IETF Logo Mail Archive

Re: [Anima] Scope question [was: autonomic bootstrap: gap analysis]

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 18 June 2014 19:51 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5441A02B7; Wed, 18 Jun 2014 12:51:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f5rB2_r44ZPP; Wed, 18 Jun 2014 12:51:29 -0700 (PDT)
Received: from mail-pb0-x233.google.com (mail-pb0-x233.google.com [IPv6:2607:f8b0:400e:c01::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F68A1A0132; Wed, 18 Jun 2014 12:51:29 -0700 (PDT)
Received: by mail-pb0-f51.google.com with SMTP id rp16so1073952pbb.24 for <multiple recipients>; Wed, 18 Jun 2014 12:51:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=iWQRPUZp5Np/MwYtp8GeYF0bVXiO+7Dr+WtyXN/H9vg=; b=bEEgVih+3USa3tfxdV91M4Jc8JFWajx6HPctzupt1F6toTj4JosJdmMve2qpaTBxLP tfZHdN6Lcbvt48ZO/O7XUymTzf+pao6PUT1fk0Z+w6pn95Tg5QIbGnOok6lHP2+0ugUK 3eL25w6iDssQyJTGTre4U8oH1dn8PFKzeyP3DqwkrBqdNZt0HnhqkFa7DGgs2Kl7ElsO mwxWA5g5WySBxpUVvWXtOUrUVjcv4kLR9hNAcTG8vos3U4CVLsPJbyxsFT4WkjH0LIAg FXCD2n8/0pzPJqYmPjnSJ85gHwqEN6OWZG2I9dQcQ0Z+J1Nkl2MHeVc47l4Ev4uRqsTZ u4WA==
X-Received: by 10.68.193.193 with SMTP id hq1mr143332pbc.107.1403121088701; Wed, 18 Jun 2014 12:51:28 -0700 (PDT)
Received: from [192.168.178.23] (207.194.69.111.dynamic.snap.net.nz. [111.69.194.207]) by mx.google.com with ESMTPSA id xh10sm14918266pac.24.2014.06.18.12.51.25 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 18 Jun 2014 12:51:28 -0700 (PDT)
Message-ID: <53A1EDC4.9060800@gmail.com>
Date: Thu, 19 Jun 2014 07:51:32 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
References: <26717.1402949592@sandelman.ca> <539F771A.3000008@gmail.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF21BB3FF4@xmb-rcd-x14.cisco.com> <53A09C73.2060309@gmail.com> <E045AECD98228444A58C61C200AE1BD842C4027D@xmb-rcd-x01.cisco.com>
In-Reply-To: <E045AECD98228444A58C61C200AE1BD842C4027D@xmb-rcd-x01.cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/anima/Sq88ZddxQbkunNmBXOpx6cZxQ4Y
Cc: "6tisch@ietf.org" <6tisch@ietf.org>, "anima@ietf.org" <anima@ietf.org>, "Michael Behringer (mbehring)" <mbehring@cisco.com>
Subject: Re: [Anima] Scope question [was: autonomic bootstrap: gap analysis]
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jun 2014 19:51:31 -0000

On 18/06/2014 18:37, Pascal Thubert (pthubert) wrote:
> Hello Brian
> 
>>> Brian, we have always positioned AN also in the IoT context, and I agree
>>> with Sheng, AN can be used everywhere. Especially when it comes to devices
>>> that will be deployed and managed in the thousands or even millions,
>>> autonomic concepts are a requirement, not a nice to have.
> 
>> Fully agree. But when I see people asking whether we will use YANG, I find
>> myself wondering about low-end devices in an IoT context.
> 
> 6TiSCH uses YANG to model the configuration data of the 6top sublayer. 
> There was no perceived contradiction between that modelling and the
>  constrained environment that we are targeting for.

For those of us on the anima list that don't follow 6TiSCH in
detail, can you sketch out the boundary between the high level
model and the low end devices? (I fully recognise the advantage
of a high level model.)

