Re: [secdir] Security directorate review of draft-ietf-lwig-terminology-04

Carsten Bormann <cabo@tzi.org> Tue, 28 May 2013 06:58 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16D3221F8511; Mon, 27 May 2013 23:58:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.249
X-Spam-Level:
X-Spam-Status: No, score=-106.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HmfzcscmUGQu; Mon, 27 May 2013 23:58:46 -0700 (PDT)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) by ietfa.amsl.com (Postfix) with ESMTP id 6269421F9007; Mon, 27 May 2013 23:58:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by informatik.uni-bremen.de (8.14.4/8.14.4) with ESMTP id r4S6wc9i018073; Tue, 28 May 2013 08:58:38 +0200 (CEST)
Received: from [192.168.217.105] (p54894213.dip0.t-ipconnect.de [84.137.66.19]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 5E90334A4; Tue, 28 May 2013 08:58:38 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
Content-Type: text/plain; charset=iso-8859-1
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CABrd9SQuTy-5dDBfmYa3vJCTi7a-U2nx5-b0Zfa9tKCDHxNV6Q@mail.gmail.com>
Date: Tue, 28 May 2013 08:58:36 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <3CD078EF-9CBB-4C19-A5F6-DFC21C522EAA@tzi.org>
References: <CABrd9SQuTy-5dDBfmYa3vJCTi7a-U2nx5-b0Zfa9tKCDHxNV6Q@mail.gmail.com>
To: Ben Laurie <benl@google.com>
X-Mailer: Apple Mail (2.1503)
Cc: draft-ietf-lwig-terminology.all@tools.ietf.org, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Security directorate review of draft-ietf-lwig-terminology-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 May 2013 06:58:52 -0000

On May 23, 2013, at 13:48, Ben Laurie <benl@google.com> wrote:

> I would
> suggest that this section could usefully contain a summary of the
> security implications of the various constraints discussed.

Ben,

thanks for reminding us.

Interestingly, I just put in something like this as a new subsection 11.6 in draft-ietf-core-coap-17, which I have reproduced below. That section is focused on three specific considerations.

I would expect security considerations to be more actionable when discussed in the context of a specific protocol, as opposed to the terminology that is used for describing the constraints.

Doing a more extensive discussion of security implications of constrainedness would be a great document on its own, which maybe we should start looking into in the LWIG WG.  There is also an activity to work on using DTLS properly in constrained environments, which would also benefit from such a document.

So I'm not sure how much we should be putting in the terminology document, but the WG will certainly need to discuss this.  I'm opening a ticket for now.

Grüße, Carsten



11.6.  Constrained node considerations

   Implementers on constrained nodes often find themselves without a
   good source of entropy [RFC4086].  If that is the case, the node MUST
   NOT be used for processes that require good entropy, such as key
   generation.  Instead, keys should be generated externally and added
   to the device during manufacturing or commissioning.

   Due to their low processing power, constrained nodes are particularly
   susceptible to timing attacks.  Special care must be taken in
   implementation of cryptographic primitives.

   Large numbers of constrained nodes will be installed in exposed
   environments and will have little resistance to tampering, including
   recovery of keying materials.  This needs to be considered when
   defining the scope of credentials assigned to them.  In particular,
   assigning a shared key to a group of nodes may make any single
   constrained node a target for subverting the entire group.