IETF Logo Mail Archive

Re: [Ace] Summary of ACE Group Communication Security Discussion

kathleen.moriarty.ietf@gmail.com Mon, 26 September 2016 18:49 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57CAE12B202 for <ace@ietfa.amsl.com>; Mon, 26 Sep 2016 11:49:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0-JUVTPeqrRx for <ace@ietfa.amsl.com>; Mon, 26 Sep 2016 11:49:02 -0700 (PDT)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB37012B004 for <ace@ietf.org>; Mon, 26 Sep 2016 11:49:01 -0700 (PDT)
Received: by mail-qk0-x234.google.com with SMTP id t7so175772757qkh.2 for <ace@ietf.org>; Mon, 26 Sep 2016 11:49:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=M3YFjrgJUcDHNJoHNDfs5aFUWD5UGq7OLQ2RDdYMXFA=; b=Jm75YNhb/82StGOJ7fzH0tH4ZsTEJLmTp96iKACKHaFVu2kOsh3iE9JNVnqfKe5M62 S+zSm2hmOB5iDnm0bPjGpivut4OMoHH5/uGRNGHKb9nzDAA2tpCjz31JakcTamfn7aUG phr7ZoI0xuNm+BIzgjsPnI470FriBDsbHJkBHQMRA2NWlSrGfROTgaU2RvZBgYI2X8jM MZ6sHb1Wx6DKxXc6e9sl1kGGFRYVuRz8gPbqPjd9UqHT9lVmbt883ffstO2kQTaI2igv zvN0dQO3GJHhQO4XFjN76ewFyBOkyxGEcKQz59aKBNVYJ1IH0XgM/WLiTmd0585Y4zai tgeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=M3YFjrgJUcDHNJoHNDfs5aFUWD5UGq7OLQ2RDdYMXFA=; b=Acg5XAZDDlVhLa5G2LmT7uT713A8Y1BCUu1jrmJ49xx7Fup0l0NEDw+ZFp2sSZq+wX ek3aLEq3O8dZwmpleTdX8hdcQutUTJ/23Of2EHLxOEylr577bqykSi2RzkKajPiumNHG 5TAtvJhtXlhzcO99NmtnjhUAjBraeKnHm8Gej0RjyM8SxK4hZUQ1n1pIc1nu+mA/VAnJ TXQY3skrkrmyWmYsP/O0azqZzxGVZT/vfXdoatZqzxZ1M2ZvXIfJnv6W/Yn9cAdKJ3Vs D5QSrTrZAhdq5xgiR3+uowIb4j+8Qb7jiXW3vkY/wFsYpc4Ad6WlBOk7x5DSHaDt/xV7 Nufw==
X-Gm-Message-State: AA6/9RnmlzCL3jkweVSB3yscKCU+oal0k3UBxRh8QJ+ZnvzeVOsY3kAeaC8RNckXnItz2A==
X-Received: by 10.55.143.134 with SMTP id r128mr24027346qkd.161.1474915740787; Mon, 26 Sep 2016 11:49:00 -0700 (PDT)
Received: from [192.168.1.8] (209-6-124-204.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.124.204]) by smtp.gmail.com with ESMTPSA id p124sm12259992qkd.40.2016.09.26.11.48.59 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Sep 2016 11:48:59 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: kathleen.moriarty.ietf@gmail.com
X-Mailer: iPhone Mail (13G36)
In-Reply-To: <27af5f67-29d4-9f53-312f-31855603d451@comcast.net>
Date: Mon, 26 Sep 2016 14:48:58 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <8282E3CE-A603-4CFF-A62F-41350FB826B2@gmail.com>
References: <D40F1535.451DD%kepeng.lkp@alibaba-inc.com> <1cc7f243-e7f7-6ec5-7140-88c74853dc34@gmx.net> <04FDEBEF-68CF-4DC6-B760-4DFB1B87D22C@gmail.com> <b69552fc-97c1-bc8f-6282-c3d42bf081c0@comcast.net> <AC7F51E1-E2D0-482D-8A88-F99AAB35163F@gmail.com> <27af5f67-29d4-9f53-312f-31855603d451@comcast.net>
To: Michael StJohns <mstjohns@comcast.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Len1TVPD6w-H-Mh0Q57YEqesGBk>
Cc: ace@ietf.org
Subject: Re: [Ace] Summary of ACE Group Communication Security Discussion
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2016 18:49:04 -0000


Please excuse typos, sent from handheld device 

> On Sep 26, 2016, at 1:17 PM, Michael StJohns <mstjohns@comcast.net> wrote:
> 
>> On 9/26/2016 12:31 PM, kathleen.moriarty.ietf@gmail.com wrote:
>> This time as AD.
>> 
>> Please excuse typos, sent from handheld device
>> 
>>>> On Sep 26, 2016, at 11:41 AM, Michael StJohns <mstjohns@comcast.net> wrote:
>>>> 
>>>> On 9/26/2016 8:30 AM, kathleen.moriarty.ietf@gmail.com wrote:
>>>> Without a hat on, you can add my support to Abhinav's proposal.  Perfect is ideal, but you often can not make any progress if you accept nothing less.  The security considerations section will have to be thorough.
>>> Hi Kathleen et al -
>>> 
>>> To attain "rough consensus", RFC 7282 requires that "all issues be addressed" even if not all issues are accommodated.  So far the basic issues of "this is unsafe as a mechanism for 'securing' a control protocol" or even "how the heck do we keep this off the broader internet" have not been addressed.
>> This can be addressed in a draft security considerations.  The scope can be made applicable to what's needed to constrain its use.
> 
> With respect - no.  The issue is with respect to the discussion of whether or not to adopt this as a WG item.  To "address" the issue, there has to be an offer of proof that someone actually knows how to address it  - BEFORE the item is adopted.   I may have missed that offer of proof, but I don't think so.
> 
> You're suggesting that the way of addressing this is to ignore the issues, adopt it the work item, and at some far distant future point make sure there is a security considerations section that says something that might or might not be meaningful.   "I will gladly pay you Tuesday for a hamburger today" - J Wellington Wimpy.
> 
> An interesting approach, but probably not in keeping with correct process.

No Mike, that's not what I said.  Please let the chairs do their job and let's see what they come back with.  Your points may be addressed in their response.

If adopted, it is fully recognized that there are security issues and that will need to be addressed.  The chairs are working on this adoption call and your points are in consideration.  There is a real problem to be solved and if it's not perfect, and has some security holes, that will be stated clearly.  It is okay to have an imperfect solution.

