Re: [Ace] New Version Notification for draft-navas-ace-secure-time-synchronization-00.txt
Randy Presuhn <randy_presuhn@alumni.stanford.edu> Tue, 01 November 2016 18:10 UTC
Return-Path: <randy_presuhn@alumni.stanford.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59A6C1296BA for <ace@ietfa.amsl.com>; Tue, 1 Nov 2016 11:10:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id em8xcN2z4kx1 for <ace@ietfa.amsl.com>; Tue, 1 Nov 2016 11:10:37 -0700 (PDT)
Received: from mail-pf0-f176.google.com (mail-pf0-f176.google.com [209.85.192.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 253A91294DA for <ace@ietf.org>; Tue, 1 Nov 2016 11:10:37 -0700 (PDT)
Received: by mail-pf0-f176.google.com with SMTP id d2so24015408pfd.0 for <ace@ietf.org>; Tue, 01 Nov 2016 11:10:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=UHQ+1qqTEGw+XD1yYXCMIVc475Q9xV8+6+MEkDxMgqg=; b=e2r4CW4rxcUjkf243uqGeZm6gou4d0X/pCFCxFos/LizQBphVxS+fsDzlVTznX5S42 wCn5E2CUm9UvRtpVjKxLdf2nX+QbALpEr6N3MAafOBywaok4TF8XZyBdGBKNSyK6XHcJ NJ0FSRNCLHmhnmgkZjs2nBL/WJ9E0QCEkXHJm3GiisAZwQgjk4NMaRY2Y8mcKFBf+oXq LTEMImneXK5lmet1fwyJhwYiIn7GUPCIB+aXRbGNYtUFbKBi63tC3cc4cY62D2RqGUr2 QmWraGl10My+2Pwgl4SW6f5J14npWGAVxEtPqYSYYX7TFJZRkDooALPNWHhXNFNr7JDo XT9Q==
X-Gm-Message-State: ABUngveiXv9JnGycTmv9giUu9Su+ehRsJwu6AvU/y3w4/pmbdY7Ir+c++GYBTo4XDliw1ZwU
X-Received: by 10.98.213.7 with SMTP id d7mr36348841pfg.3.1478023836172; Tue, 01 Nov 2016 11:10:36 -0700 (PDT)
Received: from [192.168.1.101] (c-67-164-110-148.hsd1.ca.comcast.net. [67.164.110.148]) by smtp.gmail.com with ESMTPSA id xk6sm43770372pab.26.2016.11.01.11.10.35 for <ace@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Nov 2016 11:10:35 -0700 (PDT)
To: ace@ietf.org
References: <CAD2CPUHYGqgzjK7OkC5oc5cSZUKYQP=m=-SuJ1+u20rustCTOw@mail.gmail.com> <a6f70376-ba13-b6ed-4275-7544608655be@alumni.stanford.edu> <e9bfb72e-9283-1ab4-284d-89ae64de0193@sics.se>
From: Randy Presuhn <randy_presuhn@alumni.stanford.edu>
Message-ID: <2af41a57-c8df-dac1-a008-6a05d6b2a9c2@alumni.stanford.edu>
Date: Tue, 01 Nov 2016 11:10:36 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <e9bfb72e-9283-1ab4-284d-89ae64de0193@sics.se>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/D1uFp2jkG3Ozpor_FgTKip8Wft4>
Subject: Re: [Ace] New Version Notification for draft-navas-ace-secure-time-synchronization-00.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 18:10:38 -0000
Hi - On 10/31/2016 11:45 PM, Ludwig Seitz wrote: > On 2016-11-01 01:41, Randy Presuhn wrote: >> Hi - >> >> >> On 10/31/2016 7:25 AM, Renzo Navas wrote: >> ... >>> The need for a secure source of time is getting clearer on ACE (either >>> that, or mechanisms to assure freshness of each transaction), and we >>> hope that with this protocol we are giving the first step to come up >>> with a constrained-resource friendly solution. >> ... >> >> Along the way to SNMPv3, we learned that a full-blown time >> protocol isn't actually necessary to provide authentication, >> timeliness, replay protection, etc. See RFC 3414 for details >> on how to get these properties cheaply, both from protocol >> overhead and processing perspectives. >> >> Randy >> > > Does your "etc" include expiration of access tokens? The standard access control model (VACM, RFC 3415) does not rely on "access tokens" - what is (and is not) allowed is determined the currently configured permissions on the system whose information is being accessed / modified / published, and the authenticated identity of the user/entity to which the information is being delivered or by which it is being modified. This may or may not meet your needs. The SNMP design was driven in part by a requirement for things to work correctly even when large portions of the internet infrastructure (such as NTP, PKI, DNS, etc.) were malfunctioning, broken, or under attack, and to work on systems with minimal (from the perspective of the late 1980s and extending into the 1990s) capabilities. Again, this might not be necessary here. It does seem, however, that what seems like a shortcut here or there can have large impacts on the ultimate complexity and technology footprint of a design... Randy
- [Ace] New Version Notification for draft-navas-ac… Renzo Navas
- Re: [Ace] New Version Notification for draft-nava… Randy Presuhn
- Re: [Ace] New Version Notification for draft-nava… Ludwig Seitz
- Re: [Ace] New Version Notification for draft-nava… Randy Presuhn
- Re: [Ace] New Version Notification for draft-nava… Renzo Navas