Re: [MSEC] Key Management protocol (GDOI - 6407) forward

Brian Weis <bew@cisco.com> Sat, 12 October 2013 00:10 UTC

Return-Path: <bew@cisco.com>
X-Original-To: msec@ietfa.amsl.com
Delivered-To: msec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFCEA11E81A1 for <msec@ietfa.amsl.com>; Fri, 11 Oct 2013 17:10:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.57
X-Spam-Level:
X-Spam-Status: No, score=-110.57 tagged_above=-999 required=5 tests=[AWL=-0.029, BAYES_00=-2.599, HTML_EMBEDS=0.056, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uBibLo9QcNao for <msec@ietfa.amsl.com>; Fri, 11 Oct 2013 17:10:53 -0700 (PDT)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 1703511E8187 for <msec@ietf.org>; Fri, 11 Oct 2013 17:10:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16083; q=dns/txt; s=iport; t=1381536653; x=1382746253; h=mime-version:subject:from:in-reply-to:date:cc:message-id: references:to; bh=g3h3R5K7jEL8iWXZ26YbTE6KtTvyiVsQBOW2dAUx1D4=; b=a9IAMjN5UfZm6K2lqG+87XyBCUgXtsQGQ93eXOvPicVjS18PKgGnrVBb 4VsCfJzXGUXq1iVDx4IUCxM8SiPcKJFFqttbDNeFCt5taAR+eds8Vck4e 459VNmv4wYL3t1IWPY0QGjRq7TFFtTqvqvc1VtqlZB+D46YHcOZp5mnuS 8=;
X-IronPort-AV: E=Sophos; i="4.93,479,1378857600"; d="scan'208,217"; a="94468422"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-4.cisco.com with ESMTP; 12 Oct 2013 00:10:51 +0000
Received: from dhcp-128-107-151-21.cisco.com (dhcp-128-107-151-21.cisco.com [128.107.151.21]) by mtv-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id r9C0AnYQ015076 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sat, 12 Oct 2013 00:10:50 GMT
Content-Type: multipart/alternative; boundary="Apple-Mail=_27AE1584-F134-48AB-A7B1-D8A46D02469C"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Brian Weis <bew@cisco.com>
In-Reply-To: <CE6B4BE4.23A05%paul@marvell.com>
Date: Fri, 11 Oct 2013 17:10:50 -0700
Message-Id: <37B6C947-2DEA-440A-9698-997EFEF97ACB@cisco.com>
References: <CE6B4BE4.23A05%paul@marvell.com>
To: Paul Lambert <paul@marvell.com>
X-Mailer: Apple Mail (2.1508)
Cc: "msec@ietf.org" <msec@ietf.org>, Jeff Gooding/SCE/EIX <Jeff.Gooding@sce.com>, "Maik Seewald \(maseewal\)" <maseewal@cisco.com>, "Andrew.Free@sce.com" <Andrew.Free@sce.com>, "Madani, Vahid" <VxM6@pge.com>, "Adamiak, Mark \(GE Energy Management\)" <mark.adamiak@ge.com>, "Novosel, Damir" <DNovosel@Quanta-Technology.com>, "Thanos, Daniel \(GE Energy Management\)" <Daniel.Thanos@ge.com>, "Herb Falk <herb@sisconet.com>" <Herb@sisconet.com>, "Alex Apostolov \(alex.apostolov@omicronusa.com\)" <alex.apostolov@omicronusa.com>
Subject: Re: [MSEC] Key Management protocol (GDOI - 6407) forward
X-BeenThere: msec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multicast Security List <msec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/msec>, <mailto:msec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/msec>
List-Post: <mailto:msec@ietf.org>
List-Help: <mailto:msec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2013 00:10:58 -0000

Hi Paul,

On Sep 27, 2013, at 2:52 PM, Paul Lambert <paul@marvell.com>; wrote:

> 
>> IEC TC57 WG10 (61850) and IEC TC57 WG15 (Security) has been developing a technology/standard for use as a secure multicast for its use in power grid applications using synchrophasors and other technologies relevant to smartgrid deployments globally.
>>  
>> As part of the effort, some extensions to GDOI were identified.  The 6407 draft incorporates and improves some of the enhancements already identified.  IEC TC57 WG15 is waiting for the draft RFC to transition to an RFC so it can be referenced as a normative standard in IEC 62351-9.
>>  
>> There are several utility vendors and utilities, in particular SCE (Southern California Edison), that are awaiting this transition so that their cyber security frameworks can be updated.  Delays in the transition from draft to RFC will delay implementation of several projects and implementations.
> 
> 
> Good to see such applications.  

Thanks for your encouragement.

> What encapsulation mode is specified for this multicast service?   Just curious since I have other industry requirements that are very similar and need better multicast security.

The data transports are defined in the IEC 61850-90 family of standards, and are a part of the frame formats used within and between power substations. I don't think they is generally re-usable to other industries.

But some of the payloads defined in this Internet-Draft might be applicable for key management in other industries. In particular the OID Identification (ID) payload could be used by any protocol using an OID as an identity.

Thanks,
Brian

> 
> Thanks in advance,
> 
> Paul
> 
> 
>>  
>>  
>>  
>>  
>>  
>> Herbert Falk
>> Solutions Architect
>> SISCO, INC.
>> 6605 19 1Ž2 Mile Rd.
>> Sterling Heights, MI 48314
>> (586) 254-0020 x-105
>> 
>>  
>>                                                                               
>> "In matters of style, swim with the current;   in matters of principle, stand like a rock." [Thomas Jefferson]
>>  
>>  
>> NOTICE: This communication may contain privileged or other confidential information. If you are not the intended recipient, or believe that you have  received this communication in error, please do not print, copy, retransmit,  disseminate, or otherwise use the information. Also,  please indicate to the sender that you have received this communication in error, and delete the copy you received. Thank you.
>>  
> 
> 
> 
> _______________________________________________
> MSEC mailing list
> MSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/msec

-- 
Brian Weis
Security, Enterprise Networking Group, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com