IETF Logo Mail Archive

Re: [Dtls-iot] FW: New Version Notification for draft-keoh-dice-multicast-security-08.txt

"Kumar, Sandeep" <sandeep.kumar@philips.com> Thu, 10 July 2014 15:10 UTC

Return-Path: <sandeep.kumar@philips.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED33B1A0AE7 for <dtls-iot@ietfa.amsl.com>; Thu, 10 Jul 2014 08:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p--Kx_dtPkBx for <dtls-iot@ietfa.amsl.com>; Thu, 10 Jul 2014 08:10:30 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3lp0078.outbound.protection.outlook.com [213.199.154.78]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0385B1A0AA3 for <dtls-iot@ietf.org>; Thu, 10 Jul 2014 08:09:58 -0700 (PDT)
Received: from DB3PR04CA008.eurprd04.prod.outlook.com (10.242.134.28) by DB3PR04MB0634.eurprd04.prod.outlook.com (25.160.45.148) with Microsoft SMTP Server (TLS) id 15.0.985.8; Thu, 10 Jul 2014 15:09:56 +0000
Received: from AM1FFO11FD050.protection.gbl (2a01:111:f400:7e00::125) by DB3PR04CA008.outlook.office365.com (2a01:111:e400:9814::28) with Microsoft SMTP Server (TLS) id 15.0.985.8 via Frontend Transport; Thu, 10 Jul 2014 15:09:55 +0000
Received: from mail.philips.com (206.191.240.52) by AM1FFO11FD050.mail.protection.outlook.com (10.174.65.213) with Microsoft SMTP Server (TLS) id 15.0.980.11 via Frontend Transport; Thu, 10 Jul 2014 15:09:55 +0000
Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.47]) by DBXPRD9003HT002.MGDPHG.emi.philips.com ([141.251.25.207]) with mapi id 14.16.0459.000; Thu, 10 Jul 2014 15:09:55 +0000
From: "Kumar, Sandeep" <sandeep.kumar@philips.com>
To: Michael StJohns <msj@nthpermutation.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Thread-Topic: [Dtls-iot] FW: New Version Notification for draft-keoh-dice-multicast-security-08.txt
Thread-Index: Ac+bXmuNuSAgF/SmS0ikwh51CozPeAA3J7uAAAUIQ+A=
Date: Thu, 10 Jul 2014 15:09:54 +0000
Message-ID: <BE6D13F6A4554947952B39008B0DC0153E7D165A@DBXPRD9003MB059.MGDPHG.emi.philips.com>
References: <BE6D13F6A4554947952B39008B0DC0153E7D0EC0@DBXPRD9003MB059.MGDPHG.emi.philips.com> <53BE87E9.6080903@nthpermutation.com>
In-Reply-To: <53BE87E9.6080903@nthpermutation.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [194.171.252.100]
Content-Type: multipart/alternative; boundary="_000_BE6D13F6A4554947952B39008B0DC0153E7D165ADBXPRD9003MB059_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(6009001)(428002)(189002)(199002)(374574003)(55904004)(85714005)(85306003)(74502001)(97736001)(50986999)(104016003)(512954002)(105586002)(71186001)(54356999)(77096002)(20776003)(55846006)(81542001)(21056001)(95666004)(107046002)(4396001)(76176999)(81342001)(99396002)(6806004)(64706001)(16236675004)(92566001)(101416001)(92726001)(44976005)(19625215002)(19300405004)(66066001)(80022001)(46102001)(83072002)(79102001)(84676001)(15202345003)(68736004)(2656002)(86362001)(83322001)(15975445006)(77982001)(84326002)(107886001)(31966008)(33656002)(69596002)(106466001)(81156004)(87936001)(85852003)(19580405001)(19580395003)(76482001)(567094001); DIR:OUT; SFP:; SCL:1; SRVR:DB3PR04MB0634; H:mail.philips.com; FPR:; MLV:sfv; PTR:ErrorRetry; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:
X-Forefront-PRVS: 0268246AE7
Received-SPF: None (: philips.com does not designate permitted sender hosts)
Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com;
X-OriginatorOrg: philips.com
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/zIozxW5mQ9ONWn4zhKely7t6SEA
Subject: Re: [Dtls-iot] FW: New Version Notification for draft-keoh-dice-multicast-security-08.txt
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jul 2014 15:10:40 -0000


From: Michael StJohns [mailto:msj@nthpermutation.com]

The more geographic (or topologic) area covered by the multicast group, the easier the hack is and the harder the protections are.

I keep getting whipshawed by the arguments in this case - first its "no this will only be used in a secure building on a private network" and then its "no, this can be used in wide area multicast".  I don't think either of these are reliable design criteria and I wouldn't consider either to be enforceable in the build out of an IOT mesh.  That suggests that we have to design for the worst case of the wild wild internet and not the peaceful backwater of someone's home.

Mike



[SK] This is exactly why I presented the scenario very clearly at IETF London. The scenario was a single corridor with wireless lights and wired presence sensors which speak IP. Just because multiple PHY/MAC are used does not make it a large geographic or topological area.
Sandeep

________________________________
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.

v2.23.0 | Report a Bug | By Email