IETF Logo Mail Archive

Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE

Thomas Hardjono <hardjono@mit.edu> Wed, 20 July 2016 22:06 UTC

Return-Path: <hardjono@mit.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF78F12D8A0 for <ace@ietfa.amsl.com>; Wed, 20 Jul 2016 15:06:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.508
X-Spam-Level:
X-Spam-Status: No, score=-5.508 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jJqcK2Qr8fbn for <ace@ietfa.amsl.com>; Wed, 20 Jul 2016 15:05:58 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B08912D897 for <Ace@ietf.org>; Wed, 20 Jul 2016 15:05:58 -0700 (PDT)
X-AuditID: 12074424-7e7ff7000000175d-15-578ff5c43913
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 20.1D.05981.4C5FF875; Wed, 20 Jul 2016 18:05:57 -0400 (EDT)
Received: from outgoing-exchange-1.mit.edu (outgoing-exchange-1.mit.edu [18.9.28.15]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id u6KM5uEi017598; Wed, 20 Jul 2016 18:05:56 -0400
Received: from W92EXEDGE5.EXCHANGE.MIT.EDU (w92exedge5.exchange.mit.edu [18.7.73.22]) by outgoing-exchange-1.mit.edu (8.13.8/8.12.4) with ESMTP id u6KM5tiL010363; Wed, 20 Jul 2016 18:05:55 -0400
Received: from OC11EXCAS21.exchange.mit.edu (18.9.1.46) by W92EXEDGE5.EXCHANGE.MIT.EDU (18.7.73.22) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 20 Jul 2016 18:05:33 -0400
Received: from OC11EXPO33.exchange.mit.edu ([169.254.1.39]) by OC11EXCAS21.exchange.mit.edu ([18.9.1.46]) with mapi id 14.03.0235.001; Wed, 20 Jul 2016 18:05:54 -0400
From: Thomas Hardjono <hardjono@mit.edu>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "Ace@ietf.org" <Ace@ietf.org>
Thread-Topic: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
Thread-Index: AQHR4m6ES9KHFT09YEmIux7YpQeFR6Ah11qw
Date: Wed, 20 Jul 2016 22:05:54 +0000
Message-ID: <5E393DF26B791A428E5F003BB6C5342AB3716D64@OC11EXPO33.exchange.mit.edu>
References: <578F4D59.8050005@gmx.net>
In-Reply-To: <578F4D59.8050005@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [173.38.117.69]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0000_01D1E2B1.590F9FE0"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPKsWRmVeSWpSXmKPExsUixCmqrHv0a3+4wd9+Tovv33qYLZbuvMfq wOSxeNN+No8lS34yBTBFcdmkpOZklqUW6dslcGWcWN7CWnDCr+L4rnbmBsbJnl2MnBwSAiYS b442MHYxcnEICbQxSbRe6WKDcA4wSvx/cJ8VwjnGKNG24BqUs51R4vjmLVDOKkaJ5d/msYIM YxPQkGj70csOYosIREtMvDCPBcQWFgiV+L/tGVCcAygeJnH2YRZEiZHEzKcTwcpZBFQlNjQ8 ZQIp4RUIkmhssQcJCwmoSRy+s5sRxOYUUJdobl/PBGIzCohJfD+1BsxmFhCXuPVkPhPEOyIS Dy+eZoOwxST+7XoIZStKtMzbDvYms0Avo8SNKY/BhvIKCEqcnPmEZQKj2Cwks2Yhq5uFpA6i SFvi6c2nULa8xPa3c5ghbGuJGb8OskHYihJTuh+yQ9imEq+PfmRcwMixilE2JbdKNzcxM6c4 NVm3ODkxLy+1SNdcLzezRC81pXQTIyhu2V1UdjB293gfYhTgYFTi4U1Y2R8uxJpYVlyZe4hR koNJSZT3zCWgEF9SfkplRmJxRnxRaU5q8SFGFaBdjzasvsAoxZKXn5eqJMKb/Q6ojjclsbIq tSgfpkyag0VJnHf7t/ZwIYH0xJLU7NTUgtQimKwMB4eSBG/6F6BGwaLU9NSKtMycEoQ0Ewfn IUYJDh6g4RNBaniLCxJzizPTIfKnGBWlxHlDQBICIImM0jy4XnC6ZfcUe8UoDvSWMO9JkCoe YKqG634FNJgJaPAcAbDBJYkIKakGRmnjoJ+WCvOEHl8r/bwvL3AZt/Wzv5dL+r1FRS+0XH78 /faD/ftdD+76/CNlzdpp066eyjqfNC9pVexmobwW3YPXY/s6Dc+e+Nmx5V5vqN0Dz9c3TrFV 2oucelNw76XrmRXat6/95pzudCtS5X+Y9pmGtk0B9X03+ycxTSsq//hj1bn0Cd9NW0yVWIoz Eg21mIuKEwGngjfjkgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/DPn5iQbBqEgablorAlNFVBWHiT0>
Subject: Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 22:06:00 -0000

Generally I'm in support of any efforts to secure multicast messaging for IoT 
applications However, I have some concerns about the ACE WG:

(a) Mixing authorization with key management: authorization and key-management 
are separate functions, so they need separate specs.


(b) Application-independent key management: a good key management protocol 
should be deployable for a reasonably broad set of applications area 
(including Consumer IoT and Industrial IoT).

So while its useful to have a solution for lighting application, it remains to 
be seen if the solution works for other applications.


(c) ACE WG work-pace:  The ACE use-cases document took over a year to finish, 
with numerous argumentative & boring emails (I'm not going to name names). 
Sigh. If it takes over 1 year just to agree on use-cases, I can't imagine how 
long it will take to complete an IoT secure multicast key management protocol. 
Double sigh.


(d) Reinventing stuff:  The IETF did have a secure multicast WG that produced 
a lot of drafts and some RFCs, notably RFC 3740 and RFC3547 (RFC6407). There's 
product out there implementing these already.

There's also a draft in DICE on multicast for DTLS (not sure what happened to 
it).

There is the Fluffy draft, but so far the ACE WG has not been very interested 
in it.


(e) Re-chartering:  Will the ACE WG need rechartering and how long.



/thomas/




------------------------------------------


>>> -----Original Message-----
>>> From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>>> Sent: Wednesday, July 20, 2016 6:07 AM
>>> To: Ace@ietf.org
>>> Subject: [Ace] Adoption of Low Latency Group Communication Security Work 
>>> in
>>> ACE
>>>
>>> Hi all,
>>>
>>> at the ACE meeting today I asked the participants whether they are in 
>>> favor
>>> of adding low latency group communication security work in the ACE group.
>>>
>>> 20 persons were in favor of doing the work.
>>>
>>> 5 people argued against doing this work.
>>>
>>> If you haven't been at the meeting please contribute your thoughts here on
>>> the list. If you believe you do not have enough information please also
>>> speak up.
>>>
>>> Ciao
>>> Hannes

v2.23.0 | Report a Bug | By Email