Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace-usecases-09: (with COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 23 October 2015 12:37 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7F7A1B35B0 for <ace@ietfa.amsl.com>; Fri, 23 Oct 2015 05:37:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ova7rwiECyOa for <ace@ietfa.amsl.com>; Fri, 23 Oct 2015 05:37:25 -0700 (PDT)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B35561B35A2 for <ace@ietf.org>; Fri, 23 Oct 2015 05:37:24 -0700 (PDT)
Received: by wijp11 with SMTP id p11so75493427wij.0 for <ace@ietf.org>; Fri, 23 Oct 2015 05:37:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tAxAeL+LBqatp8wRrP721z4RReKmkM0vuTt2xuyWA6g=; b=XCF5f4s89IXIYQ7YusRWwnZHNzfVVUSwbMxce0Ee2K5lQDHmgerzX870AVN8OV9i6J viy3B7zjf5sbont07rfJRI4pFnmxDSJ1koyyAs94a4yShc2tqswjH+ufgaAVncNA62hL f5P9RnVlNRXM+s3wBBU4m9Mdnum3Yy0+BCkHtvaCdekSAJY4DUed7f9/biQCSQSPRZrf pIeSJvoVA6iltChmxOmq/3MveddEjIJZE6MRWXC+EAyK/3s/VtN0/+OIhKdnetvTEU5d yjrK8LyQxhAAbI/dZsGZte3HhYVVaeJyMiMe3p/NeSnHivKVsMkkvMcFUISjxP0vz/U5 rULw==
MIME-Version: 1.0
X-Received: by 10.180.36.15 with SMTP id m15mr4022735wij.90.1445603843255; Fri, 23 Oct 2015 05:37:23 -0700 (PDT)
Received: by 10.28.214.142 with HTTP; Fri, 23 Oct 2015 05:37:23 -0700 (PDT)
In-Reply-To: <5629EED2.5080005@cs.tcd.ie>
References: <20151022132903.23826.2689.idtracker@ietfa.amsl.com> <5629EA01.6020506@sics.se> <5629EED2.5080005@cs.tcd.ie>
Date: Fri, 23 Oct 2015 08:37:23 -0400
Message-ID: <CAHbuEH6LNA6XaY8kUkZZ20A+Jc2V4SWriDajuZOkxq2JFuZX0Q@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ace/xcCE6NLEaIQfvF7y6JMAm6JPAXQ>
Cc: Ludwig Seitz <ludwig@sics.se>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace-usecases-09: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2015 12:37:26 -0000
I just went through Stephen's comments again before approving the draft, and I do think his first comment should be added in since it is specific to authentication and authorization. Is there a place this can fit in nicely? The problem he calls out is one that has been a thorn in the side for vendors of other products (not constrained), so it would be good to require updates to be authenticated and authorized. SUpply chain attacks are easier when these measures are not in place. A possible scenario (derived from real world events) is that you could manufacture a knock off and have it use a specific vendors firmware in an update without this protection in place. It would be appropriate to have this in a general document, but since this is authentication and authorization focused, it would be good to see it here as well. This is a very well written document and may get more not-as-technical readers using it for education, so it would be a shame to leave this out and get burned by it later. It might not be in scope for ACE, but you can also just state that so the concern is known. Thank you, Kathleen On Fri, Oct 23, 2015 at 4:24 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hiya, > > On 23/10/15 09:04, Ludwig Seitz wrote: >> On 2015-10-22 15:29, Stephen Farrell wrote: >> [...] >>> >>> 1. Software update is really needed and often missing and >>> usually hard. There's at least a need to authenticate and >>> authorize new firmware, when there is any update. That may not >>> be the same as authorizing a new config. >>> >>> 2. Alice buys a new device, and would like to know if it is >>> calling home or what it is doing before she configures it, or >>> perhaps before she accepts it in her network. Even if she >>> accepts it, she may want to be able to monitor the data it >>> is sending "home" e.g. to ensure her TV is not sending >>> data when she inserts a USB stick, if that is undesired. >>> >>> 3. Device fingerprinting is a threat that ought be considered >>> by solution developers, especially if there is no reliable >>> software update. Probably the best to be done is to try to >>> make it hard for unauthorized parties to fingerprint a device, >>> but that's also hard. >>> >>> 4. Commercial Devices will be end-of-lifed by vendors, and yet >>> Alice still needs to be able to use, and perhaos to update, >>> the device. That calls for some kind of authorization handover >>> which is not quite the same as a change of ownership. >>> >>> 5. Penetration testing will happen and devices should not barf >>> even then. Maybe that's a security consideration worth a >>> mention. >>> >>> See also the secdir review. [1] It'd be good to see a >>> response to that. >>> >>> [1] >>> https://www.ietf.org/mail-archive/web/secdir/current/msg06101.html >>> >> >> Hi Stephen, >> >> Thank you for your comments! >> >> We are making final adjustments to the document based on the *-DIR and >> the ballot comments. >> >> In the light of the discussion of your comments, Steffi and I are >> leaning towards not including them in this draft, since they are of a >> more general nature and would fit better in a general IoT/CoRE security >> document. >> >> Would that be ok with you? > > That is ok, but I disagree of course:-) > > I do think there are ace-specific use-cases arising from > the above. But I can fully understand not wanting to take > on such additions at this stage as well. > > S > >> >> >> /Ludwig >> >> >> > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace -- Best regards, Kathleen
- [Ace] Stephen Farrell's Yes on draft-ietf-ace-use… Stephen Farrell
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Carsten Bormann
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Stephen Farrell
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kumar, Sandeep
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Carsten Bormann
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kathleen Moriarty
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Ludwig Seitz
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Stephen Farrell
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kathleen Moriarty
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Ludwig Seitz
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Stefanie Gerdes
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kathleen Moriarty
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Ludwig Seitz
- Re: [Ace] Stephen Farrell's Yes on draft-ietf-ace… Kathleen Moriarty