IETF Logo Mail Archive

Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 16 September 2019 18:25 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FE6F12004A for <anima@ietfa.amsl.com>; Mon, 16 Sep 2019 11:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YpdtufbPQYjC for <anima@ietfa.amsl.com>; Mon, 16 Sep 2019 11:25:49 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14DCC120130 for <anima@ietf.org>; Mon, 16 Sep 2019 11:25:49 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 9A5873897E; Mon, 16 Sep 2019 14:24:09 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id D5662BAE; Mon, 16 Sep 2019 14:25:47 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, anima@ietf.org
In-Reply-To: <cedc515e-22ab-94a9-e6ef-c55b345687ba@joelhalpern.com>
References: <156282703648.15280.17739830959261983790.idtracker@ietfa.amsl.com> <17580.1562874933@localhost> <ACEB4033-707F-47AF-B58A-5227B444BEAB@cisco.com> <E2DA8D30-805E-478D-925D-534C04A0727F@cisco.com> <8869.1563140002@dooku.sandelman.ca> <cedc515e-22ab-94a9-e6ef-c55b345687ba@joelhalpern.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 16 Sep 2019 14:25:47 -0400
Message-ID: <7930.1568658347@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/ySi3OionCTAY8YPBvsahsfBVwLw>
Subject: Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2019 18:25:56 -0000

{clearing out todo items in my inbox}

Joel M. Halpern <jmh@joelhalpern.com> wrote:
    > I presume I am missing something basic.
    > I have tried to follow this discussion, as it seems to be about a critical
    > aspect of whether the BRSKI work is acceptable.

    > I have assumed that what we needed is the ability for a buyer, who has
    > physical possession of the device, and possibly some simple (non
    > cryptographic) credentials provided by the seller to force the device to
    > reset what it thinks it is part of, and to emit in some accessible form the
    > information the buyer needs to be able to make this device part of his
    > network, using his authentication servers, etc.

    > Have I got the wrong end of the stick?

Joel, you have gotten the resale problem exactly correct.

BRSKI is primarily a protocol for a buyer, who does not wish to be forced
to assert physical possession, to assert ownership of the device.

The #1 reason why they don't want to resort to physical means is that the
local entities possessing ("remote hands") the device don't have the skills
and/or equipment to set the device up.

The #2 reason is that the device is in partial public access, and
it would be a bad thing if the physical possession interface was too easily
accessed. (Bank ATM, Airport checkin kiosk, hotel room interfaces, etc.)
This has been extended to IoT devices.

A third reason is that the devices may be difficult to actually reach
physically due to the structure and activity of the factory/plant/etc. that
they are in.  A temperature sensor 50m up a distillation tower in a refinery,
for instance.

The physical mechanisms that make the device hard to physically attack may
also make it hard for the second owner to take control of the device without
the cooperation of the first owners and/or manufacturer.

The current solution in the document is that one should, for enterprise/ISP
equipment that ANIMA applies to, continue to provide the same onboarding
processes that existed prior to ANIMA.  Specifically, a "craft" or serial console.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [



--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email