Re: [Dtls-iot] DTLS multicast security
"Rahman, Akbar" <Akbar.Rahman@InterDigital.com> Fri, 19 September 2014 11:27 UTC
Return-Path: <Akbar.Rahman@interdigital.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A7121A00C3 for <dtls-iot@ietfa.amsl.com>; Fri, 19 Sep 2014 04:27:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.552
X-Spam-Level:
X-Spam-Status: No, score=-3.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.652] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C0-PfwHF9kfI for <dtls-iot@ietfa.amsl.com>; Fri, 19 Sep 2014 04:27:55 -0700 (PDT)
Received: from smtp-in1.interdigital.com (smtp-in1.interdigital.com [64.208.228.133]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA3631A00AD for <dtls-iot@ietf.org>; Fri, 19 Sep 2014 04:27:54 -0700 (PDT)
X-ASG-Debug-ID: 1411126073-06daaa3ff58f170001-roOjxa
Received: from smtp-out1.interdigital.com (sahara.interdigital.com [10.0.128.27]) by smtp-in1.interdigital.com with ESMTP id uT4pvEAIJcHccaS2 for <dtls-iot@ietf.org>; Fri, 19 Sep 2014 07:27:53 -0400 (EDT)
X-Barracuda-Envelope-From: Akbar.Rahman@InterDigital.com
Received: from interdigital.com ([10.0.128.11]) by smtp-out1.interdigital.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 19 Sep 2014 07:27:51 -0400
Received: from KYANITE.InterDigital.com ([10.1.64.253]) by interdigital.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 19 Sep 2014 07:27:51 -0400
Received: from KAINITE.InterDigital.com (10.1.64.252) by KYANITE.InterDigital.com (10.1.64.253) with Microsoft SMTP Server (TLS) id 14.3.195.1; Fri, 19 Sep 2014 07:27:50 -0400
Received: from NISSONITE.InterDigital.com (10.2.64.252) by KAINITE.InterDigital.com (10.1.64.252) with Microsoft SMTP Server (TLS) id 14.3.195.1; Fri, 19 Sep 2014 07:27:50 -0400
Received: from NABESITE.InterDigital.com ([fe80::4d8a:a889:67c2:f009]) by NISSONITE.InterDigital.com ([::1]) with mapi id 14.03.0195.001; Fri, 19 Sep 2014 07:27:49 -0400
From: "Rahman, Akbar" <Akbar.Rahman@InterDigital.com>
To: Ludwig Seitz <ludwig@sics.se>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Thread-Topic: [Dtls-iot] DTLS multicast security
X-ASG-Orig-Subj: RE: [Dtls-iot] DTLS multicast security
Thread-Index: AQHP04Dp9cuVp8e9+U+XZne5lc7EypwIRnUAgAAH/jA=
Date: Fri, 19 Sep 2014 11:27:48 +0000
Message-ID: <36F5869FE31AB24485E5E3222C288E1FFAFA@NABESITE.InterDigital.com>
References: <6D27AD8D-3B90-4100-9440-3375946F420B@gmail.com> <541BD0E0.1090409@sics.se>
In-Reply-To: <541BD0E0.1090409@sics.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.247.134]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 19 Sep 2014 11:27:51.0449 (UTC) FILETIME=[BF76D890:01CFD3FC]
X-Barracuda-Connect: sahara.interdigital.com[10.0.128.27]
X-Barracuda-Start-Time: 1411126073
X-Barracuda-URL: http://10.1.245.3:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at interdigital.com
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.9647 Rule breakdown below pts rule name description ---- ---------------------- --------------------------------------------------
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/N7PDmOuI1tfpSLOdbT9zvHjb5Kg
Subject: Re: [Dtls-iot] DTLS multicast security
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2014 11:27:57 -0000
Hi Dorothy, I agree with Ludwig that having a secure multicast is considered a benefit by many. For example, during the recent IESG review of the base CoAP Group Communication spec there were several comments made by AD's reflecting the need for a secure multicast solution to be developed by IETF. See for example: http://www.ietf.org/mail-archive/web/core/current/msg05566.html "The lack of security controls is an issue, experimental would be good until it is resolved as there is a lot of work to be done in this space and it is active." So, I think we still need to have a Work Item to develop a secure group communication solution. However, perhaps we can modify the description of the Work Item and not have it exclusively linked to a DTLS-based approach for secure group communication. We should allow for other approaches if people want to propose them. But we should still definitely keep working on this topic (i.e. secure group communication). A separate thought is that we may also want to progress the existing http://datatracker.ietf.org/doc/draft-keoh-dice-multicast-security/ but put it on an Experimental track. That way we can get experience with the solution but not put it directly on Standards track. Best Regards, Akbar -----Original Message----- From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Ludwig Seitz Sent: Friday, September 19, 2014 2:45 AM To: dtls-iot@ietf.org Subject: Re: [Dtls-iot] DTLS multicast security On 09/18/2014 10:41 PM, Dorothy Gellert wrote: > Dear WG, > > Last week our AD and the WG chairs, myself and Zach, met to discuss the progress of the DTLS multicast security Work Item. > it seems as though we have reach an impasse with regards to the issues raised on the mailing list with multicast security and DTLS. > > If this is the consensus of the WG we can progress the WG without this Work item and move forward with the other 2 work items, the dtls profile and practical issues around the DTLS handshake. > > I'd like to request feedback from the WG on this plan. > > Thanks, > Dorothy > When making a decision on this, please note that secure multicast would be considered a considerable benefit by some. See e.g. http://www.ietf.org/mail-archive/web/ace/current/msg00826.html Regards, Ludwig -- Ludwig Seitz, PhD SICS Swedish ICT AB Ideon Science Park Building Beta 2 Scheelevägen 17 SE-223 70 Lund Phone +46(0)70-349 92 51 http://www.sics.se
- [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Ludwig Seitz
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Rahman, Akbar
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Rahman, Akbar
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Rahman, Akbar
- Re: [Dtls-iot] DTLS multicast security Carsten Bormann
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Nelson B Bolyard
- Re: [Dtls-iot] DTLS multicast security Carsten Bormann
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Carsten Bormann
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security peter van der Stok
- Re: [Dtls-iot] DTLS multicast security Stefanie Gerdes
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Ludwig Seitz
- Re: [Dtls-iot] DTLS multicast security Stefanie Gerdes
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Ludwig Seitz
- Re: [Dtls-iot] DTLS multicast security Rahman, Akbar
- Re: [Dtls-iot] DTLS multicast security Carsten Bormann
- Re: [Dtls-iot] DTLS multicast security Sye Loong Keoh
- Re: [Dtls-iot] DTLS multicast security Robert Cragie
- [Dtls-iot] Further analysis of the problem space … Rene Struik
- Re: [Dtls-iot] Further analysis of the problem sp… Michael StJohns
- Re: [Dtls-iot] Further analysis of the problem sp… Dorothy Gellert
- Re: [Dtls-iot] Further analysis of the problem sp… Rene Struik
- Re: [Dtls-iot] Further analysis of the problem sp… Michael StJohns
- Re: [Dtls-iot] Further analysis of the problem sp… Carsten Bormann
- Re: [Dtls-iot] Further analysis of the problem sp… Dorothy Gellert