    Brian
> 
> AN is definitely a key technology for large scale IoT applications. In the
> specific use case of industrial, additional policies may still have to be applied
> to impose zone and conduits structures, but the more autonomicity the
> better.
> 
> Cheers,
> 
> Pascal
> 
>> -----Original Message-----
>> From: Anima [mailto:anima-bounces@ietf.org] On Behalf Of Brian E
>> Carpenter
>> Sent: mardi 17 juin 2014 21:52
>> To: Michael Behringer (mbehring)
>> Cc: 6tisch-security; anima@ietf.org
>> Subject: Re: [Anima] Scope question [was: autonomic bootstrap: gap
>> analysis]
>>
>> On 17/06/2014 18:59, Michael Behringer (mbehring) wrote:
>>>> -----Original Message-----
>>>> From: Anima [mailto:anima-bounces@ietf.org] On Behalf Of Brian E
>>>> Carpenter
>>>> Sent: 17 June 2014 01:01
>>>> To: anima@ietf.org
>>>> Cc: 6tisch-security
>>>> Subject: [Anima] Scope question [was: autonomic bootstrap: gap
>>>> analysis]
>>>>
>>>> Michael's message is very interesting. For present purposes, i.e.
>>>> getting ready for the UCAN BOF, do we need to add some points to the
>>>> relevant use case draft
>>>> (http://tools.ietf.org/html/draft-behringer-autonomic-
>>>> bootstrap)?
>>>>
>>>> More generally - I think the AN protagonists have been thinking of
>>>> the scope of AN being carrier, enterprise, and home networks.
>>>> Should we add IoT to the scope? I think it's an important question,
>>>> because it would put new meanings on "simple" and "available
>>>> resources". It seems obvious that IoT networks need to be completely
>>>> autonomic, but is it the
>>>> *same* autonomic?
>>> Brian, we have always positioned AN also in the IoT context, and I agree
>> with Sheng, AN can be used everywhere. Especially when it comes to devices
>> that will be deployed and managed in the thousands or even millions,
>> autonomic concepts are a requirement, not a nice to have.
>>
>> Fully agree. But when I see people asking whether we will use YANG, I find
>> myself wondering about low-end devices in an IoT context.
>>
>>     Brian
>>
>>> We have positioned draft-pritikin-bootstrapping-keyinfrastructures as a
>> high-level solution in 6tisch. It explains how you CAN bootstrap a network,
>> zero-touch AND secure, and fits perfectly to the 6tisch requirements. The
>> corresponding use case is described in draft-behringer-autonomic-bootstrap.
>>> To me, the bootstrap problem is one of the real solid examples of
>> autonomic behaviour, because to bootstrap a device into a network I MUST
>> have some functionality on the devices, ie, distribution is absolutely
>> mandatory here.
>>> So this is one of the criteria for the use cases: Is distribution a
>> requirement? Because if it is, then this points very clearly to an autonomic
>> solution.
>>> Michael
>>>
>>>
>>>> Regards
>>>>    Brian
>>>>
>>>> On 17/06/2014 08:13, Michael Richardson wrote:
>>>>> I recognize that bootstrap is only one of the autonomic mechanisms
>>>>> that are relevant to this group.  I have much reading on the other
>>>>> aspects which I hope to get done.
>>>>>
>>>>> The 6tisch security design team has been working on a "zero-touch"
>>>>> mechanism that would permit constrained devices to join a
>>>> Lowpower/Loss Network (LLN)
>>>>> in a secure way.   We have considered adapting EAP-TLS (as ZigbeeIP has
>>>>> done), or turning the WirelessHART (IEC62591) packet flow into
>>>>> something more IPv6-like.  While there are significant bits of
>>>>> design space to explore while trying to optimize packet count, size
>>>>> and total energy risk of the join protocol;  the idea that there
>>>>> should be a set of authorization tokens From the device vendor which
