Re: [Anima] EXTERNAL: Re: [Iot-onboarding] OPC and BRSKI

Toerless Eckert <> Mon, 12 August 2019 22:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CFDF5120836; Mon, 12 Aug 2019 15:21:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id v6trGYvjQvpe; Mon, 12 Aug 2019 15:21:47 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 976C4120ACE; Mon, 12 Aug 2019 11:50:26 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 4F78C548028; Mon, 12 Aug 2019 20:50:20 +0200 (CEST)
Received: by (Postfix, from userid 10463) id 3A0FF440041; Mon, 12 Aug 2019 20:50:20 +0200 (CEST)
Date: Mon, 12 Aug 2019 20:50:20 +0200
From: Toerless Eckert <>
To: Jack Visoky <>
Cc: Michael Richardson <>, "Randy Armstrong (OPC)" <>, "" <>, "" <>
Message-ID: <>
References: <> <> <11781.1565189957@localhost> <> <> <4671.1565279232@localhost> <> <> <19592.1565471757@localhost> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <>
Subject: Re: [Anima] EXTERNAL: Re: [Iot-onboarding] OPC and BRSKI
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 12 Aug 2019 22:21:50 -0000

Agreeing to what Michael and you said, but also wanted to point out
that TLS as defined by IETF is on a trajectory which may or may not be desirable
for e.g.: industrial automation (where OPC is used) or other regulated/
critical environments.

For example the total elimination of any non-encryption option in the
TLS1.3 profile and the removal of the ability for passive observers to see
the certificates exchanged impeeds severely on the ability to do passive

I at least think there are good reasons to also have a strong
and independent reviewed authentication scheme without encryption
that can well be diagnosed by passive observers.

Aspects like these are easily fixed IMHO by creating different profiles
of TLS. Whether or not one could get such profiles through the TLS
WG in the IETF is of course a different question given what seems to
be a highly contentuous nature of the topic.

There also seems to be a desire of areas of industrial automation to
avoid the overhead of a perceived to be redundant network layer. This
was a thing back in the days of OSI where TP4 was often run in
factories without CLNS, and given how IP hasn't really improved on
simplified, automated address management vs. L2 switched ethernet,
this still seems to be a thing. Aka: Someone would need to define
TLS on top of just ethernet instead of IP/IPv6. And there may be
other similar L2 "transport" technologies where its not clear if
simple ethernet mappings would suffice (bluetooth, wifi,...).

Last but not least, QUIC is on a path to replace TLS and that
too puts a dent into the belief that TLS as it stands would be
a long term stable most-widely used protocol.

Finally: There is something said to not simply trust a design like
TLS which you do not really understand just because  its widely used,
and thus hopefully well reviewed, but rather make sure you have a
design based on solid understanding of the cryptographic principles employed
and a well defined review/control process of implementations.  Incidents
like with OpenSSL show how badly reviewed even the most widely deployed
crypto mechanisms can be.


On Sun, Aug 11, 2019 at 09:31:22PM +0000, Jack Visoky wrote:
> > but there are significant benefits to not maintaining your own protocols, and significant benefits to getting the extensive review that TLS gets.
> I could not agree more with this statement.
> Thanks,
> --Jack
> -----Original Message-----
> From: Michael Richardson <> 
> Sent: Saturday, August 10, 2019 5:16 PM
> To: Jack Visoky <>; Randy Armstrong (OPC) <>;;
> Subject: Re: EXTERNAL: Re: [Anima] [Iot-onboarding] OPC and BRSKI
> Jack Visoky <> wrote:
>     > I am also involved with OPC-UA and would like to provide my/my
>     > company's perspective.  One of the major drivers of this engagement
>     > with the ANIMA group was a contentious point around whether or not TLS
>     > and EST are required for support of BRSKI.  Some of us had taken the
>     > position that these technologies are an integral part of BRSKI and
>     > shouldn't be replaced with OPC specific methods, especially given the
>     > benefit of using highly adopted security technologies, as well as the
>     > tight coupling of BRSKI to these.  So, I think the idea that OPC should
>     > just use these technologies is very much a viable answer.
> If the device is powered or has enough battery to do 802.11, then it probably has enough power and code space to do TLS (particularly mbedtls from ARM).
> If it's on a very low duty cycle on battery, and/or it does 802.15.4, then the question is still open.  The IETF may start work on a 802.15.4 specific AKE, (see  We believe we need these for 6tisch (TSCH mode of 802.15.4 for deterministic industrial networks)
> It appears that the OPC UA methods provide enough security to do BRSKI, but there are significant benefits to not maintaining your own protocols, and significant benefits to getting the extensive review that TLS gets.
>     > Also, I would strongly push back on any claims that low end OPC devices
>     > cannot support TLS.  Other industrial protocols have already added TLS
>     > support and are shipping products, including those with TLS client
>     > functionality.  TLS is no more heavy-weight than existing, OPC-specific
>     > security mechanisms.
> The OPC-specific mechanism appears to avoid a DH operation and therefore lacks PFS.  I understand it uses RSA, which means that it's significantly more expensive than TLS with ECDSA (and ECDH) would be, and most SOCs have hardware acceleration for ECDSA's secp256v1, fewer have RSA acceleration.
>     > In any event I will be sure to join the call that has been set up for
>     > later in August.
> Awesome.
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]        |   ruby on rails    [
> --
> Michael Richardson <>, Sandelman Software Works  -= IPv6 IoT consulting =-
> _______________________________________________
> Anima mailing list