Re: [Lwip] Intdir early review of draft-ietf-lwig-crypto-sensors-04
Mohit Sethi <mohit.m.sethi@ericsson.com> Mon, 25 December 2017 16:50 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5584D12711A; Mon, 25 Dec 2017 08:50:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9DWk4NdGjKF; Mon, 25 Dec 2017 08:49:58 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D90A9126CB6; Mon, 25 Dec 2017 08:49:57 -0800 (PST)
X-AuditID: c1b4fb3a-716549c0000037f2-15-5a412c338413
Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.183.54]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id FE.F6.14322.33C214A5; Mon, 25 Dec 2017 17:49:56 +0100 (CET)
Received: from nomadiclab.fi.eu.ericsson.se (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.56) with Microsoft SMTP Server id 14.3.352.0; Mon, 25 Dec 2017 17:49:45 +0100
Received: from nomadiclab.fi.eu.ericsson.se (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id 2844D53690; Mon, 25 Dec 2017 18:53:08 +0200 (EET)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id 8629C4E97E; Mon, 25 Dec 2017 18:53:07 +0200 (EET)
To: Tim Chown <tim.chown@jisc.ac.uk>
CC: lwip@ietf.org, draft-ietf-lwig-crypto-sensors.all@ietf.org
References: <150931458233.3515.10214190547457562395@ietfa.amsl.com>
From: Mohit Sethi <mohit.m.sethi@ericsson.com>
Message-ID: <e5c315d9-2326-7e64-edc0-ba016706ab6c@ericsson.com>
Date: Mon, 25 Dec 2017 18:49:44 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <150931458233.3515.10214190547457562395@ietfa.amsl.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms020901030407010804000109"
X-Virus-Scanned: ClamAV using ClamSMTP
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGIsWRmVeSWpSXmKPExsUyM2K7ma6JjmOUwbzjHBYXb35gsZi3T9ii 7+djNgdmjyVLfjJ5rPx9hS2AKYrLJiU1J7MstUjfLoEr48fFSYwFa6Mrzvxczt7AeCawi5GT Q0LAROLvjIOsXYxcHEIChxkl5h9fzAiSEBLYwSix8LwQRGIjo8T3cx+ZIZwFjBI3V+8GquLg EBZwlZjfYwZiigioSByfLwzSyyzgJDHjdiMLxBxnidNP1rCC2GwCehKd544zg9i8AvYS7Xtb 2UBsFgFVifcvfoPViApESDTNnMsKUSMocXLmE7A5nAIuEq0N89lBTmAW6GaU6OpYzA7xgZrE 1XObmCGWqUts7TjAOIFRaBaS/lnIemaBHWgmMW/zQ2YIW1ti2cLXULa4xK0n85kgbGuJGb8O skHYihJTuh9C9ZpKvD76kRHCNpZYtu4v2wJGzlWMosWpxcW56UZGeqlFmcnFxfl5enmpJZsY gTF2cMtvqx2MB587HmIU4GBU4uG9qu0YJcSaWFZcmXuIUQVozqMNqy8wSrHk5eelKonwOk9z iBLiTUmsrEotyo8vKs1JLT7EKM3BoiTO65RmESUkkJ5YkpqdmlqQWgSTZeLglGpgNN72m3+S +i/f2WmRk/gL/Deuz9J0W6oQc2Xa3RChSbYeqTIXZqYYfDHsY9dccHDNlR9/Qj7fZXfQes15 vi8q1Wb1qfmTs+8WG59KDNui/lHNvP6fGKu7wOoJjJET7p0+/eLGlBMb7qu5pCTOevN365WI ped3Lp13TyBsxYSD7FErb4R0BTaXlCmxFGckGmoxFxUnAgC50Dq5uQIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/5NvhQiWYUbySmhUJjcltStFevm4>
Subject: Re: [Lwip] Intdir early review of draft-ietf-lwig-crypto-sensors-04
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Lightweight IP stack <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Dec 2017 16:50:00 -0000
Dear Tim, Thanks for the detailed review and positive comments. We have now submitted an updated version which can be found here: https://tools.ietf.org/html/draft-ietf-lwig-crypto-sensors-05. The diff from the previous version can be found here: https://www.ietf.org/rfcdiff?url2=draft-ietf-lwig-crypto-sensors-05. Please find our responses to your specific comments inline. Let us know if the modifications are not sufficient. --Mohit On 10/30/2017 12:03 AM, Tim Chown wrote: > Reviewer: Tim Chown > Review result: Ready > > Hi, > > This Informational draft describes the challenges in securing > resource-constrained smart object / IoT devices, documenting the associated > tradeoffs, and discussing the availability of appropriate cryptographic > libraries for such devices. > > I have reviewed this document, and overall find it generally ready for > publication, though I have some minor nits / comments for consideration below; > these are just suggested changes / improvements, and I would not object > strongly if all were ignored. > > General comments: > > The document is very easy and enjoyable to read, and the quality of the writing > is very good. The authors have clear expertise in the