Re: [Roll] security solutions for ROLL
Michael Richardson <mcr+ietf@sandelman.ca> Fri, 24 February 2012 21:14 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 175ED21F86FF for <roll@ietfa.amsl.com>; Fri, 24 Feb 2012 13:14:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.21
X-Spam-Level:
X-Spam-Status: No, score=-1.21 tagged_above=-999 required=5 tests=[AWL=0.744, BAYES_00=-2.599, HOST_MISMATCH_NET=0.311, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8hpX45A2qUeH for <roll@ietfa.amsl.com>; Fri, 24 Feb 2012 13:14:05 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [67.23.6.41]) by ietfa.amsl.com (Postfix) with ESMTP id 62CA621F87DB for <roll@ietf.org>; Fri, 24 Feb 2012 13:14:03 -0800 (PST)
Received: from marajade.sandelman.ca (unknown [132.213.238.4]) by relay.sandelman.ca (Postfix) with ESMTPS id 23055344B9; Fri, 24 Feb 2012 16:11:36 -0500 (EST)
Received: by marajade.sandelman.ca (Postfix, from userid 179) id D615A9827A; Fri, 24 Feb 2012 16:13:58 -0500 (EST)
Received: from marajade.sandelman.ca (localhost [127.0.0.1]) by marajade.sandelman.ca (Postfix) with ESMTP id D2CC598182; Fri, 24 Feb 2012 16:13:58 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: roll@ietf.org
In-Reply-To: <85A23E0910B2FB4B8EF60D0888CB083648C30D@EVS2.nam.ci.root>
References: <30931.1330033889@marajade.sandelman.ca> <85A23E0910B2FB4B8EF60D0888CB083648C30D@EVS2.nam.ci.root>
X-Mailer: MH-E 8.3; nmh 1.3-dev; XEmacs 21.4 (patch 22)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Fri, 24 Feb 2012 16:13:58 -0500
Message-ID: <25671.1330118038@marajade.sandelman.ca>
Sender: mcr@sandelman.ca
Cc: "Tsao, Tzeta" <Tzeta.Tsao@cooperindustries.com>
Subject: Re: [Roll] security solutions for ROLL
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2012 21:14:06 -0000
>>>>> "Tzeta" == Tzeta Tsao <Tsao> writes: Tzeta> My understanding of the DISCUSS on the security framework Tzeta> draft is that it seeks to address the perceived lack of key Tzeta> management for RPL. However, the second item in your post Tzeta> seems to go beyond that; is it a set of questions to justify Tzeta> the use or non-use of RPL security, for example? Please Tzeta> clarify. I agree that point #2 is almost a non-sequitar. My appologies for this, I should have seperated it out. It came out of a discussion thread which I think was not well archived. (In fact, due to top-posting, I could barely understand it) What I did was share three things with the ADs involved to confirm my understanding prior to posting. I think it is up to the writers of the applicability statement to decide if they want to recommend layer-2 or layer-3 security for an LLN deployment in their environment that includes RPL. If they recommend layer-2, then it is, "not our problem". If they recommend layer-3 or do not make a clear recommendation, then there needs to be a clear set of questions. These are questions relating to the knobs which are presently available in rpl-19, not to things that we might invent to do key management. We are making the same request in these documents for things like MinHopRankInc, Storing Mode, etc. draft-ietf-roll-security-framework has essentially setup a list of requirements, which rpl-19 has tried to satisfy with some knobs. For instance, should an industrial network operate with Authentication Enabled? Yes/No. Should they use KIM 0, 1 or 2? If so, what LVL? draft-ietf-roll-security-framework should be identifying why we have those 3 x 4 choices. (i.e. what were the security requirements that made us decide we needed MAC-32/ENC-MAC-32 and 64-bit versions) >> -----Original Message----- From: roll-bounces@ietf.org >> [mailto:roll-bounces@ietf.org] On Behalf Tzeta> Of >> Michael Richardson Sent: Thursday, February 23, 2012 4:51 PM To: >> roll@ietf.org Subject: [Roll] security solutions for ROLL >> >> >> 1) there is an Security AD DISCUSS from Stephen Farrell/Tim Polk. >> http://datatracker.ietf.org/doc/draft-ietf-roll-security- >> framework/ballot/#stephen-farrell It has been there for 9 months, >> and we need to act on it, because this DISCUSS is keeping >> draft-ietf-roll-of0-20 from advancing, and that will keep >> draft-ietf-roll-rpl-19 from being published. >> >> So to be clear, this chain of dependancies/references means that >> while rpl-19 has been done for some time, it won't get published >> until we do something. >> >> Stephen Farrell will lift his DISCUSS on this and let us proceed >> if he sees some credible plan to get useable security into the >> layer-3 of RPL. >> >> For a lot of you, you have assumed security at layer-2 is enough, >> and you may never care about this mechanism, but I still need >> your participation here. >> >> 2) We will need to provide, in the >> draft-ietf-roll-security-framework, a clear set of security >> related *questions* that each applicability statement will need >> to answer. In esssence, this is a template that needs to be >> filled out. >> >> 3) A proposal for moving forward is to adopt/adapt MIKEY >> (RFC3830) for our uses. This has been proposed in: >> draft-alexander-roll-mikey-lln-key-mgmt >> >> This draft needs to be resubmitted for the WG to consider it. (A >> rumour is that it can be found at: >> http://tools.ietf.org/id/draft-alexander-roll-mikey-lln-key-mgmt- >> 02.txt ) >> >> The WG is open to other proposals, but they need to come in >> quickly. We do not need to complete the work, but we do need to >> know what Tzeta> work >> we need to do, and we need to update our milestones to include >> that work in order that we can progress. >> >> -- >> ] He who is tired of Weird Al is tired of life! | firewalls [ ] >> Michael Richardson, Sandelman Software Works, Ottawa, ON |net >> architect[ ] mcr@sandelman.ottawa.on.ca >> http://www.sandelman.ottawa.on.ca/ Tzeta> |device >> driver[ Kyoto Plus: watch the video >> <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the >> petition.
- [Roll] security solutions for ROLL Michael Richardson
- Re: [Roll] security solutions for ROLL Levente Buttyan
- Re: [Roll] security solutions for ROLL Tsao, Tzeta
- Re: [Roll] security solutions for ROLL Michael Richardson
- Re: [Roll] security solutions for ROLL Michael Richardson