Re: [Iotops] New draft draft-lear-iotops-onboard-intr-00.txt
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 25 February 2021 15:36 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF5F93A1B3A for <iotops@ietfa.amsl.com>; Thu, 25 Feb 2021 07:36:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lvm5a9hqn0U0 for <iotops@ietfa.amsl.com>; Thu, 25 Feb 2021 07:36:11 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C23393A1B37 for <iotops@ietf.org>; Thu, 25 Feb 2021 07:36:11 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 51A1A389FF; Thu, 25 Feb 2021 10:40:24 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 15EG1YAH5tH3; Thu, 25 Feb 2021 10:40:23 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 0C8B9389A5; Thu, 25 Feb 2021 10:40:23 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0C41A223; Thu, 25 Feb 2021 10:36:08 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>, iotops@ietf.org
In-Reply-To: <CCC78175-EFD9-494E-8C0D-0F68F19EA565@cisco.com>
References: <CCC78175-EFD9-494E-8C0D-0F68F19EA565@cisco.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 25 Feb 2021 10:36:08 -0500
Message-ID: <12566.1614267368@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/MvY8t8y0C9U92Ik-2KGUf3l3RMU>
Subject: Re: [Iotops] New draft draft-lear-iotops-onboard-intr-00.txt
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 15:36:15 -0000
Eliot Lear <lear=40cisco.com@dmarc.ietf.org> wrote: > I’ve written a bit of a discussion about some of the blockers for IoT > onboarding, particular around real zero touch. Two different > onboarding technologies – BRSKI and DPP – have two different gaps that > need to be filled to get to zero touch. BRSKI has one key gap- how the > registrar is known by the MASA to be associated with a particular > customer. DPP has one gap: how to get that key into the configurator. > If we view the configurator as a registrar. These problems can reduce > to the same one. Thank you for the interesting document. Some general comments first: I was surprised that you aren't making a key characteristic of DPP being that the public key is delivered by QRcode. The protocol is not exactly zero-touch as you say, but it's based upon physical possession. It's zero-touch to me in the sense that nobody needs to do anything specific to the device, like plugging in a console cable, or typing some commands. The IETF is in the process of (RFC-EDITOR Q) of standardizing draft-ietf-6tisch-minimal-security, whereby per-device PSKs are distributed "somehow" to the operator. Yes, as envisioned, these are PSKs, not key pairs, but I suspect we could make the same flow (with the same number of round trips) work if a key pair instead of a PSK was involved. In section 3 you ought to mention draft-richardson-anima-voucher-delegation. You write: } There are several ways to think about this problem: } } (1)o seller transmits something to the buyer registrar as part of a } transaction. } } (2)o seller provides buyer an artifact as part of a sale. I couldn't quite understand the distinction between these. I think that you meant in (1) that the something (an artifact), is transfered electronically, while in (2), it is included physically with the item. } o original manufacturer records the sale. } } o original manufacturer simply notes the transfer. What your document hints at, but never actually says, is that there is a continuum of desired onboarding and ownership policies. Section 1.2, when it mentions: o Nothing. It can just sign the voucher request, logging the request. o Validation that a particular device belongs in a particular deployment. misses that these are actually two poles of a spectrum. At one end are things where possession is 100% indication of control. For instance, gym equipment comes to mind [Google "Gym Enabled Machines", or GEM]. It is worth discussing if the process of taking control of an exercise bicycle is really onboarding. But, I think that there are still a wide variety of simple things where having it in your hands is sufficient proof. Moving away from that end, there are more durable goods: fridges, TVs, stoves, furnaces, possibly even laptops (not the desktop OS itself, but the BMC). These things are bought, resold, lent, rented, leased without filing any papers with a regulatory agency. Today, they outlive their manufacturers (or the division that made them), although this trend has been declining. Medical equipment has an interesting niche: it is strongly owned, and strongly regulated, and yet, some aspect of the machine needs to available to any medical staff that is in physical possession of the device. When you need that infusion pump, you need it. Cars also have a unique niche: while they are bought and sold, they are also aggressively stolen. Possession should *not* be a means to prove onwership. And, pretty much every country already has a regulator (the "DMV") to which transfers of ownership are filed. Continuing out to the other pole are items, surveillance cameras for instance, which despite being essentially in the hands of adversaries, need to remain owned by the original deployment. } 5. This is really only about network onboarding ... } For private shared keys, there currently is no great answer to this } question. so, to my mind, if the private shared keys are not being leveraged to create a more resilient relationship, then the investment in the PSK has been squandered! -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [Iotops] New draft draft-lear-iotops-onboard-intr… Eliot Lear
- Re: [Iotops] New draft draft-lear-iotops-onboard-… Michael Richardson