IETF Logo Mail Archive

Re: [core] Endpoint Client Name / Endpoint Name in RD draft

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 24 April 2018 10:38 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D06EF127136 for <core@ietfa.amsl.com>; Tue, 24 Apr 2018 03:38:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mRFXKxNQrPTe for <core@ietfa.amsl.com>; Tue, 24 Apr 2018 03:38:05 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00081.outbound.protection.outlook.com [40.107.0.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7445A1241F8 for <core@ietf.org>; Tue, 24 Apr 2018 03:38:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=1/ws1LFfvLH2InbQ+yhML3C3iLLYja6vzQaifKRoXAk=; b=jKbtqVkK+rdrVtd/0jSBQiJJdGgO05iGt75OjNAF2nE5bOQRv2lzh0AL5rEQT4N/cOwCb9CBFLmmkAi9jxvFOrkWgw+n2p4EF90FTVUqePM8FfcXz1ySWiOlWbzDlU33t0OKemfEqHNhDD6OB/jlhICKFGrBUoIWUj5vb9YxkP4=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1821.eurprd08.prod.outlook.com (10.168.67.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.696.13; Tue, 24 Apr 2018 10:38:01 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644%17]) with mapi id 15.20.0696.017; Tue, 24 Apr 2018 10:38:01 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>
CC: Jaime Jiménez <jaime.jimenez@ericsson.com>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] Endpoint Client Name / Endpoint Name in RD draft
Thread-Index: AdPMGk8Ajq5nOeuWRv+BrgbskCDzwf//7S4A//+qDBCAALM9gP//8agggADTwQD//7rfYADWabOA/+pTH0D/0qjNgP+lQLCA
Date: Tue, 24 Apr 2018 10:38:01 +0000
Message-ID: <VI1PR0801MB2112642D9A946BD12625E80AFA880@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB2112B52094B182F5D44C4F64FAA40@VI1PR0801MB2112.eurprd08.prod.outlook.com> <A484D917-677C-4B29-BBAD-DDDE34B50303@ericsson.com> <VI1PR0801MB21128EA2B70DEEE7C5775A62FAA40@VI1PR0801MB2112.eurprd08.prod.outlook.com> <070801d3cc3f$8d59e0c0$a80da240$@augustcellars.com>, <VI1PR0801MB2112FB25797DCB8F546C148DFAA40@VI1PR0801MB2112.eurprd08.prod.outlook.com> <7BA9B091-F489-4ED4-B6EC-5AD7D971D6F7@ericsson.com> <VI1PR0801MB2112A692CB307D213A89DFC8FABB0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <ca2b6038e911d93e15e57763836a1d09@xs4all.nl> <VI1PR0801MB21126DE7C4287563D1598E86FA890@VI1PR0801MB2112.eurprd08.prod.outlook.com> <c13edc71f916954978b3468d9f5de9c5@xs4all.nl>
In-Reply-To: <c13edc71f916954978b3468d9f5de9c5@xs4all.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [103.40.135.60]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1821; 7:xXJD3cD0KB7Ql+zBt+XaMGNoZy3YZPQP7qicwulWycGfGGAtD4EaDRKR6ktFXTXAnmDWW1Zb1UWI5eNs3otUATK5vFpEKwO6Vay0Ygv4VKiaeBLkmTnJo4k/o6dw3JSzCkW71/aUNr0FKGdpczF+QhJZRXqLkVzgtWy+0FXF9Vl1RHZ+LD7XxZijWEIAX3Tbd/2pNpnA+CCFXlolMMP6PsbhxaD+Rsm8Fuv+FinP3OOxsUkmMkFZ29aB0oGSmXWA
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1821;
x-ms-traffictypediagnostic: VI1PR0801MB1821:
x-microsoft-antispam-prvs: <VI1PR0801MB1821A1DA88C957B0F64F1B92FA880@VI1PR0801MB1821.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231232)(944501410)(52105095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041310)(20161123560045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011); SRVR:VI1PR0801MB1821; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1821;
x-forefront-prvs: 0652EA5565
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(39860400002)(376002)(366004)(39380400002)(346002)(396003)(199004)(189003)(13464003)(377424004)(40434004)(6916009)(2906002)(6116002)(7696005)(8936002)(316002)(5640700003)(102836004)(476003)(26005)(33656002)(105586002)(106356001)(93886005)(5250100002)(5890100001)(6506007)(59450400001)(446003)(66066001)(54906003)(9686003)(81166006)(76176011)(2351001)(2501003)(86362001)(1730700003)(3660700001)(7736002)(81156014)(14454004)(3280700002)(6246003)(11346002)(25786009)(68736007)(72206003)(6436002)(99286004)(53936002)(2900100001)(8676002)(486006)(53546011)(74316002)(478600001)(305945005)(55016002)(97736004)(229853002)(3846002)(4326008)(186003)(5660300001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1821; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: W/yPfJshQwo5oUl7orSdZurkI7mzAfidQt/4X3TNer7VLYgRArlZf6EvDIYzJC4EYOQTTGeOCY5nqks2SZuRAUNObaul3dQ7I0vwEfQoQDen1Rq+r3D6n2n0WYpdQUnGiOdJTnrqLhh/MrswMgR3zFQv+ZpFypCszUpRSqr27iG+d1gZIffwBPre0Q3cwquN
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 395823ba-294a-4b7a-ace0-08d5a9cf744a
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 395823ba-294a-4b7a-ace0-08d5a9cf744a
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2018 10:38:01.6387 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1821
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/C1O91_bcMsL_MsMazoZgl1Ivgts>
Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 10:38:08 -0000

