IETF Logo Mail Archive

Re: [Dtls-iot] DTLS multicast security

Michael StJohns <msj@nthpermutation.com> Fri, 19 September 2014 16:00 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39CB81A0255 for <dtls-iot@ietfa.amsl.com>; Fri, 19 Sep 2014 09:00:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kxso-b_-xc6G for <dtls-iot@ietfa.amsl.com>; Fri, 19 Sep 2014 09:00:44 -0700 (PDT)
Received: from mail-qc0-f181.google.com (mail-qc0-f181.google.com [209.85.216.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 905081A0162 for <dtls-iot@ietf.org>; Fri, 19 Sep 2014 09:00:44 -0700 (PDT)
Received: by mail-qc0-f181.google.com with SMTP id r5so3343270qcx.26 for <dtls-iot@ietf.org>; Fri, 19 Sep 2014 09:00:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=kEcrpSBskOoiP7Xv1ZFqSdUTCuhOfLd0Pa6EwBeUdVI=; b=L3/wm41QKmYsPjSM3wqXn4GLA47WEP2x5XphyRxjU+BLNZIg86uA0QX8hQiS2Doy+o JzXSXf9crSIFwn+kFdH4BESv5c3Ks/1mu31Bo6fpp7bRbh7wxZpTGq7gNhTrjupFZRoJ oPHBjOsxvXFmLd/Gd2xRo/Lq56izR4e7it6XMd/c+wHB0BWUShrj0QTY5wP1+zZIUYPq jVUnLSdFQlPSv9r5HYI8z/Xkuy2Xr2IjyTr/lPbAwdvj28H5WY8YJ+PWs0Kq4Ai3fiVV hDafrV3y5J/bIxq5U/pshplHOOzrMAP8Mx4/PlqLpyNSrGNzP176Qt6xdfr1fJdEjFg7 0wmw==
X-Gm-Message-State: ALoCoQnleaJW1Siz/Mvdz0vcx73n29ECDMvbL2NaKS1AhEFcd8OdqAvsCYiaPG5OtfvCccudW/F2
X-Received: by 10.140.30.69 with SMTP id c63mr1010928qgc.63.1411142443589; Fri, 19 Sep 2014 09:00:43 -0700 (PDT)
Received: from ?IPv6:2601:a:2a00:226:a474:4e6:b7cc:99e5? ([2601:a:2a00:226:a474:4e6:b7cc:99e5]) by mx.google.com with ESMTPSA id l4sm1684011qad.41.2014.09.19.09.00.43 for <dtls-iot@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Sep 2014 09:00:43 -0700 (PDT)
Message-ID: <541C5336.9040406@nthpermutation.com>
Date: Fri, 19 Sep 2014 12:00:54 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1
MIME-Version: 1.0
To: dtls-iot@ietf.org
References: <6D27AD8D-3B90-4100-9440-3375946F420B@gmail.com> <541BD0E0.1090409@sics.se> <36F5869FE31AB24485E5E3222C288E1FFAFA@NABESITE.InterDigital.com> <541C452D.9090302@nthpermutation.com> <EBE85F86-00E2-40F8-9205-1B6AE20CAAE9@tzi.org>
In-Reply-To: <EBE85F86-00E2-40F8-9205-1B6AE20CAAE9@tzi.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/pEY-9o6Kf8VBff1zdSE9QRiZRhs
Subject: Re: [Dtls-iot] DTLS multicast security
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2014 16:00:46 -0000

On 9/19/2014 11:44 AM, Carsten Bormann wrote:
> On 19 Sep 2014, at 17:01, Michael StJohns <msj@nthpermutation.com> wrote:
>
>>> I agree with Ludwig that having a secure multicast is considered a benefit by many.
>> My problem with this statement is that I would consider anti-gravity to be a benefit to many, but that AG has exactly the same scientific basis as symmetric key multicast security - none.  There's long, long experience on this topic that the document writers have ignored.
> This discussion is a great demonstration that the IETF is unfit to do appropriate security.
>
> Yes, there is no known way to do efficient multicast security at military security levels*).
>
> I’m not interested in military security.
> The use cases I’m interested in need neither nonrepudiation nor do they need to address a threat model that involves tampering with devices.
>
> draft-mglt-dice-ipsec-for-application-payload demonstrates that we already have the IETF protocols in place to do appropriate security here.
>
> All the various Philips proposals tried to do was to package this functionality in a way that fits better to the other security protocols that DICE is trying to improve.  (And, yes, that work wasn’t finished before it was derailed.)
>
> If we cannot continue this work because it wouldn’t solve other use cases we don’t care about, that would be rather disappointing.
>
> Grüße, Carsten
>
> *) TESLA is not solving our problem either.
>
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot


Carsten - if we could constrain the use of whatever we came up with to a 
group of 10-12 lightbulbs inside someone's home, I'd say go ahead.  But 
this will end up as a general IOT cyber-physical control protocol.  It 
*will* be used on other things and it will be hacked.   Those are my 
assumptions - they may be wrong, but they are the most responsible 
assumptions to make when considering the protocol design.    This isn't 
military security, but it is security necessary when the internet 
impinges on and controls the physical world.

Later, Mike

v2.23.0 | Report a Bug | By Email