[Roll] [roll] #142: Clarification of secure key distribution

"roll issue tracker" <trac+roll@trac.tools.ietf.org> Wed, 08 January 2014 15:52 UTC

Return-Path: <trac+roll@trac.tools.ietf.org>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A9261ADF35 for <roll@ietfa.amsl.com>; Wed, 8 Jan 2014 07:52:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Level:
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNVaDeo5P7Cj for <roll@ietfa.amsl.com>; Wed, 8 Jan 2014 07:52:41 -0800 (PST)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id A01571AD627 for <roll@ietf.org>; Wed, 8 Jan 2014 07:52:41 -0800 (PST)
Received: from localhost ([127.0.0.1]:48941 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+roll@trac.tools.ietf.org>) id 1W0vQZ-0007Q8-2J; Wed, 08 Jan 2014 16:52:19 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "roll issue tracker" <trac+roll@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-roll-applicability-home-building@tools.ietf.org, yvonneanne.pignolet@gmail.com
X-Trac-Project: roll
Date: Wed, 08 Jan 2014 15:52:18 -0000
X-URL: http://tools.ietf.org/wg/roll/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/roll/trac/ticket/142
Message-ID: <071.83a629a0f47b2e8cb70a862eb5b7f060@trac.tools.ietf.org>
X-Trac-Ticket-ID: 142
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-roll-applicability-home-building@tools.ietf.org, yvonneanne.pignolet@gmail.com, roll@ietf.org
X-SA-Exim-Mail-From: trac+roll@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: abr@sdesigns.dk, consultancy@vanderstok.org, emmanuel.baccelli@inria.fr, robert.cragie@gridmerge.com
Cc: roll@ietf.org
Subject: [Roll] [roll] #142: Clarification of secure key distribution
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: roll@ietf.org
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2014 15:52:43 -0000

#142: Clarification of secure key distribution

 This document includes a section on Security Considerations for
 distribution of certificates required by RPL.  It explains that for RPL
 the credential is a shared key, and then goes on to say:

 "Therefore, there MUST be a mechanism in place which allows secure
 distribution of a shared key and configuration of network identity. Both
 MAY be done using (i) pre-installation using an out-of-band method, (ii)
 delivered securely when a device is introduced into the network or (iii)
 delivered securely by a trusted neighboring device. The shared key MUST be
 stored in a secure fashion which makes it difficult to be read by an
 unauthorized party.
 An example of a method whereby this can be achieved is detailed in
 [SmartObj]"


 The wording of this paragraph is not always clear:
 1. “this” in the last sentence can refer to the storage of a key in a
 secure fashion, and leave the reader wondering why there are no references
 to means of achieving secure key distribution.  SmartOb reference is
 actually such a reference.  This should be made more clear, e.g. "An
 example of a method whereby this secure key distribution can be achieved
 in detailed in [SmartObj]."
 2. Also, it would be good to be more specific about what is meant by
 “securely” here.  For example, writing if the key must be authenticated
 and kept secret between its intended users, must not be repeated (replay
 protection), etc.

-- 
-------------------------------------+-------------------------------------
 Reporter:                           |      Owner:  draft-ietf-roll-
  yvonneanne.pignolet@gmail.com      |  applicability-home-
     Type:  defect                   |  building@tools.ietf.org
 Priority:  minor                    |     Status:  new
Component:  applicability-home-      |  Milestone:
  building                           |    Version:
 Severity:  Active WG Document       |   Keywords:
-------------------------------------+-------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/roll/trac/ticket/142>
roll <http://tools.ietf.org/wg/roll/>