>>>>> would permit the network and new nodes to recognize each other has
>>>>> been central to all
>>>> discussions.
>>>>> while draft-pritikin-bootstrapping-keyinfrastructures and
>>>>>       draft-behringer-autonomic-bootstrap-00
>>>>>
>>>>> have proposed valid high level concepts, I believe that
>>>>> specification of the authz token is critical for the IoT space.  A
>>>>> great concern that is that the LLNs created remain operational for
>>>>> decades at a time, and that the components can individually and also
>>>>> in aggregate be both (re-)sold, and/or the service provider
>>>>> operating the network be
>>>> replaced.
>>>>> (There are real life examples where a part of a 100 square mile
>>>>> refinery is actually sold to a competitor; obviously it doesn't get
>>>>> moved.  On the other side, one has the very real risk that you
>>>>> bought your sensor network From a "Nortel")
>>>>>
>>>>> I was pointed at 802.1AR's device ID mechanism.  Really, 802.1AR is
>>>>> about an API between a (constrained) device and it's cryptographic
>>>> hardware
>>>>> module/TPM.   It profiles a number of IETF PKIX specifications in a useful
>>>>> way, but there is little there in terms of actual protocol.  When it
>>>>> comes to what does an *DevID look like, in it's section 7.2.8,
>>>>> saying that the DN should contain a "serialNumber" attribute:
>>>>>
>>>>>    The formatting of this field shall contain a unique X.500
>>>>>    Distinguished Name (DN). This may include the unique device
>>>>> serial
>>>> number assigned by the manufacturer
>>>>>    or any other suitable unique DN value that the issuer prefers.
>>>>>
>>>>> What I have observed is that there needs to be a way to clearly
>>>>> delegate from
>>>>> Factory(Vendor) to VAR to DISTRIBUTOR to RESELLER to Plant-OWNER to
>>>>> SERVICE-PROVIDER.    It would significantly reduce the number of
>>>> certificates
>>>>> in (non-constrained device) databases for some levels of this
>>>>> hierarchy if the IDevID were aggregateable in some fashion.  RFC3779
>>>>> came to mind, which deals with delegation of Autonomous Systems
>>>>> Numbers (ASN) and IP address ranges from RIRs to LIRs to ISPs and
>>>> Enterprises.
>>>>>           RFC3779: X.509 Extensions for IP Addresses and AS
>>>>> Identifiers
>>>>>
>>>>> I created:
>>>>>     X509.v3 certificate extension for authorization of device ownership
>>>>>                  draft-richardson-6tisch-idevid-cert-00
>>>>>
>>>>> which cribbed together via nroff2xml and a search and replace.
>>>>>
>>>>> The Pritikin and Behringer documents seem to assume that the
>>>>> ultimate goal of the trusted enrollment process is to create a path
>>>>> in which "EST"= Enrollment over Secure Transport could operate that
>>>>> would permit a new locally significant certificate to be loaded into
>>>>> the new
>>>> device.
>>>>> I agree with that goal.
>>>>>
>>>>> There is the question of how that trust circuit is created, and in
>>>>> discussion it seemed that it involve some kind of leap-of-faith TLS
>>>>> setup which would be authenticated by the "authz" tokens later on.
>>>>> I disagree; I think that with appropriate evaluation of path
>>>>> constraints that the authentication can occur within the TLS
>>>>> protocol. (Even easier if done in IKEv2)
>>>>>
>>>>> --
>>>>> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software
>>>> Works
>>>>> -= IPv6 IoT consulting =-
>>>>>
>>>> _______________________________________________
>>>> Anima mailing list
>>>> Anima@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/anima
>>> .
>>>
>> _______________________________________________
>> Anima mailing list
>> Anima@ietf.org
>> https://www.ietf.org/mailman/listinfo/anima
>

v2.23.0 | Report a Bug | By Email