Hi Peter,

The problem is actually documented in the security consideration section of the RD draft and I modified it slightly.

Consider the following threat: two devices A and B are managed by a single server.  Both devices have unique, per-device credentials for use with DTLS (or any other security protocol since there is nothing DTLS specific here).

Now, imagine that device A wants to sabotage device B.  Device A uses its own credentials during the DTLS exchange.  Then, device A puts the endpoint name of device B into the registration message.

If the RD server does not check whether the identifier provided in the DTLS handshake matches the endpoint name used at the CoAP layer in the registration message and if the server uses the endpoint name then device A can impersonate device B.

Does this concern make sense?

Ciao
Hannes


-----Original Message-----
From: peter van der Stok [mailto:stokcons@xs4all.nl]
Sent: 24 April 2018 16:28
To: Hannes Tschofenig
Cc: consultancy@vanderstok.org; Jaime Jiménez; core@ietf.org
Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft



Hannes Tschofenig schreef op 2018-04-23 05:08:
> Hi Peter,
>
> The mailing list discussion reconfirms my worry that people will get
> this wrong and will introduce security vulnerabilities.

Well, I'm one of those getting it wrong, because I did not understand the worry.

>
> I am saying that the security protocol used to protect the
> communication will have an authenticated identifier and this
> identifier then has to be used for identification of the IoT device.
> This identifier will then also be used for lookups .

This I understand. If I do clearly follow, guidelines must be produced about the use of authorized RD accesses.
Assume authorized access to the RD, using oauth-authz.
I do surmise that the registration may then return an signed identifier instead the path name of the registration.
The signed identifier can be used for updates.
The payload will be encrypted, and thus the actual use of ep, and d can be maintained as specified in the lookup, but are hidden to others.

Is that a correct extrapolated suggestion of your comments? probably there is a caveat I don't see.

>
> I am furthermore arguing that the multiple IoT device cannot share the
> same identifier.

sorry, what is a multiple IoT device? one with multiple registrations in the RD, or one with multiple links? or....

I agree with Jim that for third party registrations
> we cannot completely get rid of the endpoint client name/endpoint name
> functionality but for the third party registration you are most likely
> using a different approach anyway. I am not sure anyone using the RD
> specification for commissioning tool functionality today since the
> main purpose of the RD document is for something entirely different.

I do not agree with your conclusion. The use of RD is still being discussed as far as I know, and each SDO seems to have its own approach and use cases. The use of a CT is completely within scope to my knowledge.


Thanks hannes for your comments.
Looking forward to getting things more precise and understandable for me.

Peter

>
> Ciao
> Hannes
>
> -----Original Message-----
> From: peter van der Stok [mailto:stokcons@xs4all.nl]
> Sent: 09 April 2018 15:04
> To: Hannes Tschofenig
> Cc: Jaime Jiménez; core@ietf.org
> Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft
>
>>
>> I am curious what we lose if we remove this identifier altogether.
>> The only thing that comes to my mind is a debugging capability where
>> you might want to test your system without any security protocol.
> Hi Hannes,
>
> Probably, I completely misunderstand your suggestion.
> Registrations in the RD need identification so that they can be
> changed, removed , updated, etc...
> Registrations are identified by the (ep, d) pair, unique within a
> given RD.
> Removing ep identifier will force you to find another identifier for a
> registration.........
> and you are back to square 1 it seems.
>
>
> Peter
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose
> the contents to any other person, use it for any purpose, or store or
> copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email