Kathleen 

> 
>> 
>> The chairs haven't put out a decision and your concerns have been heard.  They are working to assess consensus.
> 
> The counter point to my concerns being heard is them being "addressed" as part of assessing consensus.  It says so right there in RFC 7282.
> 
> Later, Mike
> 
>> 
>> Best regards,
>> Kathleen
>> 
>>> I once again suggest that the lighting folk go off and write something that they implement as a group, and bring it back to the IETF as an informational "here's how we did it" document, rather than adopting this as a WG item.  The ONLY thing that even argues for considering symmetric key multicast (vice asymmetric key multicast) is the latency claims for lighting.  I haven't yet heard of another use case with the particular combination of cheapness and latency of lighting which would suggest this particular combination is useful elsewhere.
>>> 
>>> With respect to Abhinav's proposal, we've already got several group key manager systems - we don't actually use any of them for control systems, and you might want to inquire as to the reason. [RFC2093,2094] [RFC4046] [RFC4535]
>>> 
>>> With respect to Eliot's comment, it doesn't really matter if the key management protocol is asymmetric if the multicast session keys are symmetric and used for control.  The analysis of this can pretty much ignore the key management piece and start with 100 controllers and 1000 actuators with pre-shared keys to consider the threat and mitigation models. Which analysis - AFAICT - no one has actually done.  Basically, if you can't secure this 100/1000 system  and keep it secure with respect to control functions, I would argue that the rest of it (e.g. key management) is meaningless window dressing.
>>> 
>>> Later, Mike
>>> 
>>> ps - do you *really* want to reinvent SCADA and all its security issues?
>>> 
>>>> Kathleen
>>>> 
>>>> Please excuse typos, sent from handheld device
>>>> 
>>>>> On Sep 26, 2016, at 7:11 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
>>>>> 
>>>>> I noticed that Eliot also expressed support for the approach presented by Abhinav, see https://mailarchive.ietf.org/arch/msg/ace/ctCtj9QT0WwBDki7vxgVeYVzFaI
>>>>> 
>>>>> Ciao
>>>>> Hannes
>>>>> 
>>>>>> On 09/26/2016 07:11 PM, Kepeng Li wrote:
>>>>>> Hi all,
>>>>>> 
>>>>>> 
>>>>>> We went through all email exchanges again in order to see where we are.
>>>>>> Abhinav also proposed a way forward in his email to the list,
>>>>>> see https://www.ietf.org/mail-archive/web/ace/current/msg01961.html,
>>>>>> where he proposed to standardize a solution based on public key as well
>>>>>> as symmetric key cryptography.
>>>>>> 
>>>>>> 
>>>>>> Here is our impression of the views presented by various people.
>>>>>> 
>>>>>> 
>>>>>> Mike seems to think the only acceptable solution is to use messages
>>>>>> signed using public key crypto and is strongly against working on a
>>>>>> symmetric key group communication protocol.
>>>>>> 
>>>>>> 
>>>>>> Paul Duffy and Michael Richardson are in favor of defining a public key
>>>>>> crypto solution but it is not clear whether they are against specifying
>>>>>> a symmetric key solution as well.
>>>>>> 
>>>>>> 
>>>>>> Walter, Abhinav, Sandeep, Hannes are in favor of working on a symmetric
>>>>>> key group communication security protocols (as co-authors of the work).
>>>>>> Oscar Garcia (Philips) is also in favor of the work.
>>>>>> 
>>>>>> 
>>>>>> In this mail to the list,
>>>>>> see https://www.ietf.org/mail-archive/web/ace/current/msg01931.html,
>>>>>> Robert Cragie (ARM) expressed a view that public key crypto is the
>>>>>> preferred solution but others based on symmetric crypto are still worthy
>>>>>> of consideration.
>>>>>> 
>>>>>> 
>>>>>> Markus Grunwald (Osram) also appears to be in favor of the proposed
>>>>>> approach, see
>>>>>> 
>>>>>> https://www.ietf.org/mail-archive/web/ace/current/msg01932.html
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Akbar Rahman also seems to be in favor of working on a group
>>>>>> communication security protocol, see
>>>>>> 
>>>>>> https://www.ietf.org/mail-archive/web/ace/current/msg01873.html
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Ned Smith also seems to be in favor of working on a group communication
>>>>>> security protocol, as expressed in his mail to the list:
>>>>>> 
>>>>>> https://www.ietf.org/mail-archive/web/ace/current/msg01872.html
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> The opinion of the following persons in the discussion appear unclear to me:
>>>>>> 
>>>>>> - Mohit Sethi
>>>>>> 
>>>>>> - Ludwig Seitz
>>>>>> 
>>>>>> - Carsten Bormann
>>>>>> 
>>>>>> - Stephen Farrell
>>>>>> 
>>>>>> - Jim Schaad (offered clarifications regarding the use of COSE)
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Pascal Urien and Rene Struik provided performance data but they didn't
>>>>>> appear to have expressed a strong view about the question regarding
>>>>>> symmetric vs. asymmetric crypto for group communication security.
>>>>>> 
>>>>>> Derek Atkins offered performance data for public key crypto but refers
>>>>>> to new techniques (rather than RSA/ECC).
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Please correct us if we are wrong in our interpretation of your mail
>>>>>> postings.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Ciao
>>>>>> 
>>>>>> Hannes & Kepeng
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Ace mailing list
>>>>>> Ace@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/ace
>>>> _______________________________________________
>>>> Ace mailing list
>>>> Ace@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/ace
>>> 
>>> _______________________________________________
>>> Ace mailing list
>>> Ace@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ace
> 
>

v2.23.0 | Report a Bug | By Email