Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
Eliot Lear <lear@cisco.com> Thu, 21 July 2016 12:55 UTC
Return-Path: <lear@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F70A12DA61 for <ace@ietfa.amsl.com>; Thu, 21 Jul 2016 05:55:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.808
X-Spam-Level:
X-Spam-Status: No, score=-15.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkyQuvl9A5wD for <ace@ietfa.amsl.com>; Thu, 21 Jul 2016 05:55:49 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D65312DA53 for <Ace@ietf.org>; Thu, 21 Jul 2016 05:55:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4786; q=dns/txt; s=iport; t=1469105749; x=1470315349; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=+U2aEHZYe+BPcf9kCTp54bt7+yGnCLjiXP79awXU6jI=; b=LpUvjEzNPc6R9G3d1DemEkjB7ZdKppfaCiTWFLXZ2b9rGxPD+ue36jM+ cTMuNrHWRMLvcKD8n8OblxR4C0fC6QTwQc2i7HeVAkuRsfdJyIoBDorOs O2AKPkQLBvRZUSqouVr54nxIGuwvtTeg3BWXKxqDIori3B4chm1u2zeyn 0=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BFDgCmxZBX/xbLJq1dDoQxuzKGGgKBaRABAQEBAQEBZSeEXQEFI2YLGCoCAlcGAQwIAQEQB4gVryyNagEBAQEBAQEDAQEBAQEBARIOiCIIgk2HQYJaAQSODIsagziBcIlDiVKFaJAhNR+CCxyBET06iAABAQE
X-IronPort-AV: E=Sophos;i="5.28,399,1464652800"; d="asc'?scan'208";a="635928025"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Jul 2016 12:55:47 +0000
Received: from [10.61.202.183] ([10.61.202.183]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id u6LCtkWN022180; Thu, 21 Jul 2016 12:55:46 GMT
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Thomas Hardjono <hardjono@mit.edu>, "Ace@ietf.org" <Ace@ietf.org>
References: <578F4D59.8050005@gmx.net> <5E393DF26B791A428E5F003BB6C5342AB3716D64@OC11EXPO33.exchange.mit.edu> <578FFB79.6080101@gmx.net>
From: Eliot Lear <lear@cisco.com>
Message-ID: <65d0cd48-115d-0186-7cf4-a29a8c9a5133@cisco.com>
Date: Thu, 21 Jul 2016 14:55:45 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <578FFB79.6080101@gmx.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="s0DbuOxmrV3c45kvb6f3GkaePxcghvtWQ"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/5DCR_IifVuyh782kXAxtC1O2FPk>
Subject: Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2016 12:55:51 -0000
Hi Hannes, On 7/21/16 12:30 AM, Hannes Tschofenig wrote: > Hi Thomas, > > thanks for the response. > > > On 07/21/2016 12:05 AM, Thomas Hardjono wrote: >> Generally I'm in support of any efforts to secure multicast messaging for IoT >> applications However, I have some concerns about the ACE WG: >> >> (a) Mixing authorization with key management: authorization and key-management >> are separate functions, so they need separate specs. > This is probably a document management aspect and from a protocol point > of view there are indeed certain areas where authorization can separated > from the key distribution. > > For example, separating the aspect where permissions are granted to > access a specific resource are separately from key distribution. +1. > >> >> (b) Application-independent key management: a good key management protocol >> should be deployable for a reasonably broad set of applications area >> (including Consumer IoT and Industrial IoT). >> >> So while its useful to have a solution for lighting application, it remains to >> be seen if the solution works for other applications. > We have been looking at other application domains outside lighting as > well but so far what we have are several companies interested from the > lighting community asking for a specification. If there are other use > cases as well then I am sure the group is interested to hear about them. Somebody has to be first. Others should step forward. > >> >> (c) ACE WG work-pace: The ACE use-cases document took over a year to finish, >> with numerous argumentative & boring emails (I'm not going to name names). >> Sigh. If it takes over 1 year just to agree on use-cases, I can't imagine how >> long it will take to complete an IoT secure multicast key management protocol. >> Double sigh. > Yes, that's indeed a fair concern. I am also worried about the speed. Yes, but this is not a reason to not adopt a document. It's a reason to have editors and chairs who can move the ball. What is a reason is the above and below. > >> >> (d) Reinventing stuff: The IETF did have a secure multicast WG that produced >> a lot of drafts and some RFCs, notably RFC 3740 and RFC3547 (RFC6407). There's >> product out there implementing these already. > Re-using work sounds useful. > >> There's also a draft in DICE on multicast for DTLS (not sure what happened to >> it). > The DTLS multipath was discontinued. Instead, the current approach is to > work on an application layer layer multicast security solution. > >> There is the Fluffy draft, but so far the ACE WG has not been very interested >> in it. > The group decided to go for an OAuth-based approach in ACE but there are > certainly multicast security aspects in the Fluffy draft that should be > explored IMHO. > >> >> (e) Re-chartering: Will the ACE WG need rechartering and how long. > The ACE group needs to be re-chartered to work on low latency group > communication security. Whether this happens at all depends on the > outcome of this discussion. > Fair. Eliot
- Re: [Ace] Adoption of Low Latency Group Communica… Rene Struik
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Stephen Farrell
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Derek Atkins
- Re: [Ace] Adoption of Low Latency Group Communica… Jim Schaad
- Re: [Ace] Adoption of Low Latency Group Communica… Ludwig Seitz
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Michael Richardson
- Re: [Ace] Adoption of Low Latency Group Communica… Michael Richardson
- Re: [Ace] Adoption of Low Latency Group Communica… Hannes Tschofenig
- Re: [Ace] Adoption of Low Latency Group Communica… Thomas Hardjono
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Rahman, Akbar
- Re: [Ace] Adoption of Low Latency Group Communica… Smith, Ned
- [Ace] Adoption of Low Latency Group Communication… Hannes Tschofenig
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Robert Cragie
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Grunwald, Markus
- Re: [Ace] Adoption of Low Latency Group Communica… Robert Cragie
- Re: [Ace] Adoption of Low Latency Group Communica… Garcia Morchon O, Oscar
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Carsten Bormann
- Re: [Ace] Adoption of Low Latency Group Communica… Ludwig Seitz