IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-6tisch-architecture-21

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 26 June 2019 15:51 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 040F3120374; Wed, 26 Jun 2019 08:51:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrGmKrhCNXq1; Wed, 26 Jun 2019 08:51:48 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9B82120371; Wed, 26 Jun 2019 08:51:47 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 1E341380BE; Wed, 26 Jun 2019 11:50:03 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 9C9BDE68; Wed, 26 Jun 2019 11:51:46 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 9A467E37; Wed, 26 Jun 2019 11:51:46 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
cc: David Mandelberg <david@mandelberg.org>, =?iso-8859-2?Q?Mali=B9a_Vu=E8ini=E6?= <malisav@ac.me>, Tero Kivinen <kivinen@iki.fi>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-6tisch-architecture.all@ietf.org" <draft-ietf-6tisch-architecture.all@ietf.org>
In-Reply-To: <MN2PR11MB35650D17426E26F93E37DF32D8E20@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <2cced16c-d1df-88c2-eb21-7452b42f081a@mandelberg.org> <MN2PR11MB3565575DA39BCA11E00233B5D8E30@MN2PR11MB3565.namprd11.prod.outlook.com> <30360.1561477509@localhost> <MN2PR11MB35650D17426E26F93E37DF32D8E20@MN2PR11MB3565.namprd11.prod.outlook.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 26 Jun 2019 11:51:46 -0400
Message-ID: <16610.1561564306@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mXwLPZFHu7GKHnsKV18GrcOCQSQ>
Subject: Re: [secdir] secdir review of draft-ietf-6tisch-architecture-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2019 15:51:50 -0000

Pascal Thubert (pthubert) <pthubert@cisco.com> wrote:
    >> - retransmit a previous message by destroying an ack. It results and
    >> + retransmit a previous message by destroying an ack. If this results an
    >> > upper layer protocol must provide a way to detect replayed messages and
    >> > cope with them.
    >>

    > Sorry I cannot parse the resulting sentence with your proposal.
    > My mistake was only and -> an but I'm sure that the sentence can be better written.
    > I changed to
    > "

    > This authentication steps must be such that they cannot be replayed by an
    > attacker, and it must not depend on the tentative ASN being valid. Note that
    > IEEE std. 802.15.4 TSCH does not provide replay protection at all, and that
    > an ack may be lost, which can cause a legitimate node to retransmit a frame.
    > Upper layer protocols must thus provide a way to detect duplicates and cope
    > with them.

    > "

Good, I like it fine.

    > Proposed new text:
    > "
    > At that point, an additional step may be required to ensure that the ASN is
    > correct. If the ASN is not guaranteed to be correct by other means, the
    > pledge should perform a first exchange with a peer node that is trusted and
    > has already joined, e.g., its RPL time parent, and the message should not be
    > encrypted but only authenticated at the Link-Layer.
    > The request from the pledge should contain a nonce with a random part that
    > is not ASN, and the authenticated response should contain the current ASN
    > and echo the nonce.
    > "

okay. Tero?

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email