Re: [secdir] SecDir-ish Review of draft-weis-gdoi-iec62351-9-02

Brian Weis <> Mon, 04 November 2013 10:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 36B6911E80D9; Mon, 4 Nov 2013 02:11:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -110.418
X-Spam-Status: No, score=-110.418 tagged_above=-999 required=5 tests=[AWL=0.181, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aL4OKKASVTJl; Mon, 4 Nov 2013 02:11:18 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 192AF11E8264; Mon, 4 Nov 2013 02:04:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=6919; q=dns/txt; s=iport; t=1383559486; x=1384769086; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=t4YWO5kxImol6UtU/MWio8NzF96zGGBtFq5zP0g5HYA=; b=FfqxU/L2TxBbnTqCjjztigZCSpnlbctHLSMVbOd4EgcXuu4Zjc07sINi nlz6t3Oacd79RWaah9XtVAii3NEHm+Y86673EDbdGpE1e/dZigR+l/Sy0 lUL7eJboMoHUllGDtCy9OXLXoV3G/7Vr+skkL0K3qCdt2oUKl3O5XF4pY I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.93,631,1378857600"; d="scan'208";a="96491076"
Received: from ([]) by with ESMTP; 04 Nov 2013 10:04:21 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id rA4A4JEk015782; Mon, 4 Nov 2013 10:04:20 GMT
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Brian Weis <>
In-Reply-To: <>
Date: Mon, 04 Nov 2013 02:04:21 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Yoav Nir <>
X-Mailer: Apple Mail (2.1510)
Cc: "" <>, The IESG <>, "<>" <>
Subject: Re: [secdir] SecDir-ish Review of draft-weis-gdoi-iec62351-9-02
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 04 Nov 2013 10:11:34 -0000

Hi Yoav,

Many thanks for your review.

On Nov 3, 2013, at 10:54 AM, Yoav Nir <> wrote:

> Hi there.
> At Sean's request, I've done a SecDir-ish review of draft-weis-gdoi-iec62351-9-02. I think it is in pretty good shape, but I do have some concerns.
> First, an apology: the draft embeds OIDs in IKE packets. Throughout this review I use the term "ASN.1" for both the objects and the encoding. I do realize that ASN means abstract syntax notation, and that the correct term to use for the encoding ia BER, but this is a very common misuse. The draft does get this correct.

The draft actually uses DER encoding, which I believe is the case for most ASN.1 encoding in RFCs. This should be stated to avoid confusion. 

> I am somewhat confused by the IEC standards numbers. The abstract and introduction mostly discuss IEC 61850, which is the "power utility automation" family of standards. On the other hand, the number in the title of the draft is IEC 62351. There is a reference to a document called "IEC 62351 Part 9 - Key Management". I can see how this draft relates to key management, but "part 9" of what?

For the benefit of the secdir audience here's Herb's reply from the original email thread and your reply:

>> [Herb]:  I don’t understand the question.  So I will try to explain.  IEC 61850 is a set of communication standards developed under IEC Technical Committee 57.  IEC TC57 has WG15 that was formed to address security for the breadth of standards that are developed under TC57, including IEC 61850.  In IEC, the designations within a family of standards (e.g. 61850 or 62351) are called parts.  IEC 61850 has over 10 standards that are 61850-1 through 61850-10 (e.g. 10 parts).   Chapters/sub-chapters are called “clauses” in IEC.  So when it mentions IEC 62351 Part 9 – Key Management, the official reference is  “IEC 62351-9 Ed. 1.0 Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment (Future IEC 62351-9 TS Ed.1)”.  When IEC removes the ED 1.0, it means refer to the current revisions (ED.2 has almost been completed).  The “Power systems management and associated information exchange - Data and communications security” is the charter of WG15 and the overall scope of 62351 (they all have that in their title).  Therefore, “IEC 62351 Part 9 – Key Management” could be referred to as “IEC 62351-9”, “IEC 62351-9 : Cyber security key management for power system equipment”, or in presentations “IEC 62351-9– Key Management”.   So, I would change to IEC 62351-9 (and give the full name).  Sorry for the long explanation.
> [Yoav] OK. I guess the IEC standards have a more complicated naming convention than RFCs .I'm just missing an overall title for 62351. 

We can summarize Herb's description above in the Introduction, if that would help.

> Another thing that's missing for me, as one uninitiated in the ways of the IEC, is what are we negotiating keys for? I get that it's not IPsec, but at the end of the protocol, we have keys that are distributed to group members. Now, what is this data layer that can now use them. A reference to some standard ("IEC-61850-9-2" would be OK), but since these are not widely available, some short description of what this protocol looks like would be great.


> Another generic comment is about the IANA considerations as well as parts of section 2.2. Why do we need to establish new registries, that are duplicates of IPsec registries with one additional value? I know there has been some resistance to adding things there for stuff that's "not IKE", but with this already done in RFC 6932 ([1],[2]), that ship has left the station after the horses had bolted.

This is a different situation from RFC 6932. (In fact, since GDOI is IKEv1-based what you're asking for will add to the RFC 2409 registries, which RFC 6932 says is discouraged.)

I have some sympathy for saying we should have one list of algorithms that all protocols should use, but in fact every protocol (in this case the IEC set of protocols) would have to declare which subset of the algorithm list they support in a normative fashion. That complexity does not belong in the notes section of [1], IMO. Non-IPsec protocol-specific subsets will change over time and have to be maintained somewhere ... a new protocol-specific registry is the right place to do that.

By the way, the IEC standards defines truncation values for HMAC-SHA256 that are not duplicates.

> Why is there an OID_LENGTH field?  All ASN.1 structures are self-describing in terms of length. There can be a good reason: so that you can implement with a bitwise comparison rather than implementing an ASN.1 parser. Please say so if that's the reason.

The OID_LENGTH field is not strictly required, since the DER includes the length. Maintaining the length outside of the DER is valuable for payload manipulation where parsing the DER is not otherwise necessary (e.g., copying the DER into the payload, payload length sanity checks, etc.). We'll add that.
> I didn't quite get where each of the OIDs in the ID payload (figure 2) and the TEK payload (figure 4) come from. Are they the same? Appendix A suggests that they're not. So,

The OID in the ID payload will match the OID in the TEK payload if the group represented by the ID payload has only one multicast sender. This is shown in Appendix A (modulo a typo, see below). Sorry for the confusion.

To answer the broader question, there could be multiple multicast senders represented by the OID, so the group key server would return multiple TEKs, each with unique OID & OID specific payload. This can be made clearer in the draft.

> - what does "type of traffic" mean?

The IEC documents list several OID types, each of which is a "type of traffic". This can be expanded.

> - Appendix A says "OID=<ASN.1 for k>" in the TEK payload. What is k?

That is a typo. It should be "OID=<ASN.1 for 1.2.840.10070.61850.8.1.2>" matching the ID payload.


> Yoav
> [1]
> [2]	
> _______________________________________________
> secdir mailing list
> wiki:

Brian Weis
Security, Enterprise Networking Group, Cisco Systems
Telephone: +1 408 526 4796