Re: [Dtls-iot] FW: New Version Notification for draft-keoh-dice-multicast-security-08.txt
Michael StJohns <msj@nthpermutation.com> Tue, 08 July 2014 15:23 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B5AE1A007E for <dtls-iot@ietfa.amsl.com>; Tue, 8 Jul 2014 08:23:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3OVjkMN3oD6N for <dtls-iot@ietfa.amsl.com>; Tue, 8 Jul 2014 08:23:50 -0700 (PDT)
Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D76511B2811 for <dtls-iot@ietf.org>; Tue, 8 Jul 2014 08:23:49 -0700 (PDT)
Received: by mail-qc0-f182.google.com with SMTP id m20so5327709qcx.27 for <dtls-iot@ietf.org>; Tue, 08 Jul 2014 08:23:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type; bh=yK83qB3/mSy5iprp2FBQgK1N4Zuf5bp1EwZ7/9xkauM=; b=QwnWpbrjU266a5MTt65gS0us/ZpWT3nIQ+2nF6JzGAhiGZNiv8oUrUBzgbZPDVkUhN FUV2DPd7MT8xMB2ydlKf1uuK09vOS31GoYFU/nIVOlo1qVlcgMu7sTOyyVl6wDFjNJai QwZvH1BPkFoe5rhwg5rdDr2NrI4bEPoTC2xjTcG8WFoGnmeiKbNnvcwbmWQfgPg8Et5I WKpjzJPDCTo9TKjZ1CkYu69rEkCarWd8KldlEFhxpQqr8b6mJf77WfhsyhTjgVW9eTCl wmDxobWwJZ77lbEl3Iviw/SyxHvIJLxg177Kzmn9CvRPUgK6qZv2PWXbZ3Il98wsbF20 u28A==
X-Gm-Message-State: ALoCoQkTDgptoVeBGKguLXmzMi+CKKHKDUW0fuB1Ak0VjeIXsN68VbiSq6qm/lgL1BoN+5ZTUp9E
X-Received: by 10.140.18.243 with SMTP id 106mr56640625qgf.105.1404833029076; Tue, 08 Jul 2014 08:23:49 -0700 (PDT)
Received: from ?IPv6:2601:a:2a00:390:712e:cb82:d532:4307? ([2601:a:2a00:390:712e:cb82:d532:4307]) by mx.google.com with ESMTPSA id b10sm29204032qgf.7.2014.07.08.08.23.48 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 08 Jul 2014 08:23:48 -0700 (PDT)
Message-ID: <53BC0D0B.7090406@nthpermutation.com>
Date: Tue, 08 Jul 2014 11:23:55 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "Kumar, Sandeep" <sandeep.kumar@philips.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
References: <20140703125443.15822.61762.idtracker@ietfa.amsl.com> <BE6D13F6A4554947952B39008B0DC0153E7CB29C@DBXPRD9003MB059.MGDPHG.emi.philips.com> <53BAC656.7010008@nthpermutation.com> <BE6D13F6A4554947952B39008B0DC0153E7CF9CC@DBXPRD9003MB059.MGDPHG.emi.philips.com>
In-Reply-To: <BE6D13F6A4554947952B39008B0DC0153E7CF9CC@DBXPRD9003MB059.MGDPHG.emi.philips.com>
Content-Type: multipart/alternative; boundary="------------040600030009030005030609"
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/uk6EZITVHwcoEyHvLlCwJMr1Euc
Subject: Re: [Dtls-iot] FW: New Version Notification for draft-keoh-dice-multicast-security-08.txt
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2014 15:23:52 -0000
On 7/8/2014 8:26 AM, Kumar, Sandeep wrote: > Hi Mike > > See inline > >> >-----Original Message----- >> >From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Michael >> >StJohns >> > >> >In the interim, >> >https://datatracker.ietf.org/doc/draft-kumar-dice-groupcomm-security/ >> >has been submitted. That document shares a lot of the same boilerplate text >> >as this document and I thought it was headed in the direction of defining >> >public key mechanisms at the COAP layer rather than something at the DTLS >> >layer, but it seems to have mostly restated this document with a few >> >paragraphs on why public key is too expensive and*maybe* moving the >> >symmetric key secure multicast problem to the COAP layer (but even that's >> >unclear). >> > > [SK] I do not understand what you are referring to but draft-kumar-dice-groupcomm-security > clearly includes the public key options. The SIG field in Figure 2 and Figure 3 are the > public key signatures. This is exactly what we had discussed offline in London on how such a solution would look like. > The symmetric key MAC was also mentioned at the mike in London as being useful for DoS protection. > Confidentiality does not even come into picture if you choose a ciphersuite which has no encryption Hi Sandeep - I probably was a bit too harsh on my comments, but I got there from: o Section 4.3 which is basically arguing that PK is too expensive and complex. o Section 4.2 which suggests that PK might be better done as part of DTLS (shim layer). o Section 3.2 which is mostly what you need to do symmetric key multicast only slightly modified for PK. o Section 6. which is all about the issues with symmetric key confidentiality rather than discussing PK source and integrity. Overall I think I saw this document somewhere before without any of the PK stuff in it, but I can't place it. And this document really does share a lot in common with draft-keoh.... What I was hoping for based on our discussions was a draft that described only PK source auth and integrity at the CoAP level without mixing in any of the symmetric key issues. And that was actually an implementation spec or closer to one (e.g. here's the actual format for how you encapsulate signatures with CoAP and here's the backwards compatibility issues), and here's what gets signed. And here's how it gets verified. And here's how it gets placed in a groupcomm message. Finally, a PK signed CoAP message shouldn't have any special handling considerations - it gets sent either unicast or multicast like any other CoAP message. The receiving node makes a decision on whether to act on the contents of the message based on the identity of the sender and whether the message verifies. With respect to the symmetric key multicast stuff - it continues to be a red herring. If you provide link layer security for your IOT mesh, (which can be done as a two-party symmetric key system), you get as much or more privacy protection that you get if you try and do symmetric key at the multicast level. The DOS protection you mention is subject to the exact same set of attacks mentioned before - ANYONE that has the multicast key can send verified traffic, which means that even one weak link (e.g. your lightbulb being hacked - and it will) makes that DOS protection moot. Mike
- [Dtls-iot] FW: New Version Notification for draft… Kumar, Sandeep
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Kumar, Sandeep
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Carsten Bormann
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Carsten Bormann
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Kumar, Sandeep
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Kumar, Sandeep