Re: [Ace] Summary of ACE Group Communication Security Discussion

Eliot Lear <> Mon, 26 September 2016 11:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CAAD512B13E for <>; Mon, 26 Sep 2016 04:04:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -16.837
X-Spam-Status: No, score=-16.837 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.316, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dSZiAlBx6diQ for <>; Mon, 26 Sep 2016 04:04:47 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 033C712B13B for <>; Mon, 26 Sep 2016 04:04:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=19772; q=dns/txt; s=iport; t=1474887887; x=1476097487; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=IJt6HIqcYEbD7GgxKvdtBtW4jcLmM/4yHW+QkA1ImBs=; b=Bdm8fAGp3Hz/xrOw0wWtz14jPrsTGyUJM3TIrmr5mHTTuoXHpleJt0Hb 2XggiFH0FSkGxF2GiFpXyU7dEb3isQZCQRkAl/hwd5UtMFv4YK1G+msF3 RobXq3AIDDxWQJ92JFWDpquqhvQqtOyEKZz5vTFRd4PAuq3aaj19fpsTW M=;
X-Files: signature.asc, signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.30,399,1470700800"; d="asc'?scan'208,217";a="688515065"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2016 11:04:44 +0000
Received: from [] ([]) by (8.14.5/8.14.5) with ESMTP id u8QB4iMq030399; Mon, 26 Sep 2016 11:04:44 GMT
To: Kepeng Li <>, ace <>
References: <>
From: Eliot Lear <>
Message-ID: <>
Date: Mon, 26 Sep 2016 13:04:43 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="iRmT3dV6d2kfpcgCEQLNWefGAauVdWKeR"
Archived-At: <>
Cc: Kathleen Moriarty <>, Hannes Tschofenig <>
Subject: Re: [Ace] Summary of ACE Group Communication Security Discussion
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 Sep 2016 11:04:53 -0000


On 9/26/16 7:11 PM, Kepeng Li wrote:
> Please correct us if we are wrong in our interpretation of your mail
> postings.

Perhaps my middle ground didn't seem important, but I had thought it was
a good way forward: require asymmetric for group admission (as Abhinav &
co do), group keying for communication and require source authentication
at other layers.  I otherwise supported his proposal.

I do take Mike's point that the standard wouldn't be self-contained, and
there are risks of it being used without that additional layer beyond
its applicatbility.  I still think the middle ground approach is best,
given some of the use cases.

--- Begin Message ---
Hi Abhinav,

Thanks for this email.  I think this is pretty close to what I think is
necessary.  To be sure, vendors and developers have very little power to
limit where their products will be placed.  Thus it is important to
state strongly that source authentication is necessary at other layers
when it is not used at this layer.  To me that would cover all
circumstances.  With that approach, I would strongly support the
adoption of your document as a WG document and would of course review it
and provide comments (as I have ;-).



On 9/14/16 11:33 AM, Somaraju Abhinav wrote:
> Hi all,
> Thank you all for the feedback on the group communication security discussion.
> We noticed that two concerns have been raised with the current specification.
> 1)   Symmetric keys do not provide source authentication. Here, most people on the mailing list agreed that symmetric keys provides basic security and is sufficient for lighting applications. It is not intended to be used in the wider internet for more sensitive group communication security use-cases.
> 2)   How to ensure that the symmetric key group communication security solution is not used in situations it is not designed for?
> We propose to address the received feedback by making the following modifications to the document:
> 1)   We will add an additional section where we specify how asymmetric cryptography can be used for secure group communication. This will help for all those cases where source authentication is desired.
> 2)   Add a security considerations section where we explain that the asymmetric key solution is the recommended approach but that there are situations where low latency group communication makes it difficult to use asymmetric cryptography and where source authentication is less important. You could call it an applicability statement.
> If this proposed modifications makes sense then we can try to submit a new draft with these changes.
> Abhinav
> ________________________________________________________ The contents of this e-mail and any attachments are confidential to the intended recipient. They may not be disclosed to or used by or copied in any way by anyone other than the intended recipient. If this e-mail is received in error, please immediately notify the sender and delete the e-mail and attached documents. Please note that neither the sender nor the sender's company accept any responsibility for viruses and it is your responsibility to scan or otherwise check this e-mail and any attachments.
> _______________________________________________
> Ace mailing list

Ace mailing list
--- End Message ---