IETF Logo Mail Archive

[Anima] Scope question [was: autonomic bootstrap: gap analysis]

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 16 June 2014 23:00 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1BA31A02B3; Mon, 16 Jun 2014 16:00:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gDQKEkLpNuzo; Mon, 16 Jun 2014 16:00:44 -0700 (PDT)
Received: from mail-pd0-x233.google.com (mail-pd0-x233.google.com [IPv6:2607:f8b0:400e:c02::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E45E11A02A8; Mon, 16 Jun 2014 16:00:43 -0700 (PDT)
Received: by mail-pd0-f179.google.com with SMTP id w10so2252825pde.24 for <multiple recipients>; Mon, 16 Jun 2014 16:00:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=7hoSwgd8rh5ckrYFcje5ScKq2UK/DXdDO2/0uy6kPe4=; b=0zRYQ69lsHPHgHzmDzSwXTnElSloVBNLrD8LFWJCsZKTo4pKM8kKC/jEts0g4eIhlP UgDZHutRqzvgzlVigFyXZOH1hEfWeBlTx8WBJtS7i5DcRqQREp/uDy92BoTk0W4LBXsF 2ogqxu5h+ibWAZS1xcKYcb6TDfnOfXhBx+8nAdqJm77nD+b4VFjpFuWzei5n4s5bfF0u NDeRmVwz4T5IZDvWa4xTvlazCAaYSToImIpWre/B80R/5C7fEKF8W7PzMg/0YAkf7zgA +eppNH27rah511M/ld3GLisWzebOtrSmfl/eAAAVXf0+CawrZnL3HZ5zNrIO2EuV/p6r 7Fpg==
X-Received: by 10.68.194.202 with SMTP id hy10mr28064686pbc.94.1402959643574; Mon, 16 Jun 2014 16:00:43 -0700 (PDT)
Received: from [192.168.178.23] (10.192.69.111.dynamic.snap.net.nz. [111.69.192.10]) by mx.google.com with ESMTPSA id ue3sm20664327pbc.49.2014.06.16.16.00.41 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 16 Jun 2014 16:00:42 -0700 (PDT)
Message-ID: <539F771A.3000008@gmail.com>
Date: Tue, 17 Jun 2014 11:00:42 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: anima@ietf.org
References: <26717.1402949592@sandelman.ca>
In-Reply-To: <26717.1402949592@sandelman.ca>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/anima/CWuHRkmYTimdf2cNyCLo1TxUbao
Cc: 6tisch-security <6tisch-security@ietf.org>
Subject: [Anima] Scope question [was: autonomic bootstrap: gap analysis]
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jun 2014 23:00:46 -0000

Michael's message is very interesting. For present purposes,
i.e. getting ready for the UCAN BOF, do we need to add some
points to the relevant use case draft
(http://tools.ietf.org/html/draft-behringer-autonomic-bootstrap)?

More generally - I think the AN protagonists have been thinking
of the scope of AN being carrier, enterprise, and home networks.
Should we add IoT to the scope? I think it's an important
question, because it would put new meanings on "simple" and
"available resources". It seems obvious that IoT networks need
to be completely autonomic, but is it the *same* autonomic?

Regards
   Brian

On 17/06/2014 08:13, Michael Richardson wrote:
> I recognize that bootstrap is only one of the autonomic mechanisms that
> are relevant to this group.  I have much reading on the other aspects
> which I hope to get done.
> 
> The 6tisch security design team has been working on a "zero-touch" mechanism
> that would permit constrained devices to join a Lowpower/Loss Network (LLN)
> in a secure way.   We have considered adapting EAP-TLS (as ZigbeeIP has
> done), or turning the WirelessHART (IEC62591) packet flow into something more
> IPv6-like.  While there are significant bits of design space to explore
> while trying to optimize packet count, size and total energy risk of the
> join protocol;  the idea that there should be a set of authorization tokens
> From the device vendor which would permit the network and new nodes to
> recognize each other has been central to all discussions.
> 
> while draft-pritikin-bootstrapping-keyinfrastructures and
>       draft-behringer-autonomic-bootstrap-00
> 
> have proposed valid high level concepts, I believe that specification of the
> authz token is critical for the IoT space.  A great concern that is that the
> LLNs created remain operational for decades at a time, and that the
> components can individually and also in aggregate be both (re-)sold,
> and/or the service provider operating the network be replaced.
> 
> (There are real life examples where a part of a 100 square mile refinery
> is actually sold to a competitor; obviously it doesn't get moved.  On the
> other side, one has the very real risk that you bought your sensor network
> From a "Nortel")
> 
> I was pointed at 802.1AR's device ID mechanism.  Really, 802.1AR is about an
> API between a (constrained) device and it's cryptographic hardware
> module/TPM.   It profiles a number of IETF PKIX specifications in a useful
> way, but there is little there in terms of actual protocol.  When it comes to
> what does an *DevID look like, in it's section 7.2.8, saying that the DN
> should contain a "serialNumber" attribute:
> 
>    The formatting of this field shall contain a unique X.500
>    Distinguished Name (DN). This may include the unique device serial number assigned by the manufacturer
>    or any other suitable unique DN value that the issuer prefers.
> 
> What I have observed is that there needs to be a way to clearly delegate from
> Factory(Vendor) to VAR to DISTRIBUTOR to RESELLER to Plant-OWNER to
> SERVICE-PROVIDER.    It would significantly reduce the number of certificates
> in (non-constrained device) databases for some levels of this hierarchy if
> the IDevID were aggregateable in some fashion.  RFC3779 came to mind, which
> deals with delegation of Autonomous Systems Numbers (ASN) and IP address
> ranges from RIRs to LIRs to ISPs and Enterprises.
>           RFC3779: X.509 Extensions for IP Addresses and AS Identifiers
> 
> I created:
>     X509.v3 certificate extension for authorization of device ownership
>                  draft-richardson-6tisch-idevid-cert-00
> 
> which cribbed together via nroff2xml and a search and replace.
> 
> The Pritikin and Behringer documents seem to assume that the ultimate goal of
> the trusted enrollment process is to create a path in which "EST"= Enrollment
> over Secure Transport could operate that would permit a new locally
> significant certificate to be loaded into the new device.
> I agree with that goal.
> 
> There is the question of how that trust circuit is created, and in discussion
> it seemed that it involve some kind of leap-of-faith TLS setup which would be
> authenticated by the "authz" tokens later on.  I disagree; I think that with
> appropriate evaluation of path constraints that the authentication can occur
> within the TLS protocol. (Even easier if done in IKEv2)
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>

v2.23.0 | Report a Bug | By Email