Re: [Anima] Alissa Cooper's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 11 July 2019 04:46 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 651A112009E; Wed, 10 Jul 2019 21:46:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.703
X-Spam-Level:
X-Spam-Status: No, score=-0.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0oD2givSmbVJ; Wed, 10 Jul 2019 21:46:34 -0700 (PDT)
Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFC27120048; Wed, 10 Jul 2019 21:46:34 -0700 (PDT)
Received: by mail-pf1-x42d.google.com with SMTP id i189so2124434pfg.10; Wed, 10 Jul 2019 21:46:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=BTX6uLxpD1QtVTf5ikfm/aMb/1Ax1u1tgUtT69Pn4BE=; b=SImT4oQjiwS1oI2/4AIqmUIIaHhrJM7hsPs70AVJAtX42cFf1/90c7CXdSnxHIC9ya c5hnO73wDKbMQtKnTXxXdfPQ/uVHMcWOMz0sGN2KH4ezZuhKpD8h8nL4s4NqcwV/t0f0 275cHd36c9FDu0hMZShERaUklIU/73i7pLGcJLJXqbm4knqf5ET5w0eLho1oS3PU3rzS rE4J5zxzNgifvUHru3FMVJ5vmBP7JL1xvZh5ytVDi+h1i4yHJcXxAr6gYx8TXVyI/cDY hmBBfmuNm8ORifjq6LFxIJcqaVNmezLW9YxgQlZpBNdk6mg8PTEve6v67eUUF1XMKQE3 ZMaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=BTX6uLxpD1QtVTf5ikfm/aMb/1Ax1u1tgUtT69Pn4BE=; b=n11mlsoh91HbaJcY0CCCkfl1iz/8q7krEcx7OQVFhNG7n2lNM8VxT3WfkiywnQCNqS ukujvlRXPh8wVWE6S767bAlUUNx8yrxtS/C5eBkrCoHCqVkLBuM7g4UcJ8ZzlcYiC9Ue hTcydaZtrlsElJTNeQA4l4jlLp4gK/suL7GFkL7XAYz5EntE76CoFvZ2+0QjrrVaK2pM L1gJCpUvFBnKbo1juvLFo30GLqEt7HvpOASvBKEsaLsT+m07gCVzIuMUAMIalfUW9VgX RP/WGX6I+Faxg9RKDwtlqZHgGsZwK1ev++XRqxZPH+yq/B5IUGMhVBxaDLIQvjITaeBa kyOA==
X-Gm-Message-State: APjAAAXIpY4zH31vDt+X44sdAnu5lrZze1M1nVJ53FztWILx9vtgKJ0j NX5L2H3yo/ZGsm0zZviNaze42Oqk
X-Google-Smtp-Source: APXvYqxYfRIlRvlOl/vPx6VzG0i2zNCnhcf9oyMVjiJzrJmDksRcTkl8WmpX+C/b/0qnDECYKPtGfw==
X-Received: by 2002:a63:e907:: with SMTP id i7mr2228797pgh.84.1562820394009; Wed, 10 Jul 2019 21:46:34 -0700 (PDT)
Received: from [192.168.178.30] (32.23.255.123.dynamic.snap.net.nz. [123.255.23.32]) by smtp.gmail.com with ESMTPSA id e124sm6098427pfh.181.2019.07.10.21.46.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jul 2019 21:46:33 -0700 (PDT)
To: Michael Richardson <mcr+ietf@sandelman.ca>, Alissa Cooper <alissa@cooperw.in>
Cc: draft-ietf-anima-bootstrapping-keyinfra@ietf.org, Toerless Eckert <tte+ietf@cs.fau.de>, anima@ietf.org, The IESG <iesg@ietf.org>, anima-chairs@ietf.org
References: <156279135063.15552.18154602951583265728.idtracker@ietfa.amsl.com> <406.1562813786@localhost>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <5f70aa4e-4307-1445-33be-90bfeee79403@gmail.com>
Date: Thu, 11 Jul 2019 16:46:28 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <406.1562813786@localhost>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/m5MUN21gnIK9ZCAtMaGMb7PsQHs>
Subject: Re: [Anima] Alissa Cooper's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 04:46:36 -0000
On 11-Jul-19 14:56, Michael Richardson wrote: > > Alissa Cooper via Datatracker <noreply@ietf.org> wrote: > > I apologize if I'm misunderstanding how this works, but I didn't see much > > discussion in the document about the implications of the manufacturer going out > > of business. Specifically, it seems like if a device ships with BRSKI as its > > only available mechanism for bootstrapping and the manufacturer goes > > Section 7 provides some detail on a number of mechanisms that a manufacturer > could chose to include that would permit a device to be onboarded with > reduces levels of trust. > Section 7.2 specifically mentions onboarding via serial-console. > > (This situation is really no different from buying an iPhone 4 and then > complaining that you can't make it work because Apple won't give you > software that is secure, and since it's insecure, they won't onboard you, > except that you get a serial-console) Alissa, I've been concerned about this aspect since the -00 draft, especially for the case of air-gap deployments where the MASA is in any case inaccessible. I think it is indeed covered by section 7, which also mentions the need for future work. But it seems better to document the basic mechanism first. > > > = Section 1.3.1 = > > > "But this solution is not exclusive to large equipment: it is intended > > to scale to thousands of devices located in hostile environments, > > such as ISP provided CPE devices which are drop-shipped to the end > > user." > > > I don't quite understand how this squares with the scope limitation described > > in Section 1 and Section 9. If the whole network is professionally managed by > > the ISP, what part would be the "hostile environment"? > > The thousands of CPE devices (cable modems, VDSL modems, ISP provided home > routers) can be taken apart by the home owner. If such devices have IDevID > in a TPM module, then enrollment can be done securely. The same applies to equipment in street cabinets or shared premises, which might be physically accessible to bad actors (or untrustworthy employees). Brian
- [Anima] Alissa Cooper's Discuss on draft-ietf-ani… Alissa Cooper via Datatracker
- Re: [Anima] Alissa Cooper's Discuss on draft-ietf… Michael Richardson
- Re: [Anima] Alissa Cooper's Discuss on draft-ietf… Brian E Carpenter
- Re: [Anima] Alissa Cooper's Discuss on draft-ietf… Alissa Cooper
- Re: [Anima] Alissa Cooper's Discuss on draft-ietf… Toerless Eckert
- Re: [Anima] Alissa Cooper's Discuss on draft-ietf… Toerless Eckert
- Re: [Anima] Alissa Cooper's Discuss on draft-ietf… Michael Richardson