IETF Logo Mail Archive

Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace-usecases-09: (with COMMENT)

Ludwig Seitz <ludwig@sics.se> Fri, 23 October 2015 08:04 UTC

Return-Path: <ludwig@sics.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5D5C1B32EB for <ace@ietfa.amsl.com>; Fri, 23 Oct 2015 01:04:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V0OqOXOn6oNY for <ace@ietfa.amsl.com>; Fri, 23 Oct 2015 01:04:21 -0700 (PDT)
Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00EEC1B32EE for <ace@ietf.org>; Fri, 23 Oct 2015 01:04:20 -0700 (PDT)
Received: by lffz202 with SMTP id z202so74770509lff.3 for <ace@ietf.org>; Fri, 23 Oct 2015 01:04:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sics_se.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=Of1bRzGs2iskzlYciUP/XnJT0nluNMfPnnOMJxa3+cg=; b=SfL4oHcUVao0hPUM6ucqGYZh54N+uTe8pmU9uh9215yOMdwlpnWXjY5HpE/V+1U0gt D6lk1W2BWEnurPAQjUWzwqeCpYxy4Y+Ik/iU0qTHU655dU0qfRW6pBZLy0Y+HPwozwGR ZM1X0wX6DLjv5e7I+eNUyaZ7KtOmv16vFfOUEpNU8CM3ZaMl3X+ErRLxllKQguhyWVV+ hAsARg3T+1qblICS10PJCF1Gsv7KyRJ1+w9KBDY+HQvisphy5xsKCmPyXZ6FcnTBMBHI oCJzAcl31TAzmrVHo1Lixvj5sqGHG8vbcoFwwphfd+AfZdo/jZLKkEOfZxXMjMa/Y3ip InkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-type; bh=Of1bRzGs2iskzlYciUP/XnJT0nluNMfPnnOMJxa3+cg=; b=dEMP3Du/9hLFfqhFvurGffKUf1pIsLnRhzeoEWhhZ9M28+4ToVvFUi4jDNWduT3C6/ EDOboq9OQMlide4OQMy3TeP7mYfC+mZVezHg1H7Q0qNKl6QdvekDsMOCYI1IKjZve4kG iaSwa2/5HFatiHVPpyYBsS9mA9FY5r+R7PgxDQ/q3ZF4v6kg3qPrCdCtDJgERfdf1ksC 2ZQY8sxX9pjYGa6OnukDhzoFFi20AAXT9CaIGfMxhcmosZg0zPxbLmIysTguSmVi5nmT 2K9n2tjq7F9qaxr99DPWFOd4H1+hv4CyVDyKLMRzKRWSNbEFL918cxpxCseDV8+/Tr/4 DYlw==
X-Gm-Message-State: ALoCoQlpmi1/1bHjTXtPrd0hLwRr3F4r3qAZjm7MTvApfj1sVJSqTKGjYTdVKYO96nvUfPKtk6Rw
X-Received: by 10.25.23.208 with SMTP id 77mr6844899lfx.44.1445587459171; Fri, 23 Oct 2015 01:04:19 -0700 (PDT)
Received: from [192.168.0.108] ([85.235.11.178]) by smtp.gmail.com with ESMTPSA id k4sm3028389lbp.12.2015.10.23.01.04.18 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 23 Oct 2015 01:04:18 -0700 (PDT)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <20151022132903.23826.2689.idtracker@ietfa.amsl.com>
From: Ludwig Seitz <ludwig@sics.se>
Message-ID: <5629EA01.6020506@sics.se>
Date: Fri, 23 Oct 2015 10:04:17 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <20151022132903.23826.2689.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms040104020804090900070304"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ace/bFdOU1svBDdvtD0ifGQ4rj-zb6k>
Cc: ace@ietf.org
Subject: Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace-usecases-09: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2015 08:04:23 -0000

On 2015-10-22 15:29, Stephen Farrell wrote:
[...]
>
> 1. Software update is really needed and often missing and
> usually hard. There's at least a need to authenticate and
> authorize new firmware, when there is any update. That may not
> be the same as authorizing a new config.
>
> 2. Alice buys a new device, and would like to know if it is
> calling home or what it is doing before she configures it, or
> perhaps before she accepts it in her network. Even if she
> accepts it, she may want to be able to monitor the data it
> is sending "home" e.g. to ensure her TV is not sending
> data when she inserts a USB stick, if that is undesired.
>
> 3. Device fingerprinting is a threat that ought be considered
> by solution developers, especially if there is no reliable
> software update. Probably the best to be done is to try to
> make it hard for unauthorized parties to fingerprint a device,
> but that's also hard.
>
> 4. Commercial Devices will be end-of-lifed by vendors, and yet
> Alice still needs to be able to use, and perhaos to update,
> the device. That calls for some kind of authorization handover
> which is not quite the same as a change of ownership.
>
> 5. Penetration testing will happen and devices should not barf
> even then. Maybe that's a security consideration worth a
> mention.
>
> See also the secdir review. [1] It'd be good to see a
> response to that.
>
>     [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06101.html
>

Hi Stephen,

Thank you for your comments!

We are making final adjustments to the document based on the *-DIR and 
the ballot comments.

In the light of the discussion of your comments, Steffi and I are 
leaning towards not including them in this draft, since they are of a 
more general nature and would fit better in a general IoT/CoRE security 
document.

Would that be ok with you?


/Ludwig



-- 
Ludwig Seitz, PhD
SICS Swedish ICT AB
Ideon Science Park
Building Beta 2
Scheelevägen 17
SE-223 70 Lund

Phone +46(0)70-349 92 51
http://www.sics.se

v2.23.0 | Report a Bug | By Email