[RTG-DIR] RtgDir review of draft-ietf-lwig-crypto-sensors-05.txt

Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr> Wed, 21 February 2018 09:36 UTC

Return-Path: <emmanuel.baccelli@gmail.com>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B22F012E888; Wed, 21 Feb 2018 01:36:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id R_IaIoGs7nVY; Wed, 21 Feb 2018 01:35:59 -0800 (PST)
Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96C38120047; Wed, 21 Feb 2018 01:35:59 -0800 (PST)
Received: by mail-vk0-x22a.google.com with SMTP id o17so560268vke.7; Wed, 21 Feb 2018 01:35:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to:cc; bh=Gx5/FpQgWnWzegDNkY+zWpS3dikvli1Z58CkqLyOKs0=; b=mpQt0KXeWcC1F9n0+5/dqryGaNYbiPXbj/4WJqiLGZBnI6zvS0V5aRp45D7Z4KEM43 0h/+7tLNxZH0kAUt7o2yXkuie6u3EO3eZ/QmhsomDc/nWhaBA+Zu6MCNWrPHTnYNtJSb Gm58YZ/1Mv3Xozs+PLxbm3vjU/sGNW3kAXFYB/y591V+qerGFGh5Sy8/gRXoXvrtKRm/ wsG/6IKb9BZGzNbzyAmf9SVXGBmeQgXMdkWB6pW6kZXh+XCnVhrlnwjq4n6kWQ1WptfN 7UCAnncyuU0R3DXzKthjyawU9UqtAEbrDhSxGzpz6hU6BR43sEr3+WqJL9xrkGHymzd4 TmoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:cc; bh=Gx5/FpQgWnWzegDNkY+zWpS3dikvli1Z58CkqLyOKs0=; b=kItE4XhtMojt42obMk1eUdCDK5mD0LyHJSyhyiy+h00nBVpy/SfamuLUVW1sJTn7uE tystDK1TpV2SB4AQDjsAMBHtsDDq2alYA2SSIEayw0PvTbBW6VKWihzfsP/rsy+c1y48 s3rL1HqxHfiR54jHg5E5AQVVwiB4/MAL8xnT4A9Aliux3v9U7N//bYH2h5HzZPyiDEBU UzG+UTpbON7iQ3NP+N6beCCDj5Zt7DynrDpXiftHiN4nJOb/JfjouIbldhGyuRdNCF0m Qig9f0iYUeBsgfSyP0u/AQ6uQkOT6u7moVEoJAY425yTc4qSwUHozF+Jj1BtDDHM4peb aGBg==
X-Gm-Message-State: APf1xPD+bygvhPpCcaZ/rgyOl1iIiPNRk8kkBOy4YOv4SQPb2Rt4870Y NFLLk6o5tfRQOwOGi5SnIDsbu285z7nrGpL7E4dYwg==
X-Google-Smtp-Source: AH8x224StyG5S//L1WsLsrVGx/zH2zx2fJa6wk7dV5b2+Z22W2KigoJEG0xMDQ8k/U2wmWWTHjQzihCnYdPn24VVzGk=
X-Received: by with SMTP id o15mr2065310vkb.100.1519205758186; Wed, 21 Feb 2018 01:35:58 -0800 (PST)
MIME-Version: 1.0
Sender: emmanuel.baccelli@gmail.com
Received: by with HTTP; Wed, 21 Feb 2018 01:35:37 -0800 (PST)
From: Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>
Date: Wed, 21 Feb 2018 10:35:37 +0100
X-Google-Sender-Auth: jDbIyH_PdsqA8YI3WJyOmvgsrYk
Message-ID: <CANK0pbY5gcnnxZgpSVHQZgSTEBqThdK4JDnyBXwD8D4-Tx=Ubw@mail.gmail.com>
To: "<rtg-ads@ietf.org>" <rtg-ads@ietf.org>
Cc: rtg-dir@ietf.org, draft-ietf-lwig-crypto-sensors.all@ietf.org, lwip@ietf.org
Content-Type: multipart/alternative; boundary="f403043694a28eb86f0565b5a7e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/csz-Bs4L0iLMMF50aOZmxrIDLbA>
Subject: [RTG-DIR] RtgDir review of draft-ietf-lwig-crypto-sensors-05.txt
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 09:36:02 -0000


I have been selected as the Routing Directorate reviewer for this draft.
The Routing Directorate seeks to review all routing or routing-related
drafts as they pass through IETF last call and IESG review, and sometimes
on special request. The purpose of the review is to provide assistance to
the Routing ADs. For more information about the Routing Directorate, please
see ​http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir

Although these comments are primarily for the use of the Routing ADs, it
would be helpful if you could consider them along with any other IETF Last
Call comments that you receive, and strive to resolve them through
discussion or by updating the draft.

Document: draft-ietf-lwig-crypto-sensors-05.txt
Reviewer: Emmanuel Baccelli
Review Date: 20/02/2018
Intended Status: Informational


This document is basically ready for publication, but has nits that should
be considered prior to publication.


The draft's content are solid and relevant, the readability is good.
I have a few suggestions on how to further improve readability.

Major Issues:

No major issues found.

Minor Issues:

In section 8.3, concerning network layer security, it would be more
complete to also mention specific routing security aspects, e.g. cases
where multi-hop is needed in a LoWPAN, and mechanisms (such as topology
authentication) should be used to mitigate sinkhole attacks etc.

In the end summary, maybe it would also make sense to add something like:
"If push comes to shove, strong security is also possible on 8-bit and
I think it is important to send the message that even some "legacy" IoT
hardware could be made secure.


# Section 3: the "network configuration" bullet point is somewhat unclear,
hinting at different issues. Would it not make sense to split it in 2
different bullet points?

# Section 4.1: it would be clearer if the main principles used for
provisionning are gathered and stated upfront in this section. I mean a
short list like
"only identities are provisionned",
"identities are self-securing".

# Section 4.1 in the part on group identity: at first sight it is not
straightforward what is n and what is m, and why they might be differ. Some
explicit mention would be useful.

# Section 4.1 in the part on group identity: does the model require each
device to be provided with the identities of all the other devices in the
group at commissionning time?
It is unclear in the text, an explicit mention would be useful here too.

# Section 5: it is somewhat awkward to find an OS within a list of crypto
However, I agree it is important to point to available operating systems in
this space.
I suggest a separate paragraph on operating systems and citing a survey
such as:
O. Hahm et al. "Operating Systems for Low-end Devices in the Internet of
Things: a Survey." IEEE Internet of Things Journal 3.5 (2016): 720-734.

As a side note, it would be great to have an equivalent survey to point to
available light-weight crypto libraries...

# Section 6: in the beginning of the section, it is not clear that the
measurements are on Arduino Uno (right?).
I suggest stating this explicitly.

# Section 6: "The Arduino board only provides ... the random() function
I think this sentence is somewhat misleading.
The main point here is what there is (or what there isn't) behind this
function call.
I suggest rephrasing the bullet point with something like:
"some boards (e.g. Arduino Uno) do not provide a hardware random number
On such boards, obtaining crypto-quality randomness is an issue."

# Spotted typos:

in Section 6 "results for for all the 128"
in Section 7 "enough power to be stay on"