IETF Logo Mail Archive

Re: [saag] software update for teeny-weeny devices

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 11 October 2016 04:05 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B79F9129424 for <saag@ietfa.amsl.com>; Mon, 10 Oct 2016 21:05:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.196
X-Spam-Level:
X-Spam-Status: No, score=-7.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.996] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1EoFyYy4jHSa for <saag@ietfa.amsl.com>; Mon, 10 Oct 2016 21:05:43 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0622A128B37 for <saag@ietf.org>; Mon, 10 Oct 2016 21:05:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1476158743; x=1507694743; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=9rM79g0pYUi3goTE4TQe7Zy36PSb3J0MAbH2wTBD6MA=; b=GmgZoKilkp6hAh12y0Bs2kVdUqSe5frbDKdQLDEO7gNJgqJU1amsxo8A oJZf6FTi+8BfO0XGU7p6wqmoQW5xgvYzMKDJojfpKpatjR13i9F7dzh7M 0YPzDTdUtTEbQd5uDmpWhXmurfkkYO+SrnIjRlq99B+EfO18F/v5UyO13 0ZS+GJsq3l+RXsgplqCmc2rV08PHBXLKVq8nQJINvuBTQDYB99guBMp4d cntYNIPyE87OBcdrdVsJIM+ZCsnRlOrTaY9hF820WMtkEHePsd4J84d9w /0d2XtT2AB3usY/IXadZ3Ym+9uHhhDxbbR2qbUST5FZmSGQ090NKJ6MSm g==;
X-IronPort-AV: E=Sophos;i="5.31,476,1473076800"; d="scan'208";a="109677821"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.4 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-tdc-c.UoA.auckland.ac.nz) ([10.6.3.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 11 Oct 2016 17:05:41 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-c.UoA.auckland.ac.nz (10.6.3.4) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 11 Oct 2016 17:05:41 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1178.000; Tue, 11 Oct 2016 17:05:40 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, David Woodhouse <dwmw2@infradead.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] software update for teeny-weeny devices
Thread-Index: AQHSItKPh9IAjWZzBECS6DoBAmlKxKCio5oH
Date: Tue, 11 Oct 2016 04:05:40 +0000
Message-ID: <1476158738115.29657@cs.auckland.ac.nz>
References: <HE1PR0802MB247516144837651E2C02580BFAC60@HE1PR0802MB2475.eurprd08.prod.outlook.com> <adc0fdb3-ad01-d1e4-786e-b72e091e07c2@cs.tcd.ie> <1475979732739.80385@cs.auckland.ac.nz> <1476039736.28198.140.camel@infradead.org>, <fdcc3a6e-75ab-30ad-7b5f-e1f091b0c47d@gmx.net>
In-Reply-To: <fdcc3a6e-75ab-30ad-7b5f-e1f091b0c47d@gmx.net>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/EQ5Fq4VHUNuWsbbqF8BOJyax5_g>
Subject: Re: [saag] software update for teeny-weeny devices
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2016 04:05:54 -0000

Hannes Tschofenig <hannes.tschofenig@gmx.net> writes:

>I believe that while companies make use of certificates for reasons of
>familiarity with the tools and the technology they are actually just using
>the SubjectPublicKeyInfo part of it.

Yeah, that's quite widespread in SCADA/embedded, you parse through to the SPKI
and pull out the public key and throw the rest away (my code has a build
option USE_PSEUDOCERTIFICATES for just this use case, you get a pointer to a
fixed pre-encoded cert in flash and a public-key object in RAM, saving
100-200kB of code space and tens of kB of RAM).  Mind you that does
immediately lead to the follow-up question, why worry about revocation issues
when the device isn't even looking at the cert?

Peter.

v2.23.0 | Report a Bug | By Email