Re: [secdir] [Anima] Secdir last call review of draft-ietf-anima-bootstrapping-keyinfra-16
Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 30 September 2018 19:58 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39204130E13; Sun, 30 Sep 2018 12:58:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JCN5gIajtCQU; Sun, 30 Sep 2018 12:58:15 -0700 (PDT)
Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 025E3130DE9; Sun, 30 Sep 2018 12:58:15 -0700 (PDT)
Received: by mail-pf1-x430.google.com with SMTP id j8-v6so7657107pff.6; Sun, 30 Sep 2018 12:58:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=6D4MkRE/yYanFgjDt6hmibY4RutoZdUMp7hPkL92DKY=; b=ko6C6/YQDO2AmjMGJz9PSYtl4+yyPWIhYvMO859uKgfPCXRXrhZWiJHkhbCCOm2UuI RMHNAKczafhsk7xFiSdRS3ELAKH9kiDtURujzH46LberXJT8B3LTemkcW+64f5u+lH2/ mMluWim6rGc4JyZhhNbk5DAis1OrMJ26ZFFJYcZkdltkc/rYoZkS4GTMzhbaqTFp20Xe KXpAe/SPnR32Ckzb9Fmxp32V8mE0HeTfCyQxwLkIc/LEt9x2d9/EvtcAo24xWz9JFKMR RLVg50yC/NCXGJ2DCNA6cO7DYSp6dzBZIML4ANA8UOri4mHjlsYhw+squZWJVShxCSbu 7Miw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=6D4MkRE/yYanFgjDt6hmibY4RutoZdUMp7hPkL92DKY=; b=ZqyIoTraR5LkyLfFRNOaCcBF9hlOILqJa57DppYgEoD2wNk9CdAShynAAKU9PGpzxP jaFC2mMmoZdXF9Z+LY6/3YKulj1PVvE3FQrVyW3AaY+HXKmDG8M3G2ezLR6dE9RkeHHY S80hd4QvFOk4KjkB3P2dapubAZmCAKauVFCSVaUFxsIJiY04ZyEy6Mp0GnClLbki7fJC pa3M/aR64FgWyJjuZGuIkkWM24e+L4+bVFYywQP+3c1NR/SRHcp1nWeTvb0jGBdazl5Q 0cvScK2zY6j5hy8Vg3dVKOh3TGX5Ks8VlHxJdBd8CT/OKEt4SGOQPhxDQ9rLLXD2fIDA nMrA==
X-Gm-Message-State: ABuFfoh6TDYO62Qis0KU8VIyfacZkzKBK7OtiMfgHlVQKOGHKd2/R4PF RyWR8EYLfKKZQ8pKSq0la321raxD
X-Google-Smtp-Source: ACcGV62aEt7vP3eRwLWjFfhzmolthbKynj5WlmR0T0AfDY11R8oFETPm9afC1jZB7G0QTCKW33EA+Q==
X-Received: by 2002:a62:4704:: with SMTP id u4-v6mr8349428pfa.76.1538337494154; Sun, 30 Sep 2018 12:58:14 -0700 (PDT)
Received: from [192.168.178.30] ([118.148.76.40]) by smtp.gmail.com with ESMTPSA id s16-v6sm14866756pfm.114.2018.09.30.12.58.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 30 Sep 2018 12:58:12 -0700 (PDT)
To: Randy Bush <randy@psg.com>, Christian Huitema <huitema@huitema.net>
Cc: draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org, IETF Rinse Repeat <ietf@ietf.org>, anima@ietf.org, Security Directorate <secdir@ietf.org>
References: <153826253306.18743.9250084704876465818@ietfa.amsl.com> <m2sh1qkebi.wl-randy@psg.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <0cbdf93d-c432-57f5-5000-8595b006d6d0@gmail.com>
Date: Mon, 01 Oct 2018 08:58:06 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <m2sh1qkebi.wl-randy@psg.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/R6GR-ihAfA63C0B2qHOhPCJ6KSs>
Subject: Re: [secdir] [Anima] Secdir last call review of draft-ietf-anima-bootstrapping-keyinfra-16
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Sep 2018 19:58:18 -0000
On 2018-10-01 07:52, Randy Bush wrote: > christian, > > a stunning review as usual. but i have two questions which you kind of > finessed. they are simple binary, i.e. yes/no, questions that the end > user, to whom the IETF is ultimately responsible, really cares about. > > if the manufacturer's servers go down, either permanently or even for > a day, does the device i have purchased still work? i.e. is it fail > soft? [0] It still works if and only if the registrar already holds its voucher. There's a related question, which is: if the autonomic network is air-gapped from the Internet, as is very likely in many sensitive applications, does the whole mechanism work at all? The answer is, as I understand it, yes, but with a variant. See option 3 in section 6.3. "Registrar security reductions", which explicitly covers the case of obtaining vouchers in advance from the MASA. The BRSKI authors regard this as less secure than relying on the MASA