Re: [Dtls-iot] DTLS multicast security

[Dorothy Gellert <dorothy.gellert@gmail.com>]

HI Mike-

What we want to do as Chairs is to reach consensus on how to progress the work items.   If there consensus to drop the work item,  that would be progress. 

If the consensus of the group is to rework the Charter Item, so that it does not depend on DTLS, we can also do that.    So far there is willingness to re-work the charter item. 

Can we get more feedback from the WG?

Thanks,
Dorothy


On Sep 19, 2014, at 8:01 AM, Michael StJohns <msj@nthpermutation.com> wrote:

> On 9/19/2014 7:27 AM, Rahman, Akbar wrote:
>> Hi Dorothy,
>> 
>> 
>> I agree with Ludwig that having a secure multicast is considered a benefit by many.
> My problem with this statement is that I would consider anti-gravity to be a benefit to many, but that AG has exactly the same scientific basis as symmetric key multicast security - none.  There's long, long experience on this topic that the document writers have ignored.
> 
>>   For example, during the recent IESG review of the base CoAP Group Communication spec there were several comments made by AD's reflecting the need for a secure multicast solution to be developed by IETF.  See for example:
>> 
>> http://www.ietf.org/mail-archive/web/core/current/msg05566.html
>> 
>> 	"The lack of security controls is an issue, experimental
>> 	would be good until it is resolved as there is a lot of work to be done
>> 	in this space and it is active."
> 
> I think you're misrepresenting that message.  It's by Kathleen Moriarty.  She notes the lack of security in the body of the message, but the comment on "experimental" isn't on security specifically, but on the whole idea of CoAP group communications. Cf the other messages which object to the document as informational without mentioning security.
> 
>> 
>> 
>> So, I think we still need to have a Work Item to develop a secure group communication solution.  However, perhaps we can modify the description of the Work Item and not have it exclusively linked to a DTLS-based approach for secure group communication.  We should allow for other approaches if people want to propose them.  But we should still definitely keep working on this topic (i.e. secure group communication).
> 
> There's two things here:  1) The group is supposed to be profiling work done elsewhere to shrink it for use with IOT, not creating new stuff; 2) My objections to secure multicast are specifically in the area of the use of multicast as a control protocol; symmetric key systems are NOT secure enough for control systems and there appears to be deep and abiding resistance to the use of asymmetric systems (e.g. signed control messages) leading us to an impasse.
> 
> I agree that DTLS is probably not the appropriate protocol for signed control messages, but there also seems to be a deep and abiding resistance to adding it to CoAP where it might make the most sense.
> 
> Dorothy has proposed the withdrawal of multicast DTLS and I think that's the correct decision.   If someone wants to propose an asymmetric system that works with CoAP and run it through this group, I won't object (but the AD's might given the current charter).
> 
>> 
>> A separate thought is that we may also want to progress the existing http://datatracker.ietf.org/doc/draft-keoh-dice-multicast-security/ but put it on an Experimental track.  That way we can get experience with the solution but not put it directly on Standards track.
> 
> Instead, place it as a company informational like hundreds of other documents.  Philips can provide experimental results in a year or so.  There's only a reason to place it on the experimental track if more than one company is planning on using it and modifying it.
> 
> Later, Mike
> 
> 
>> 
>> 
>> Best Regards,
>> 
>> 
>> Akbar
>> 
>> -----Original Message-----
>> From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Ludwig Seitz
>> Sent: Friday, September 19, 2014 2:45 AM
>> To: dtls-iot@ietf.org
>> Subject: Re: [Dtls-iot] DTLS multicast security
>> 
>> On 09/18/2014 10:41 PM, Dorothy Gellert wrote:
>>> Dear WG,
>>> 
>>> Last week our AD and the WG chairs, myself and Zach, met to discuss the progress of the DTLS multicast security Work Item.
>>> it seems as though we have reach an impasse with regards to the issues raised on the mailing list with multicast security and DTLS.
>>> 
>>> If this is the consensus of the WG  we can progress the WG without this Work item and move forward with the other 2 work items, the dtls profile and practical issues around the DTLS handshake.
>>> 
>>> I'd like to request feedback from the WG on this plan.
>>> 
>>> Thanks,
>>> Dorothy
>>> 
>> When making a decision on this, please note that secure multicast would be considered a considerable benefit by some. See e.g.
>> http://www.ietf.org/mail-archive/web/ace/current/msg00826.html
>> 
>> Regards,
>> 
>> Ludwig
>> 
>> --
>> Ludwig Seitz, PhD
>> SICS Swedish ICT AB
>> Ideon Science Park
>> Building Beta 2
>> Scheelevägen 17
>> SE-223 70 Lund
>> 
>> Phone +46(0)70-349 92 51
>> http://www.sics.se
>> 
>> _______________________________________________
>> dtls-iot mailing list
>> dtls-iot@ietf.org
>> https://www.ietf.org/mailman/listinfo/dtls-iot
> 
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot