IETF Logo Mail Archive

Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace-usecases-09: (with COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 26 October 2015 12:53 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8DC51B2E1B for <ace@ietfa.amsl.com>; Mon, 26 Oct 2015 05:53:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJBCe358Kpxa for <ace@ietfa.amsl.com>; Mon, 26 Oct 2015 05:53:45 -0700 (PDT)
Received: from mail-qg0-x22b.google.com (mail-qg0-x22b.google.com [IPv6:2607:f8b0:400d:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90D8C1B2E16 for <ace@ietf.org>; Mon, 26 Oct 2015 05:53:45 -0700 (PDT)
Received: by qgeo38 with SMTP id o38so118597497qge.0 for <ace@ietf.org>; Mon, 26 Oct 2015 05:53:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=WpQbLtIYUyzq7BzIU9/bkKe4zes/CPIPHFfaUrj1W7c=; b=EBhqJYvf4CW6HZl0hVWwQDa1Lfwr1NgIKnY26ZoTzxtaidd9qQT67krMl/EHKME1R1 3XiLE/XyuAZ9QcLNRWMARUKAIjNCxPHFT+3MwLEaQyCl8yZWmsQoSchbvHhGTOMgq9cu +xoAnv7pqf2jRoZEH5mFCgkz5XkvjxoQZ/TwTYN1xVr1/wxwFDOLpfwfgI0GqV1KSGQr YDO1/FqvL7UwVns1+LlJ7dPGpWDfE9lO/rwN7IN7lCAyYWLcYDozNopJ9YXCeHXZ1FXU dlEXfdx6WyZBDyMxLQh8Sm6BDj2l2RHzqctow0nX0KObARzeCtPSA4w7RNmR0pXCW4ul SQwg==
X-Received: by 10.140.194.8 with SMTP id p8mr45100486qha.63.1445864024721; Mon, 26 Oct 2015 05:53:44 -0700 (PDT)
Received: from [10.186.122.192] (mobile-166-171-187-116.mycingular.net. [166.171.187.116]) by smtp.gmail.com with ESMTPSA id 22sm683400qhq.39.2015.10.26.05.53.43 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 26 Oct 2015 05:53:43 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <562DD8C2.3020508@sics.se>
Date: Mon, 26 Oct 2015 08:53:42 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <4E22F8C6-5C2E-4E31-96D4-2D9DC1D5B2D7@gmail.com>
References: <20151022132903.23826.2689.idtracker@ietfa.amsl.com> <5629EA01.6020506@sics.se> <5629EED2.5080005@cs.tcd.ie> <CAHbuEH6LNA6XaY8kUkZZ20A+Jc2V4SWriDajuZOkxq2JFuZX0Q@mail.gmail.com> <562A3647.3030101@sics.se> <562A4B07.9080305@tzi.de> <6E79B71B-FBE1-4FB6-B9B9-16E6C44C67BA@gmail.com> <562DD8C2.3020508@sics.se>
To: Ludwig Seitz <ludwig@sics.se>
Archived-At: <http://mailarchive.ietf.org/arch/msg/ace/K24__mu64SUFyQfqRMTUTlPY6_Y>
Cc: Stefanie Gerdes <gerdes@tzi.de>, "ace@ietf.org" <ace@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace-usecases-09: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2015 12:53:51 -0000

Yes, it should be both.

Thanks,
Kathleen 

Sent from my iPhone

> On Oct 26, 2015, at 3:39 AM, Ludwig Seitz <ludwig@sics.se> wrote:
> 
>> On 2015-10-23 17:21, Kathleen Moriarty wrote:
>> 
>> 
>> Sent from my iPhone
>> 
>>> On Oct 23, 2015, at 10:58 AM, Stefanie Gerdes <gerdes@tzi.de>
>>> wrote:
>>> 
>>> Hi all,
>>> 
>>>>>> 1. Software update is really needed and often missing and
>>>>>> usually hard. There's at least a need to authenticate and
>>>>>> authorize new firmware, when there is any update. That may
>>>>>> not be the same as authorizing a new config.
>>>> 
>>>> 
>>>> Isn't this covered in section 2.4.1.3. ?
>>>> 
>>>> "At some point the facility management company wants to update
>>>> the firmware of lighting devices in order to eliminate software
>>>> bugs. Before accepting the new firmware, each device checks the
>>>> authorization of the facility management company to perform this
>>>> update."
>>>> 
>>>> There is simply not a specific authorization problem listed for
>>>> this, I could argue that it is subsumed under U4.4 but if you
>>>> think it deserves specific mention under the problems section I
>>>> can live with adding a point.
>>> 
>>> I think adding a point in 2.4.3 is a good idea. We could also add
>>> an item to 3.3 that emphasizes the problem.
>> 
>> Great, I think adding a point would be helpful.  You'd be
>> authenticating the device to receive the update preventing fraud,
>> which is different from the existing point referenced.
> 
> Hello Kathleen,
> 
> I'm a bit puzzled by this last sentence. That is not at all how I read Stephen's comment, which was, in my understanding, all about authenticating and authorizing the software update, not the receiver of the update.
> 
> Now obviously, authenticating the receiver of a software update is not a bad idea either, but do you think this also requires specific mention?
> 
> /Ludwig
> 
> 
> -- 
> Ludwig Seitz, PhD
> SICS Swedish ICT AB
> Ideon Science Park
> Building Beta 2
> Scheelevägen 17
> SE-223 70 Lund
> 
> Phone +46(0)70-349 92 51
> http://www.sics.se
>

v2.23.0 | Report a Bug | By Email