Re: [Roll] [roll] #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used

"roll issue tracker" <trac+roll@trac.tools.ietf.org> Sat, 25 January 2014 14:52 UTC

Return-Path: <trac+roll@trac.tools.ietf.org>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1546E1A0381 for <roll@ietfa.amsl.com>; Sat, 25 Jan 2014 06:52:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.435
X-Spam-Level:
X-Spam-Status: No, score=-2.435 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3an_sne4MJO4 for <roll@ietfa.amsl.com>; Sat, 25 Jan 2014 06:52:22 -0800 (PST)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5EB1A026C for <roll@ietf.org>; Sat, 25 Jan 2014 06:52:21 -0800 (PST)
Received: from localhost ([127.0.0.1]:55840 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+roll@trac.tools.ietf.org>) id 1W74ab-0005Gs-Ey; Sat, 25 Jan 2014 15:52:05 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "roll issue tracker" <trac+roll@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-roll-applicability-ami.all@tools.ietf.org, mariainesrobles@gmail.com
X-Trac-Project: roll
Date: Sat, 25 Jan 2014 14:52:05 -0000
X-URL: http://tools.ietf.org/wg/roll/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/roll/trac/ticket/136#comment:2
Message-ID: <082.03b3caf5937171f985370338449dabf1@trac.tools.ietf.org>
References: <067.78cf5d635bca77cded1fb433c133c835@trac.tools.ietf.org>
X-Trac-Ticket-ID: 136
In-Reply-To: <067.78cf5d635bca77cded1fb433c133c835@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-roll-applicability-ami.all@tools.ietf.org, mariainesrobles@gmail.com, roll@ietf.org
X-SA-Exim-Mail-From: trac+roll@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: daniel.popa@itron.com, jonhui@cisco.com, jorjeta.jetcheva@itron.com, kazuya.monden.vw@hitachi.com, mariainesrobles@gmail.com, , mcr+ietf@sandelman.ca, nicolas.dejean@coronis.com, ruben.salazar@landisgyr.com
Cc: roll@ietf.org
Subject: Re: [Roll] [roll] #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: roll@ietf.org
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jan 2014 14:52:24 -0000

#136: - draft-ietf-roll-applicability-ami - Add a section of the Security
Considerations for each instance where the RPL security mechanism are not
to be used


Comment (by mariainesrobles@gmail.com):

 Thread: http://www.ietf.org/mail-archive/web/roll/current/msg08437.html

 Date: Fri, 24 Jan 2014, at 18:32, "Chris Lonvick" <clonvick at cisco.com>
 wrote

 Has a threat model been defined for RPL?  And do you know that the link-
 layer security provided by the two IEEE mechanisms will thwart the
 threats?  This isn't meant to be an onerous exercise.  :-)  What has been
 done in several WGs has been to define a simple threat model (usually
 taken from RFC 3552) and then describe how the security mechanisms will
 thwart the threats.  For example, see sections 2 and 3 in RFC 5426 (TLS
 for syslog).

 If you can point to the threat model for RPL then you can probably state
 (just once in the Security Considerations section) how the IEEE link-layer
 security mechanisms will address the threats so therefore the security
 mechanisms already contained within RPL will not be needed.

 ----------------------
 From: "Popa, Daniel" <Daniel.Popa at itron.com>
 Date: Fri, 24 Jan 2014 18:10:36 +0000

 “Thanks Chris for feedback.

 I believe what you advice it is more or less what we intend to do. The
 difference is that we do not intend to explicitly use a security threat
 model and show how IEEE works against it, but rather to explain how IEEE
 802.15.4 and IEEE p1901.2 security mechanisms can substitute to RPL-
 defined security mechanisms to provide the same security services as those
 described in Section 19.1 of RFC 6550, while at the same time giving the
 system designers & implementers the same degree of freedom to trade-off
 complexity against security strength, in order to meet HW & cost
 constraints of such low power field devices.

 Would this be enough ?

 -------------------------------------

 Date: Fri, 24 Jan 2014, "Chris Lonvick" <clonvick at cisco.com> wrote


 Works for me.  I was hoping that a threat model had already been written
 up - certainly you shouldn't be defining one now in this document.

-- 
-------------------------------------+-------------------------------------
 Reporter:                           |       Owner:  draft-ietf-roll-
  mariainesrobles@gmail.com          |  applicability-
     Type:  defect                   |  ami.all@tools.ietf.org
 Priority:  major                    |      Status:  new
Component:  applicability-ami        |   Milestone:
 Severity:  Active WG Document       |     Version:
 Keywords:                           |  Resolution:
-------------------------------------+-------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/roll/trac/ticket/136#comment:2>
roll <http://tools.ietf.org/wg/roll/>