IETF Logo Mail Archive

Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 20 July 2016 22:30 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CD1812D1D5 for <ace@ietfa.amsl.com>; Wed, 20 Jul 2016 15:30:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.888
X-Spam-Level:
X-Spam-Status: No, score=-3.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s0Z2P-Tm9DI1 for <ace@ietfa.amsl.com>; Wed, 20 Jul 2016 15:30:18 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3340E12B029 for <Ace@ietf.org>; Wed, 20 Jul 2016 15:30:17 -0700 (PDT)
Received: from [192.168.10.131] ([62.156.144.218]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MSMr9-1bnG0m3dn9-00TW80; Thu, 21 Jul 2016 00:30:12 +0200
To: Thomas Hardjono <hardjono@mit.edu>, "Ace@ietf.org" <Ace@ietf.org>
References: <578F4D59.8050005@gmx.net> <5E393DF26B791A428E5F003BB6C5342AB3716D64@OC11EXPO33.exchange.mit.edu>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Enigmail-Draft-Status: N1110
Message-ID: <578FFB79.6080101@gmx.net>
Date: Thu, 21 Jul 2016 00:30:17 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <5E393DF26B791A428E5F003BB6C5342AB3716D64@OC11EXPO33.exchange.mit.edu>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="kFukq4POuRnLbGiPLjXFIQR3EQhlPMaFp"
X-Provags-ID: V03:K0:h48Zmtv3p1up33rbpDbXkNI9tu7CV9BMhgjqUPmTrr1GkwIZVux /2bw/FE+vFC7aKwYr1O4kUKGzJAj2EODUAmKEXsV61aGeiCA9BrTO3rrMElAECx2Qi3Uz4I cVCyuZNAKP2xIkQLC5h6+7QXetJX7XLP7tcRtVZvZIx6GfU5eGRdVN0mEvZUn3wUc821p9T FWRmLTtXTxJJmM+d7ChOw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:pwXYmpKY0Fw=:/tXgn8STZVUDesC6kMbBuG N4gsCnSVwbhPmvk7YrANUZYaDygGIAu5tLyj5lGYfiWsKO5Vt7Jy4FauVmiKsCVPAMOsIkMsz Dpa/7UdQoyPWXOdxn8MCF4yKkkMoll1yFVoF0ffiR114AKZLpWN8Q43r7RtYnAvVvinmhitkj 83AODyptu2oeI9e2P/8kJpiPxyg1Ze2/AfGVJ3gETzwexp2ecWkddNwxYWAQFEjVb4r+yU+7S OXsirRqAUuAB5nsM7pdnL+5bJaRIBA3XQeYM7A477lyjU+GTYwNKbYp8C7GxNLH1YXJAB0PFb afwxuUmwj6gIt2fNt3/iZa4u3kXYu2FgCut52AXkBCl6qZtjxoSbSck9U9HYs6QL/hKtklCXk r5rYf7I3UAPLLLjQAeBI8uoZVe2JHPkth6iM9V1jasZqN8Rb1xpEoGR4t47DODEZ4zlxJJSYg WLU3UUTW045HI7oemA7PMtOMUF8divbIy1f145nwdCUn1xbwsxzBrjch/YAws7gAdPpOSdhmM IF8GoWZI12kQ2C5X54yl/LIQseS//bDFRKnydFaur0pkeWK0OgrQneJr4qKGYS8zY9PI68yx3 vnje2S60NAPzlkkBpzmrC/IeIXQetcXufBsjqZS5aQtLw60OypsW5P49tS7DjLqwv8VyCiZfO YNk1LmGji+j9VJhokvfNbMCEHNZCJqU7KRk59D4bb4XikqucwM/l3weq6FZu22JgcpM81DlHo tKH/OBC1u/u99eR1FkMq6IcTNSFnHDQSWpBnlzj6HLI3kd8ktNAbB/NyLZA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/V0qj5j67KUlhIj3EWVPcN4dexnE>
Subject: Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 22:30:21 -0000

Hi Thomas,

thanks for the response.


On 07/21/2016 12:05 AM, Thomas Hardjono wrote:
> 
> Generally I'm in support of any efforts to secure multicast messaging for IoT 
> applications However, I have some concerns about the ACE WG:
> 
> (a) Mixing authorization with key management: authorization and key-management 
> are separate functions, so they need separate specs.

This is probably a document management aspect and from a protocol point
of view there are indeed certain areas where authorization can separated
from the key distribution.

For example, separating the aspect where permissions are granted to
access a specific resource are separately from key distribution.

> 
> 
> (b) Application-independent key management: a good key management protocol 
> should be deployable for a reasonably broad set of applications area 
> (including Consumer IoT and Industrial IoT).
> 
> So while its useful to have a solution for lighting application, it remains to 
> be seen if the solution works for other applications.

We have been looking at other application domains outside lighting as
well but so far what we have are several companies interested from the
lighting community asking for a specification. If there are other use
cases as well then I am sure the group is interested to hear about them.

> 
> 
> (c) ACE WG work-pace:  The ACE use-cases document took over a year to finish, 
> with numerous argumentative & boring emails (I'm not going to name names). 
> Sigh. If it takes over 1 year just to agree on use-cases, I can't imagine how 
> long it will take to complete an IoT secure multicast key management protocol. 
> Double sigh.

Yes, that's indeed a fair concern. I am also worried about the speed.

> 
> 
> (d) Reinventing stuff:  The IETF did have a secure multicast WG that produced 
> a lot of drafts and some RFCs, notably RFC 3740 and RFC3547 (RFC6407). There's 
> product out there implementing these already.

Re-using work sounds useful.

> 
> There's also a draft in DICE on multicast for DTLS (not sure what happened to 
> it).

The DTLS multipath was discontinued. Instead, the current approach is to
work on an application layer layer multicast security solution.

> 
> There is the Fluffy draft, but so far the ACE WG has not been very interested 
> in it.

The group decided to go for an OAuth-based approach in ACE but there are
certainly multicast security aspects in the Fluffy draft that should be
explored IMHO.

> 
> 
> (e) Re-chartering:  Will the ACE WG need rechartering and how long.

The ACE group needs to be re-chartered to work on low latency group
communication security. Whether this happens at all depends on the
outcome of this discussion.

Ciao
Hannes

> 
> 
> 
> /thomas/
> 
> 
> 
> 
> ------------------------------------------
> 
> 
>>>> -----Original Message-----
>>>> From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>>>> Sent: Wednesday, July 20, 2016 6:07 AM
>>>> To: Ace@ietf.org
>>>> Subject: [Ace] Adoption of Low Latency Group Communication Security Work 
>>>> in
>>>> ACE
>>>>
>>>> Hi all,
>>>>
>>>> at the ACE meeting today I asked the participants whether they are in 
>>>> favor
>>>> of adding low latency group communication security work in the ACE group.
>>>>
>>>> 20 persons were in favor of doing the work.
>>>>
>>>> 5 people argued against doing this work.
>>>>
>>>> If you haven't been at the meeting please contribute your thoughts here on
>>>> the list. If you believe you do not have enough information please also
>>>> speak up.
>>>>
>>>> Ciao
>>>> Hannes
> 
> 
> 
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
>

v2.23.0 | Report a Bug | By Email