Re: [perpass] privacy implications of UUIDs for IoT devices
Michael Richardson <mcr@sandelman.ca> Fri, 07 October 2016 15:10 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07F72129641 for <perpass@ietfa.amsl.com>; Fri, 7 Oct 2016 08:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.897
X-Spam-Level:
X-Spam-Status: No, score=-4.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xn6gwHwJGmVq for <perpass@ietfa.amsl.com>; Fri, 7 Oct 2016 08:10:37 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 024B2129629 for <perpass@ietf.org>; Fri, 7 Oct 2016 08:10:37 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id BDAD2200A5; Fri, 7 Oct 2016 11:24:33 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id CA5CC6392D; Fri, 7 Oct 2016 11:10:35 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Christian Huitema <huitema@huitema.net>
In-Reply-To: <02aa01d2203b$e7e3a1e0$b7aae5a0$@huitema.net>
References: <5c32e81f-7e43-2bde-b8f4-46f08fecdefb@cs.tcd.ie> <db516334-43ab-e967-cfd5-87d920b65015@filament.com> <8195a761-9714-df53-0c42-43bac757b203@gmail.com> <029701d21f6d$ab5e5c70$021b1550$@huitema.net> <30295.1475762265@obiwan.sandelman.ca> <02aa01d2203b$e7e3a1e0$b7aae5a0$@huitema.net>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <7308.1475853035.1@obiwan.sandelman.ca>
Content-Transfer-Encoding: quoted-printable
Date: Fri, 07 Oct 2016 11:10:35 -0400
Message-ID: <7310.1475853035@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/perpass/QFJ7rcuoZdX_TSnclQPk6OvEAAo>
Cc: perpass@ietf.org
Subject: Re: [perpass] privacy implications of UUIDs for IoT devices
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 15:10:39 -0000
Christian Huitema <huitema@huitema.net> wrote: >> I'd love to find a way to send the identifier only to an authorized >> operator, >> which is resistant to an active MITM, given that the new device (the >> pledge) >> doesn't know who the authorized operator is yet. > We are looking at that in the pairing draft in DNSSD > (https://tools.ietf.org/html/draft-kaiser-dnssd-pairing-00). The hypothesis > is that the two paired devices can display a short authentication This might be fine for larger devices with displays, but it's a fail everywhere else. Even in ANIMA, one could have a $300K BFR being deployed, but it doesn't have a display or a person to read the display. But, does this device need privacy? But, the same system ideally bootstraps home routers, which at $39.95, still don't have a display or a competent human to read the display. > e.g. 6-7 digits. Given that, we can establish a TLS connection without prior > credentials between the two parties, with a probability 99.9999% that Such as was done with the STU-III phone... > There is another trick, used in the privacy extensions to DNS-SD > (https://tools.ietf.org/html/draft-huitema-dnssd-privacy-02). Use TLS PSK, > or better yet TLS/ECDH/PSK. Instead of PSK ID, send a puzzle that can only > be solved by parties knowing the PSK, e.g. nonce + hash (nonce, PSK). That > guarantees connection without MITM, and also without disclosure of the > identities to third parties. Problem, it scales as O(number of PSK) known by > the server. We could probably devse an extension of that using public key > technology. How does the responding end know which PSK to try? I guess that's why it scales O(number of devices), because the responder has to try *all* of the PSK it knows? Wow. With public key technology, one could sign something, send the signature, and let the responder try all the public keys it knows? Basically, just omit the Certificate in the handshake. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- [perpass] privacy implications of UUIDs for IoT d… Peter Saint-Andre - Filament
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… John Levine
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Hugo Maxwell Connery
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Joseph Lorenzo Hall
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Eitan Adler
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Ross Schulman
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter