IETF Logo Mail Archive

Re: [nmrg] I-D Action: draft-behringer-autonomic-bootstrap-00.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 26 May 2014 03:45 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: nmrg@ietfa.amsl.com
Delivered-To: nmrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0E811A044B for <nmrg@ietfa.amsl.com>; Sun, 25 May 2014 20:45:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6NFWCIeNs9d for <nmrg@ietfa.amsl.com>; Sun, 25 May 2014 20:45:58 -0700 (PDT)
Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B47D71A0448 for <nmrg@irtf.org>; Sun, 25 May 2014 20:45:58 -0700 (PDT)
Received: by mail-pa0-f48.google.com with SMTP id rd3so6951311pab.35 for <nmrg@irtf.org>; Sun, 25 May 2014 20:45:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=8ZBiqZOKuLpW3SAImPiV9EMsc7F+m1AEEjWCZHA48jk=; b=wmoXoeGb1w11p9AXE3oeoYFJMU6AMPf8m3uAPdsxrTMYD8f1iDIKu17P+rkXDzY+n4 PAh8z5Kvs0HQ7aq3kUlJV3xL11Qu5FEl78ZJTKGdiNMjOCIk0cA4JbUAvX1ztSHyYQoo X1ELFOSJNV2Zphm2xUI1ktwdVpOGa+fwF4bt/0pINQ9BbB33wpikAPBbbJ3OAwjfTudQ zDXg/kkD7l0NKg/KYNeXshNaowLfNV2BKqlq/oUivwOSjkBzz/ZTmBfcGpIvTm6MaI3a n2wWaeQFOeo9eFGV8DNguU/sara8lC91onu21nFx2adXXKHvcMSmktyFHgmiROkwkzKT 04xw==
X-Received: by 10.68.103.165 with SMTP id fx5mr24943365pbb.118.1401075955915; Sun, 25 May 2014 20:45:55 -0700 (PDT)
Received: from [192.168.178.23] (6.192.69.111.dynamic.snap.net.nz. [111.69.192.6]) by mx.google.com with ESMTPSA id i10sm51675246pat.36.2014.05.25.20.45.53 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 25 May 2014 20:45:55 -0700 (PDT)
Message-ID: <5382B8F1.6050605@gmail.com>
Date: Mon, 26 May 2014 15:45:53 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: draft-behringer-autonomic-bootstrap@tools.ietf.org, nmrg@irtf.org
References: <20140509132424.19121.91782.idtracker@ietfa.amsl.com>
In-Reply-To: <20140509132424.19121.91782.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/nmrg/ZWsrYlMLfp9-a8qwm3MtXPhDNKQ
Subject: Re: [nmrg] I-D Action: draft-behringer-autonomic-bootstrap-00.txt
X-BeenThere: nmrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Management Research Group discussion list <nmrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nmrg>, <mailto:nmrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/nmrg/>
List-Post: <mailto:nmrg@irtf.org>
List-Help: <mailto:nmrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nmrg>, <mailto:nmrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 May 2014 03:46:00 -0000

Hi,

Here are a few comments on the bootstrap use case:

>    On the side of the new network element, an unskilled person should be
>    able to connect the device following a simple cabling scheme, perhaps
>    only supplying power to a wireless device.  Once connected, the
>    device must be powered on. 

Or not even that! Consider a wireless IoT device with solar power.
All you do is take it out of its box and Blu-Tack it in place.
No cable, no battery, no switch.

>    While
>    authorization of the UDI is required, it can be further automated,
>    for example providing a white list of valid device UDIs.  The actual
>    process of enrolment and bootstrapping should be zero-touch for the
>    operator.

What about the BlueTooth approach, where a device is white-listed
by a manual button-push during a short window of opportunity? There
are scenarios where that is acceptable (I have just unwrapped a
new device and want to validate it as part of my network).

>    For a fully secure
>    process, the device requires an IEEE 802.1AR [IDevID] credential.

Do we really want to specify the exact solution in a use case?
I think the reference should just be an example here.

More important, I don't think this is optional. Authentication of
every device is a MUST. Otherwise, the NSA can just add a spybot
to any network it finds interesting.

>    All
>    communications are link local

You state that as a fact, and of course it must be true at
the start of bootstrapping, but it creates a requirement:
every physical link (including wireless domain) must include
at least one proxy. Then you say

>    The neighbouring device acts as a
>    proxy 

OK, but there's another thing: which is "the" neighbour
on a link? Or could any neighbour act as a proxy?

Also, do the proxies need their own use case?

>    A new device exchanges data through the neighboring proxy with two
>    entities:
> 
>    o  A "Registrar" device, acting as the trust anchor of the domain.

So will you do a separate use case for autonomic configuration
of the registrar in the case of human-free networks? I touched
on that in the homenet use case, but without enough detail.

>    o  A cloud service provided by the vendor to facilitate autonomic
>       mechanisms. 

Surely that is not always needed? Don't you want disconnected networks
to be autonomic too?

>   Intent is not required for this autonomic process.

That surprises me. Isn't it possible that such questions as
crypto strength, and whether or not strict privacy is required,
might be delivered as intent?

> 7. Security Considerations

I think this is a bit relaxed. Enrolment is a critical
event in the security history of a site, and wireless
networks are especially vulnerable. Also, you should
perhaps note that privacy may require enrolments to be
conducted completely secretly, with no visible ID
escaping.

    Brian

v2.23.0 | Report a Bug | By Email