Rita PALATTELLA <maria-rita.palattella@uni.lu> Fri, 28 June 2013 06:55 UTC

Return-Path: <maria-rita.palattella@uni.lu>
X-Original-To: 6tsch@ietfa.amsl.com
Delivered-To: 6tsch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 542C821F9D05 for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 23:55:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4
X-Spam-Level:
X-Spam-Status: No, score=-4 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PFNNt33IqCWk for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 23:55:08 -0700 (PDT)
Received: from hercules.uni.lu (hercules.uni.lu [158.64.76.33]) by ietfa.amsl.com (Postfix) with ESMTP id 9937F21F8468 for <6tsch@ietf.org>; Thu, 27 Jun 2013 23:53:25 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.87,957,1363129200"; d="scan'208";a="25097728"
Received: from unknown (HELO REED.uni.lux) ([10.21.2.9]) by hercules.uni.lu with ESMTP; 28 Jun 2013 08:53:24 +0200
Received: from HOSHI.uni.lux ([fe80::499:a33:4e68:4af9]) by REED.uni.lux ([fe80::31bb:b7a3:7abb:813e%10]) with mapi id 14.03.0123.003; Fri, 28 Jun 2013 08:53:24 +0200
From: Maria Rita PALATTELLA <maria-rita.palattella@uni.lu>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, "yoshihiro.ohba@toshiba.co.jp" <yoshihiro.ohba@toshiba.co.jp>, "6tsch@ietf.org" <6tsch@ietf.org>
Thread-Topic: [6tsch] draft-ohba-6tsch-security-00
Thread-Index: AQHOcxm0hEQz30t01U6yh2kByZh2c5lJWwiAgAFWZiA=
Date: Fri, 28 Jun 2013 06:53:23 +0000
Message-ID: <F085911F642A6847987ADA23E611780D18582CFD@hoshi.uni.lux>
References: <F085911F642A6847987ADA23E611780D1857A4E8@hoshi.uni.lux> <674F70E5F2BE564CB06B6901FD3DD78B12D27003@tgxml338.toshiba.local> <E045AECD98228444A58C61C200AE1BD84133510C@xmb-rcd-x01.cisco.com>
In-Reply-To: <E045AECD98228444A58C61C200AE1BD84133510C@xmb-rcd-x01.cisco.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.91.0.78]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [6tsch] draft-ohba-6tsch-security-00
X-BeenThere: 6tsch@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tsch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tsch>, <mailto:6tsch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tsch>
List-Post: <mailto:6tsch@ietf.org>
List-Help: <mailto:6tsch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tsch>, <mailto:6tsch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2013 06:55:17 -0000

Pascal,
Instead of refer to Wikipedia page, I would use one of the references proposed on that page.
What do you think?
Maria Rita

-----Original Message-----
From: Pascal Thubert (pthubert) [mailto:pthubert@cisco.com] 
Sent: Thursday, June 27, 2013 2:25 PM
To: yoshihiro.ohba@toshiba.co.jp; Maria Rita PALATTELLA; 6tsch@ietf.org
Subject: RE: [6tsch] draft-ohba-6tsch-security-00

Dear Yoshi:

I think that Wikipedia has a great discussion on Metcalf's law as http://en.wikipedia.org/wiki/Metcalfe%27s_law 

Would you all agree?

Pascal


-----Original Message-----
From: 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] On Behalf Of yoshihiro.ohba@toshiba.co.jp
Sent: jeudi 27 juin 2013 11:36
To: maria-rita.palattella@uni.lu; 6tsch@ietf.org
Subject: Re: [6tsch] draft-ohba-6tsch-security-00

Hi Maria,

Thank you for your feedback.  

We will revise Abstract.

For Metcalf's law reference, I would like to hear from Pascal.

We can add some introduction to PANA in Appendix.

I am happy to replace acronyms section with a reference to draft-palattella-6tsch-terminology.

