Re: [Iotops] maintain ownership (was: can we create protocols that securely transfer ownership?)
Toerless Eckert <tte@cs.fau.de> Fri, 30 October 2020 21:03 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9DE73A0962 for <iotops@ietfa.amsl.com>; Fri, 30 Oct 2020 14:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xO08GKoYJKVq for <iotops@ietfa.amsl.com>; Fri, 30 Oct 2020 14:03:43 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12F4B3A0924 for <iotops@ietf.org>; Fri, 30 Oct 2020 14:03:42 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [131.188.34.52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 9B404548659; Fri, 30 Oct 2020 22:03:37 +0100 (CET)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 949F3440059; Fri, 30 Oct 2020 22:03:37 +0100 (CET)
Date: Fri, 30 Oct 2020 22:03:37 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "Andrew G. Malis" <agmalis@gmail.com>, iotops@ietf.org
Message-ID: <20201030210337.GK48111@faui48f.informatik.uni-erlangen.de>
References: <160338716989.22551.17761888498316049460@ietfa.amsl.com> <CAA=duU3XAgBsbqf1k=jQ4yh-DdR=TyX+FkTYcm7LKtBzd99fdQ@mail.gmail.com> <13731.1604075416@localhost> <CAA=duU3Z5v03AkoWTJvXN2r4co9r8zTSjS5n7t0Q2NeOoTyDnQ@mail.gmail.com> <28326.1604078708@localhost> <9a2a134a-e530-81de-7c51-e6d401c3c7dd@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <9a2a134a-e530-81de-7c51-e6d401c3c7dd@gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/v_jNNxNXXRs22X_VzKBXC7zyga4>
Subject: Re: [Iotops] maintain ownership (was: can we create protocols that securely transfer ownership?)
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 21:03:46 -0000
On Sat, Oct 31, 2020 at 08:58:27AM +1300, Brian E Carpenter wrote: > On 31-Oct-20 06:25, Michael Richardson wrote: > > > > Andrew G. Malis <agmalis@gmail.com> wrote: > > > Yes, in addition to being a good story, the point is who controls the > > > firmware in our things, and how bad it can get not only when the > > > manufacturer enforces DRM, but the gov't enables the behavior > > > (criminalizing jailbreaking). > > > > > Or the issues that arise when the manufacturer fails to properly maintain > > > the firmware, or goes out of business. > > > > All major concerns. What do you think the IETF can/should do? > > I have some very specific ideas which I think are manageable and specific. > > Both BRSKI and SUIT have minor references to the latter problem, and I > think that when considering tiny cheap devices it isn't a theoretical issue, > but one that's highly likely. There is also (as for incandescent light > bulbs) a strong incentive for manufacturers to sell devices that are > designed to break after a while. An expiring certificate would be a great > way to break devices remotely, for example. Indeed, before even thinking about transferring ownership i would to see what IETF security community can do to remove the current problem of even just MAINTAINING OWNERSHIP in face of (if i am not mistaken) current PKI recommendations: My TivoHD for example had its certificate expire few years into its lifetime, even though i had upfront bought a so-called "lifetime service" for it. Of course, the lifetime-service did not include "maintaining a current cert for the lifetime of the device". And that is just the most egregious example i ran across because of me having to learn how to hack up all the software that was talking to the TiVo via TLS - to ignore the expired cert. I am saying the IETF is partially to blame because i think we also proliferate the notion that certificates have to be renewed periodically with maximum usual lifetimes of now i think one year ? (was two years) Of course, this is specifically a consumer-IoT problem, because industrial customers should typically be in a stronger position to avoid these vendor abuse of pricipally sound technical guidance. As much as i like to explore short lived certificates more in environments where i can set up the right environment to support that, we should IMHO also think about the simplicity of lifetime-long-certificates. Which we currently do not have in web PKI. The fact alone that we do only have in browsers one single TA space (Internet) seems to be the worst offender, proliferated by the fact that that is the only domain that most big contributors in the IETF are interested in. Nevertheless, to support what we claissically did without crypto, namely private networks (with private addresses), we should also have a crypto strategy for such private networks. And in most cases, livetime-long certs will be the only reasonable solution there. But, and to get back to the topic: One way on how to get to lifetime-long certs would be an actual transfer of ownership from whaever the vendor put in as certs to a cert from the current owner and using a lifelong expirty time (e.g.: infinite). This could be hosted in a private TA. The question is primarily how to have browsers support diffeent TA domains without confusing the user. And of course, when you sell the device, you would need to do transfer of ownership again by overwriting the current cert with one of the new owner. JUst a line of thoughts. Cheers Toerless > > Brian > > -- > Iotops mailing list > Iotops@ietf.org > https://www.ietf.org/mailman/listinfo/iotops -- --- tte@cs.fau.de
- [Iotops] New Non-WG Mailing List: IOTOPS -- IOT O… IETF Secretariat
- Re: [Iotops] New Non-WG Mailing List: IOTOPS -- I… Andrew G. Malis
- [Iotops] can we create protocols that securely tr… Michael Richardson
- Re: [Iotops] can we create protocols that securel… Andrew G. Malis
- Re: [Iotops] can we create protocols that securel… Michael Richardson
- Re: [Iotops] can we create protocols that securel… Brian E Carpenter
- Re: [Iotops] maintain ownership (was: can we crea… Toerless Eckert
- Re: [Iotops] can we create protocols that securel… William_J_G Overington
- Re: [Iotops] can we create protocols that securel… Alexandre Petrescu
- Re: [Iotops] can we create protocols that securel… Michael Richardson
- Re: [Iotops] can we create protocols that securel… Michael Richardson
- Re: [Iotops] can we create protocols that securel… Toerless Eckert
- [Iotops] Use of abbreviations William_J_G Overington
- Re: [Iotops] Use of abbreviations Henk Birkholz
- Re: [Iotops] Use of abbreviations William_J_G Overington
- Re: [Iotops] Use of abbreviations Brian E Carpenter
- Re: [Iotops] can we create protocols that securel… Qin Wu
- Re: [Iotops] maintain ownership (was: can we crea… Qin Wu
- Re: [Iotops] maintain ownership (was: can we crea… Michael Richardson
- Re: [Iotops] maintain ownership (was: can we crea… Toerless Eckert
- Re: [Iotops] maintain ownership (was: can we crea… Toerless Eckert
- Re: [Iotops] maintain ownership (was: can we crea… Michael Richardson
- Re: [Iotops] maintain ownership (was: can we crea… Amyas Phillips, Ambotec
- Re: [Iotops] maintain ownership (was: can we crea… Michael Richardson
- Re: [Iotops] maintain ownership Brian E Carpenter
- Re: [Iotops] maintain ownership Michael Richardson
- Re: [Iotops] maintain ownership William_J_G Overington
- Re: [Iotops] maintain ownership William_J_G Overington