in real time. You might have a different opinion, if you were operating the air-gapped network. My personal opinion is that this will be a widely used solution, whatever its security issues, because it avoids MASA dependency. > if the manufacturer's servers go down, either permanently or even for > a day, can i give/sell the device i have purchased to a third, well > fourth i guess, party, at my whim and seamlessly unencumbered? There are two conditions for it to work as I understand: 1) The device ID is added to the list of devices acceptable to the registrar in its new network. AND 2) That registrar is able to contact the MASA. Alternatively - see the previous point. If you had previously obtained a voucher in advance, you could include it with the device. Just as you might write the hard disk password on a yellow sticky when selling a laptop in a garage sale. Brian > > fwiw, i asked these same questions at the 2005 paris side meeting at > l'ecole whatever hosted by mark. the blank stares i received alarmed > me. the ietf is ultimately responsible to the users. > > thanks. > > randy > > -- > > 0 - yes, i understand i may not be able to access it through the > manufacturer's cloud. so you want to help look at tcpdumps of > the manufacturer installed thermostat that does not talk to that > mfgr on net that i am debugging this weekend? :( > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima >
- [secdir] Secdir last call review of draft-ietf-an… Christian Huitema
- Re: [secdir] Secdir last call review of draft-iet… Randy Bush
- Re: [secdir] [Anima] Secdir last call review of d… Brian E Carpenter
- Re: [secdir] [Anima] Secdir last call review of d… Joel M. Halpern
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] Secdir last call review of draft-iet… Michael Richardson
- Re: [secdir] Secdir last call review of draft-iet… Christian Huitema
- Re: [secdir] Secdir last call review of draft-iet… Eliot Lear
- Re: [secdir] [Anima] Secdir last call review of d… Randy Bush
- Re: [secdir] [Anima] Secdir last call review of d… Brian E Carpenter
- Re: [secdir] Secdir last call review of draft-iet… Randy Bush
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Eliot Lear
- Re: [secdir] [Anima] Secdir last call review of d… Randy Bush
- Re: [secdir] [Anima] Secdir last call review of d… Eliot Lear
- Re: [secdir] [Anima] Secdir last call review of d… Randy Bush
- Re: [secdir] [Anima] Secdir last call review of d… Ted Lemon
- Re: [secdir] Secdir last call review of draft-iet… Randy Bush
- Re: [secdir] Secdir last call review of draft-iet… Christian Huitema
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Ted Lemon
- Re: [secdir] [Anima] Secdir last call review of d… Eliot Lear
- Re: [secdir] [Anima] Secdir last call review of d… Randy Bush
- Re: [secdir] [Anima] Secdir last call review of d… Brian E Carpenter
- Re: [secdir] [Anima] Secdir last call review of d… Joel M. Halpern
- Re: [secdir] [Anima] Secdir last call review of d… Ted Lemon
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Randy Bush
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Randy Bush
- Re: [secdir] [Anima] Secdir last call review of d… Brian E Carpenter
- Re: [secdir] [Anima] Secdir last call review of d… Brian E Carpenter
- Re: [secdir] [Anima] Secdir last call review of d… Uri Blumenthal
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Brian E Carpenter
- Re: [secdir] [Anima] Secdir last call review of d… Eliot Lear
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Michael Richardson
- Re: [secdir] [Anima] Secdir last call review of d… Max Pritikin (pritikin)
- [secdir] dealing with many the secdir and genart … Michael Richardson
- Re: [secdir] [Gen-art] dealing with many the secd… Brian E Carpenter