field. > > It may be worth considering teasing apart the evaluation and the architectural > aspects of the document; these are somewhat interwoven as currently written. > > Related, there are some rather nice recommendations made throughout the > document; these could perhaps be summarised either at the start or perhaps > better the close of the document, e.g. on page 4 regarding selecting the > hardware after determining the security requirements for a device, and not > necessarily simply picking the most lightweight algorithm, or on page 7 > regarding appropriate layers for tasks, or on page 9 regarding elliptic curve > vs RSA, or on page 11 on real deployments using 32-bit microcontrollers, or the > recommendation to the IETF community on page 14, or on planning for firmware > updates on page 16, etc. We have now added a summary of important security recommendations from our implementation experience in section 9. > > Comments by page: > > On page 5, in the first paragraph on provisioning, there is no hint of any > bootstrap process for identities; this follows later on page 6, but a hint > here, or just adding "as discussed on page 6 or in section x.y" might be nice. > > Also on page 5, I'd be interested in seeing some brief text added on the > "remaining vulnerabilities" that are mentioned near the foot of the page. We have added new text here. "leap-of-faith or trust-on-first-use based pairing methods assume that the attacker is not present during the initial setup and are vulnerable to eavesdropping or man-in-the-middle (MitM) attacks." > > On page 6, is it worth adding a little text on privacy somewhere? We've been > doing some work through Christian Huitema and Daniel Kaiser on anonymous device > pairing in the DNSSD WG, and a similar requirement might be desirable in some > scenarios here? Christian had provided detailed feedback on privacy and identifiers. To address this, we have added new text in section 3 (Challenges), section 4.1 (Provisioning) and section 8.1 (Feasibility). > > On page 7, having said earlier you should pick the hardware after determining > requirements, you then decide to pick an Arduino platform and see what you can > manage to run on it. I fully understand why (and I'd be equally curious), but > you should probably clarify the "conflict" further. There was missing text here. We have now completed the sentence. "Our choice of a 8-bit platform may seem surprising since cheaper and more energy-efficient 32-bit platforms are available. However, our intention was to evaluate the performance of public-key cryptography on the smallest platforms available. It is reasonable to expect better performance results from 32-bit microcontrollers. > > On page 12, would a little more detail on RNG requirements, esp. for devices of > this type, be worthwhile? We have also added a pointer to RFC4086 that provides a detailed discussion on requirements and best practices for cryptographic-quality randomness. > > On page 16, you're hardcoding the IP address? Is it not possible to use RD? > We've been comparing that and looking at interoperability with classic DNSSD in > the DNSSD WG. The IP address of the resource-directory was hardcoded. The location of the publish-subscriber broker was then discovered from the resource directory. I should also add that this was a prototype implementation on a small device. A real deployment would have used an actual domain name. > > On page 16, section 10 seems to have no content? Or should sections 11 onwards > be subsections of section 10? Section 10, 11, 12, 13, 14 were related but somehow incorrectly placed. This was an xml formatting error on our part. We have now fixed section/subsection order. > > On page 17, at the end of section 11, should there also be some 'spin up' costs > for the radio? Added. "in general the power requirements necessary to turn the radio on/off and sending or receiving messages are far bigger than those needed to execute cryptographic operations." > > Best wishes, > Tim > >