IETF Logo Mail Archive

[saag] IETF#90 DICE WG Summary

Dorothy Gellert <dgellert@silverspringnet.com> Thu, 24 July 2014 16:30 UTC

Return-Path: <dgellert@silverspringnet.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC8D61A0414 for <saag@ietfa.amsl.com>; Thu, 24 Jul 2014 09:30:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDaqG3VrxeNC for <saag@ietfa.amsl.com>; Thu, 24 Jul 2014 09:30:36 -0700 (PDT)
Received: from it-ipcorp-01.silverspringnet.com (it-ipcorp-01.silverspringnet.com [74.121.22.25]) by ietfa.amsl.com (Postfix) with ESMTP id 1F6501A03F2 for <saag@ietf.org>; Thu, 24 Jul 2014 09:30:36 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqgEAFg00VMKOQx0/2dsb2JhbABYgkeBdNIed4QKHVEdAQx0JwQyyC0XjnQDhSEFmluYYoFwQQ
X-IronPort-AV: E=Sophos; i="5.01,725,1400050800"; d="scan'208,217"; a="10712341"
Received: from sfo-barrlb-02.silverspringnet.com (HELO mail.silverspringnet.com) ([10.57.12.116]) by it-ipcorp-01.silverspringnet.com with ESMTP/TLS/AES128-SHA; 24 Jul 2014 09:30:36 -0700
Received: from SFO-EXMB-03.silverspringnet.com ([fe80::e877:a0b0:2e8d:1b57]) by SFO-EXCA-01.silverspringnet.com ([::1]) with mapi id 14.03.0181.006; Thu, 24 Jul 2014 09:30:35 -0700
From: Dorothy Gellert <dgellert@silverspringnet.com>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: IETF#90 DICE WG Summary
Thread-Index: AQHPp1yXEYHeHRfLDUCV9bJp4JJExA==
Date: Thu, 24 Jul 2014 16:30:34 +0000
Message-ID: <CFF6ACE9.13E6E%dgellert@silverspringnet.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.57.223.131]
Content-Type: multipart/alternative; boundary="_000_CFF6ACE913E6Edgellertsilverspringnetcom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/saag/ZQQ1YZTPMgKm_1BNJupoaenRcAk
Subject: [saag] IETF#90 DICE WG Summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2014 16:30:38 -0000

DICE IETF-90 WG summary for SAAG

The Dice WG met on Tuesday, July 22nd at 13:00.

Hannes Tschofenig presented slides on the DTLS Profile draft (draft-ietf-dice-profile-03)
This revision addressed several  issues on the data tracker thanks to input from Russ, Mike St Johns and Sean Turner
The current model for the profile draft is that of a constrained device/client connecting to cloud based Infrastructure/server that is not constrained.   Remaining issue regarding depth of Certificate Chain.   Mike SJ said the depth of the chain should be dependent on the application, and suggested 4 is reasonable but the number should be constrained.   Sean suggested the draft provides a recommendation and language here is (SHOULD).
Reviewers for the profile draft are Sandeep, Ekr, Robert Craigie.

Sandeep Kumar presented slides on draft-keoh-dice-multicast-security-08 & draft kumar-dice-groupcomm-security-00 ,documenting  potential dtls and shim layer approaches as per the London IETF#89 DiICE WG meeting.  Ekr described dtls layer violations as "phenomenally scary”….

Chairs multicast discussion:  Given the issues on the list and discussion with our AD, we are revisiting the secure multicast/group security and charter milestone by documenting requirements in a problem draft.  This draft will not be standards track. The problem draft will document potential use cases,  key management, group membership, source authentication.  Other issues:  How to scope or limit or constrain this  to coap, should we provide guidance to the mac layer, how can we prevent this won’t be used for unicast?   Latency requirements?  The problem draft is open until the next meeting in November.

Next steps:  Call for volunteers on the list to author the Problem draft   Keep the mailing list engaged in providing input on requirements, issues, and risks we need to address for group communication/multicast security.

-Dorothy

v2.23.0 | Report a Bug | By Email