Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
Michael StJohns <mstjohns@comcast.net> Thu, 21 July 2016 13:05 UTC
Return-Path: <mstjohns@comcast.net>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0B1F12DAB2 for <ace@ietfa.amsl.com>; Thu, 21 Jul 2016 06:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.987
X-Spam-Level:
X-Spam-Status: No, score=-3.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xq96gSLHhz5 for <ace@ietfa.amsl.com>; Thu, 21 Jul 2016 06:05:37 -0700 (PDT)
Received: from resqmta-ch2-05v.sys.comcast.net (resqmta-ch2-05v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C030712DA28 for <ace@ietf.org>; Thu, 21 Jul 2016 06:04:55 -0700 (PDT)
Received: from resomta-ch2-08v.sys.comcast.net ([69.252.207.104]) by resqmta-ch2-05v.sys.comcast.net with SMTP id QDdJb0vEm2FGMQDepb9UL1; Thu, 21 Jul 2016 13:04:55 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1469106295; bh=7Pw2XTS1wFSESGTokjI0bt3k1G6AcRrx1UWa4iHFQDI=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=cY6A0raxv4S5e+aLjnRUzZx3j4aRYtu2aJ25LhqN8xRFkfng8ahjSZnFMN8uqjuQH I+Z+xm3uoWmPuFpf9R2jvKx/Cj4bdg8rPHHQhCkCjJYBa8NXp20rDwkUrMCLivFjt0 yuvX1XnmTXGal7QrITcrdnuXfsiYKKNIOdwQPYOvAV0RNzWjnvu3E3cNdmgrM5nvWe 2X6uf3r4NWIfpHYqiXwjf3F+RuEE72QZarpAkCqEGrB2V36yY9AVzf2EISmtIMJsAe ZYpvYbQnXmLWN9UKng0MxB8N1e0xToQogQyk2PKzGy9cgFxMs7oHWQzawMrkOu7lBP TutDtDUXZTRnw==
Received: from [IPv6:2001:67c:370:136:f5b6:8aca:fcf6:bf81] ([IPv6:2001:67c:370:136:f5b6:8aca:fcf6:bf81]) by comcast with SMTP id QDedb19BNS9gdQDeibl4JO; Thu, 21 Jul 2016 13:04:53 +0000
To: ace@ietf.org
References: <578F4D59.8050005@gmx.net> <5E393DF26B791A428E5F003BB6C5342AB3716D64@OC11EXPO33.exchange.mit.edu> <23666.1469091857@obiwan.sandelman.ca> <57909559.2000805@tzi.org>
From: Michael StJohns <mstjohns@comcast.net>
Message-ID: <655911d1-927e-56ae-1b73-903ad925ea88@comcast.net>
Date: Thu, 21 Jul 2016 09:04:47 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <57909559.2000805@tzi.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfHPfHjkoDSCmjgV4+MeZxQExFxSYWr3QIkdBt0LOnaZCdM6/ag0jZW/1ap0rI+MURmX8F/4GoDWkRoZB7tASElnxhSOmTUmTPHaOkZdRENqGJfbbaypK 0NnVd2MwcivMBXpo5+DB23P8JhBs6KlqDZ3P8c0P/6Vbq3BQWA8sYGis+tnx9KkpVqaEYDR6mMHBUg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/oicOyHrdfd7rYDe3C_gXU4I875Q>
Subject: Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2016 13:05:39 -0000
On 7/21/2016 5:26 AM, Carsten Bormann wrote: > Michael Richardson wrote: >> Why will ACE succeed when DICE failed? > Because DICE tried to hack something into TLS. That had no support. Actually, that's not the complete story. It was one of the things that finally killed this off (e.g. DICE was supposed to make a profile of DTLS for constrained devices, BUT DTLS didn't already support multicast, so its difficult to profile it in...; we have to come up with message formats for a DTLS extension) It wasn't the only thing. Again, there's a very long record of why this was a bad idea in DICE. It's trivially easy to map each and every one of those arguments to why the equivalent thing in ACE is bad. > >> Does ACE now have some knowledge or mechanism that DICE couldn't have created >> because it was out of scope? > ACE has COSE. *sigh* If this had any application to the stated lighting problem, then sending a COSE message with a public key signed payload to trigger state changes would be the solution, not a symmetric group multicast key. E.g. use section 4 of the https://datatracker.ietf.org/doc/draft-ietf-cose-msg/ document. Do NOT use any of the symmetric key sections. I've said similar things before, but there continues to be this belief from certain folk that its too expensive to do public key cryptography for lightbulbs. So to be clear - yes COSE is useful. No, it does not actually do anything to fix the problem of symmetric key group communications UNLESS you stick to the public key sections. Later, Mike > > Grüße, Carsten > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace
- Re: [Ace] Adoption of Low Latency Group Communica… Rene Struik
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Stephen Farrell
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Derek Atkins
- Re: [Ace] Adoption of Low Latency Group Communica… Jim Schaad
- Re: [Ace] Adoption of Low Latency Group Communica… Ludwig Seitz
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Michael Richardson
- Re: [Ace] Adoption of Low Latency Group Communica… Michael Richardson
- Re: [Ace] Adoption of Low Latency Group Communica… Hannes Tschofenig
- Re: [Ace] Adoption of Low Latency Group Communica… Thomas Hardjono
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Rahman, Akbar
- Re: [Ace] Adoption of Low Latency Group Communica… Smith, Ned
- [Ace] Adoption of Low Latency Group Communication… Hannes Tschofenig
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Robert Cragie
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Grunwald, Markus
- Re: [Ace] Adoption of Low Latency Group Communica… Robert Cragie
- Re: [Ace] Adoption of Low Latency Group Communica… Garcia Morchon O, Oscar
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Carsten Bormann
- Re: [Ace] Adoption of Low Latency Group Communica… Ludwig Seitz