Re: [solace] Slides posted for SAAG heads-up
Rene Struik <rstruik.ext@gmail.com> Wed, 07 November 2012 20:33 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: solace@ietfa.amsl.com
Delivered-To: solace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23ECF21F8B6E; Wed, 7 Nov 2012 12:33:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lAqZgtOxW5uT; Wed, 7 Nov 2012 12:33:03 -0800 (PST)
Received: from mail-ie0-f172.google.com (mail-ie0-f172.google.com [209.85.223.172]) by ietfa.amsl.com (Postfix) with ESMTP id 1F08D21F8A26; Wed, 7 Nov 2012 12:33:03 -0800 (PST)
Received: by mail-ie0-f172.google.com with SMTP id 9so3422550iec.31 for <multiple recipients>; Wed, 07 Nov 2012 12:33:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=YqX6XnR1cvI7f0nfzmAI2RsUyy/ha6+o+ky8N7Cy1nk=; b=k00zT4TpyzyyfH7g5qE+7saNCzdydDwFf6D/AojzrR5L3MRxspQCHciaZO7SWMzLiF NOoBK8S56OBjvrgEK7VfrXzqEr7+7Y5NPslRQLe0/7KxJ53/d6C63KTFVOqao84Dcr9S 6tN0qMwLzw18laB1EdUKARgAMyoctofmd3EqewFzLZjA8GQA78M1+1yGsz8ys16ls0Jw 3JqazgewdfQjmeYt4h/V8z+pdhde7TVR7Gu6g+h8MPWD+FnKQz9rDcpKCKqeKoGluatt LphO8JtcxOjaR3hpiUgOEZXVaMytLNTIGlULiF/7/sjc3XmmJgAWkg7XYqIKY3h2cLBG OIuw==
Received: by 10.50.7.232 with SMTP id m8mr5810439iga.48.1352320382644; Wed, 07 Nov 2012 12:33:02 -0800 (PST)
Received: from [192.168.1.100] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.4.27]) by mx.google.com with ESMTPS id gs6sm2902405igc.11.2012.11.07.12.33.01 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 07 Nov 2012 12:33:01 -0800 (PST)
Message-ID: <509AC579.3090301@gmail.com>
Date: Wed, 07 Nov 2012 15:32:57 -0500
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Carsten Bormann <cabo@tzi.org>
References: <17F77EDC-3726-4AF2-9848-1C98E3F98B7E@tzi.org>
In-Reply-To: <17F77EDC-3726-4AF2-9848-1C98E3F98B7E@tzi.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: "saag@ietf.org" <saag@ietf.org>, "solace@ietf.org" <solace@ietf.org>
Subject: Re: [solace] Slides posted for SAAG heads-up
X-BeenThere: solace@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "\"Smart Object Lifecycle Architecture for Constrained Environments\" discussion list" <solace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/solace>, <mailto:solace-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/solace>
List-Post: <mailto:solace@ietf.org>
List-Help: <mailto:solace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/solace>, <mailto:solace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2012 20:33:04 -0000
Hi Carsten: Great to discuss some of these topics with SAAG. I believe it would have merit to take this on a more fundamental ITRF level, so as to prevent people throwing a single protocol at the topic area: all context needs to be defined here in a unified way. More importantly, though, this should become an effort aimed at wide-scale usability (the 50billion devices everyone seems to point to in presentations from time to time) Some brief comments: a) Deployment scenarios. I believe it would be a mistake to limit oneself to a single use case scenario. The proverbial light switch-lamp use case comes to mind, which would suffer from the often made assumption that one has a single, homogeneous trust domain (rather than a heterogeneous trust domain setting, where device roles etc are dynamic) and from small network size (after all, if internet of things will have 50 billion devices in 2020, then the avg network size *must* be large). This was the original approach within ZigBee all the way back in 2003, which - in my mind - set back the whole life-cycle management topic for years. By now (2012), there have been lots of studies into more realistic use cases with large-scale deployment by user groups, which do assume one can procure devices from mutually untrusted vendors, have many transitions in the supply-chain, may buy/sell/dispose of subsystems, etc. This all points towards heterogeneous trust models and very dynamic device behavior, without requiring centralized control flows involving a manufacturer (the latter is also undesirable from a survivability perspective). b) Trust life-cycle management. Please note that trust lifecycle management requires both crypto and security protocols (mechanical constructs) and constructs that take care of authorization decisions (initial authorization, changes to device role mapping, device replacement, etc.). The latter seems under-emphasized on the slides. This should include questions as to how to initialize 50 billion devices for virtually $0 apiece. c) Security objectives. An objective such as "not subject to a mass scale attack" would be hard to quantify in terms of required cryptographic assurances. Moreover, it seems to miss the point that some of these highly constrained networks are suppose to safeguard critical infrastructure (municipal water supply, hurricane prediction systems, etc.). In my mind, it would be a mistake to make this an exercise in toning down normal security requirements (under the pretext that this is only for "non-serious applications" (lamp-switch scenario again)). If one wants to get mass scale deployment of the 50 billion devices mark, one cannot aim for "crappy, but good enough" solutions, since no one in a position of accountability would sign off on these (lifes and jobs on the line if something goes wrong, so to speak). The good news is that most high-quality crypto that is also efficient and does not leave a huge implementation footprint is fast becoming a commodity (or is getting there). The bad news is that integration of individual crypto and security constructs *and* security policies that allow these to be woven into a unified, standardizable framework architecture is still far off from sufficient understanding, let alone support via standards (and often simply ruled out of scope, since a "convenient" way to lock out product from other vendors). == Weblink to NIST Cryptography for Emerging Technologies and Applications Workshop, Gaithersburg, MD, November 7-8, 2011 http://www.nist.gov/itl/csd/ct/ceta-workshop.cfm A very old IETF draft of potential interest - with requirements, spelling out crypto + policy requirements, etc. (true: 3yrs old draft [Nov 2009], but referring to needing a home with IETF in concluding section): http://tools.ietf.org/pdf/draft-struik-6lowapp-security-considerations-00.pdf On 11/7/2012 12:45 PM, Carsten Bormann wrote: > The slides for my short report at tomorrow's SAAG meeting are up: > > http://www.ietf.org/proceedings/85/slides/slides-85-saag-3.pdf > > (Disclaimer: These are presentation slides, not a presentation by itself. > So they make sense primarily in combination with what I'm going to say.) > > Grüße, Carsten > > _______________________________________________ > solace mailing list > solace@ietf.org > https://www.ietf.org/mailman/listinfo/solace -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- Re: [solace] Slides posted for SAAG heads-up Carsten Bormann
- Re: [solace] Slides posted for SAAG heads-up Robert Cragie
- [solace] Slides posted for SAAG heads-up Carsten Bormann
- Re: [solace] Slides posted for SAAG heads-up Hannes Tschofenig
- Re: [solace] Slides posted for SAAG heads-up Rene Struik
- Re: [solace] Slides posted for SAAG heads-up Ulrich Herberg
- Re: [solace] Slides posted for SAAG heads-up Rene Struik
- Re: [solace] Slides posted for SAAG heads-up Carsten Bormann
- Re: [solace] Slides posted for SAAG heads-up Rene Struik
- Re: [solace] Slides posted for SAAG heads-up Robert Cragie
- Re: [solace] Slides posted for SAAG heads-up Keoh, Sye Loong
- Re: [solace] Slides posted for SAAG heads-up Rene Struik