Sorry for the confusing description about Phase-1.  I understood where the confusion came from. In the sentence "A symmetric key that is established as a result of successful Phase-1 KMP is used for encrypting the Phase-2 and Phase-3 credentials distributed from the authentication server to the node.", the symmetric key is a temporal key material generated from Phaes-1 KMP credentials, and it is not as part of Phase-1 KMP credentials.  I will think about improving the text.

We will fix typos and add a reference to draft-watteyne-6tsch-tsch-lln-context for EB.

Best Regards,
Yoshihiro Ohba

-----Original Message-----
From: 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] On Behalf Of Maria Rita PALATTELLA
Sent: Thursday, June 27, 2013 4:32 PM
To: 6tsch@ietf.org
Subject: Re: [6tsch] draft-ohba-6tsch-security-00

Hello Yoshihiro,

I am not a security expert, but I went through the draft and tried to understand, in order to provide some feedback.

Feel free to ignore them, if you find them inappropriate.

1) the abstract should be re-worded. I would expose the topic in a more general way (in order to be comprehensible for everyone) and then, refer to the specific algorithm PANA.

2) I would add a reference to Metcalf's law in the Intro.

3) Assuming that we are not all familiar with PANA (sorry for that!), I would provide a short description of the protocol. You may add it in the appendix, as we did for instance in the Watteyne-lln-tsch draft, for describing TSCH. Or you can add more information in Sec. 5.1, where you present PANA as a Phase-1 KMP candidate.
In both cases, everyone by reading your draft will have an almost complete view of the security framework you are suggesting.

4)  For the acronyms, we may add all of them in the terminology draft. In this way you should just refer to it, without any need to specify them again. @Pascal/Thomas: what do you think?
Or if you are using PANA notation, you may also refer to it.

5) I have hard time while reading Phase-1. It seems that includes Phase-1 credentials and a Phase-1 KMP. Is it correct? Then, It is not clear in which order these two steps are executed.
<<An authentication and key establishment  protocol called a Phase-1 KMP is conducted between the node and  the authentication server using Phase-1 credentials.>> From this sentence, it seems the sequence is Phase-1 credentials -> Phase-1 KMP <<Both symmetric and asymmetric key credentials can be used as Phase-1 credentials.  A symmetric key that is established as a result of successful Phase-1 KMP ....>> From this other sentence, it seems that the sequence is Phase-1 KMP - > is Phase-1 credentials. It seems to be confirmed also in the Example provided at page 6.
Maybe it is me missing something...
If you agree, I would suggest to revise a bit the description, clarifying such concept, and explaining them in the same order of their actual execution.

6) Typos:
- Initially all nodes but Node A - > I guess you didn't mean BUT
- we focus on Phase-2 KMP requirements in the next seciton. - > section
- PANA [RFC5191] is the Phase-1 KMP candidate since it supports mutual    authenticatio -> authentication
- IEEE 802.15.4 -> IEEE802.15.4 (without space)

6) In sec. 6 when talking about EB, you may add a reference to Watteyne-draft, where a description of EB is provided.


Best Regards,
Maria Rita


-----Original Message-----
From: 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] On Behalf Of yoshihiro.ohba@toshiba.co.jp
Sent: Monday, June 24, 2013 4:10 AM
To: 6tsch@ietf.org
Subject: [6tsch] draft-ohba-6tsch-security-00

6tsch-security draft has been submitted to IETF:

http://tools.ietf.org/html/draft-ohba-6tsch-security-00

Regards,
Yoshihiro Ohba

_______________________________________________
6tsch mailing list
6tsch@ietf.org
https://www.ietf.org/mailman/listinfo/6tsch
_______________________________________________
6tsch mailing list
6tsch@ietf.org
https://www.ietf.org/mailman/listinfo/6tsch

_______________________________________________
6tsch mailing list
6tsch@ietf.org
https://www.ietf.org/mailman/listinfo/6tsch

v2.23.0 | Report a Bug | By Email