IETF Logo Mail Archive

Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 15 July 2019 20:38 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2201E120115; Mon, 15 Jul 2019 13:38:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IXowKtMxYw-k; Mon, 15 Jul 2019 13:38:53 -0700 (PDT)
Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3F52120106; Mon, 15 Jul 2019 13:38:52 -0700 (PDT)
Received: by mail-pl1-x643.google.com with SMTP id y8so8873291plr.12; Mon, 15 Jul 2019 13:38:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=SJMiYIX2jZYgIv+NocPVpavHrfyN6sF55k+77dfR0AM=; b=H+uXACj1kmK8iyrK/JBqZnzmRPwxbsfcLd2NQYVmgsVmmwDf+PK14rcI4uMeLiHKbC /gpxe7VdOCfKXzp+v2YXHB1o6SpzpWhCFVaqAMPXLuvgw/cDFz3uiJ7orVg3HqJjLClN VqXeKATuNpeE+WF48DBtM/6xJXhOeIbn9xm0AtuB19m1CGt0VlAoswCRjCVwdZiTrA/B 2XOrGt9Crk3IPyO6+hWRe0s8YonXvx7EedWLJxraOe374mHMYieMyxgeCB7/wWmm9Eyo ryqcgycruMZeEdcriFIc5zctGVTHBIPDT09J5wksyBzc00gkC+IvrSw0lX2dy69utxMc wv+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=SJMiYIX2jZYgIv+NocPVpavHrfyN6sF55k+77dfR0AM=; b=ltyLnj9TyDB4CFDT+gVX7HvYl4geu4ZHdZH8BryP3bzZw/ebZWhAK0Vhn+eqgyUYIK kyHgP5Z+RiALsWkgXHWChPOw9lXVwdA32rZLRp3dDCTCJv4Gf+1JjQPFaCyfFNp2+3QF GMbOuD1xmuzcB5dhNefX2wTzJAUvveau/o+KHVcvZUPCq3Y04ZgjvKnjV7EDv1gGcXkE FlaDGp6JzhzXJmH/N9zOHiSVYmplJzrUnlBRe/Uqs12jmwNI5ORWl65+lTuaSNmtYVYQ fBI/qkSql1gLg6tsmU37Sa5dTCWsoE//mlJmMvYgln5r4J7OX1BEfi5aqAAHwLEb2W8x XzGQ==
X-Gm-Message-State: APjAAAXACpAPnt6zzYsT66lf9La8AsASkFR2FaaU8JiozE4sAlcnhWLJ FFN2hg7DPPcK/svFKt+czjc+6TW7
X-Google-Smtp-Source: APXvYqy8p/3MyIuLbP2zS/qIeBo4V4BujaYuXcoXsjLuO4A7usuZ17G/VJziLSVnw0Pvqdr4uIgMYw==
X-Received: by 2002:a17:902:a514:: with SMTP id s20mr28932972plq.162.1563223132278; Mon, 15 Jul 2019 13:38:52 -0700 (PDT)
Received: from [192.168.178.30] (40.226.69.111.dynamic.snap.net.nz. [111.69.226.40]) by smtp.gmail.com with ESMTPSA id s43sm21929748pjb.10.2019.07.15.13.38.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Jul 2019 13:38:51 -0700 (PDT)
To: "Joel M. Halpern" <jmh@joelhalpern.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Eliot Lear <lear@cisco.com>
Cc: draft-ietf-anima-bootstrapping-keyinfra@ietf.org, Adam Roach <adam@nostrum.com>, anima-chairs@ietf.org, The IESG <iesg@ietf.org>, Toerless Eckert <tte+ietf@cs.fau.de>, anima@ietf.org
References: <156282703648.15280.17739830959261983790.idtracker@ietfa.amsl.com> <17580.1562874933@localhost> <ACEB4033-707F-47AF-B58A-5227B444BEAB@cisco.com> <E2DA8D30-805E-478D-925D-534C04A0727F@cisco.com> <8869.1563140002@dooku.sandelman.ca> <cedc515e-22ab-94a9-e6ef-c55b345687ba@joelhalpern.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <376eee31-0264-38a8-1d32-901bb1a0671b@gmail.com>
Date: Tue, 16 Jul 2019 08:38:46 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <cedc515e-22ab-94a9-e6ef-c55b345687ba@joelhalpern.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/PiZWH-6z_HenC8-dhJcBJRJK3Ws>
Subject: Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 20:38:55 -0000

On 15-Jul-19 16:45, Joel M. Halpern wrote:
> I presume I am missing something basic.
> I have tried to follow this discussion, as it seems to be about a 
> critical aspect of whether the BRSKI work is acceptable.
> 
> I have assumed that what we needed is the ability for a buyer, who has 
> physical possession of the device, and possibly some simple (non 
> cryptographic) credentials provided by the seller to force the device to 
> reset what it thinks it is part of, and to emit in some accessible form 
> the information the buyer needs to be able to make this device part of 
> his network, using his authentication servers, etc.

Yes, but *not* a solution that works if the device is stolen. That's why
Eliot's comment:

>> Many credentials are written on your wireless devices right now.

doesn't provide an acceptable answer, IMHO. (As it doesn't for
devices that are deployed where third parties might have physical
access to them.)

    Brian

> Have I got the wrong end of the stick?
> Joel
> 
> On 7/14/2019 5:33 PM, Michael Richardson wrote:
>>
>> Eliot Lear <lear@cisco.com> wrote:
>>      > Whether such a voucher would be pinned is something we do not have to
>>      > specify, with the risks of it not being pinned being born by the owner.
>>
>> I beg to differ!
>> I think that the security properties are vastly different.
>> It's why we decided when creating RFC8366 not to do bearer tokens.
>> We simply didn't think we were competent enough to specify it tightly enough
>> to not become a security disaster.
>>
>> An unpinned voucher is some kind of bearer token, and if disclosed has
>> significant operational risk.  As such, keeping it around/online is a serious
>> issue.
>>
>> A voucher pinned to the public part of a keypair whose private key is
>> kept offline (to be turned over to a new owner) is different because there
>> are potentially far fewer things to keep private.  Worse case, it's perhaps
>> the same, I would agree.
>>
>> The bigger problem is that I don't see a way to define such an artifact in a
>> timely fashion, nor do I know which WG we'd do it in.
>>
>>
>> _______________________________________________
>> Anima mailing list
>> Anima@ietf.org
>> https://www.ietf.org/mailman/listinfo/anima
>>
> 
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
>

v2.23.0 | Report a Bug | By Email