IETF Logo Mail Archive

Re: [T2TRG] review of draft-irtf-t2trg-iot-seccons

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 22 February 2018 12:42 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7156812426E for <t2trg@ietfa.amsl.com>; Thu, 22 Feb 2018 04:42:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lUa8nddV7XLA for <t2trg@ietfa.amsl.com>; Thu, 22 Feb 2018 04:41:58 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3112012EA87 for <t2trg@irtf.org>; Thu, 22 Feb 2018 04:41:57 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id D0A64BE51; Thu, 22 Feb 2018 12:41:53 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oidw11HsjqQN; Thu, 22 Feb 2018 12:41:53 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 63D9ABE4C; Thu, 22 Feb 2018 12:41:53 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1519303313; bh=pb57Hc175fEf+VGLk5sQQGk9KMwjy1Spd8V3Nq0XirU=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=SImqhk5j1T/23Q2oH0HwIdSFN46sw0pMdkifyqo+MMEI7TUwQfFzmbCUIqiba/tb3 2VdGM6F0rdZGA3pS8wyJ7XnhHgsNucJ4FGIrgzxrpzwhxEkGr8mGPGdSlaA6u6A+xp hvU6iVdIplrZu4Mj6SC2P+hlvTaQjkb88I1aHzoU=
To: Eliot Lear <lear@cisco.com>, Mohit Sethi <mohit.m.sethi@ericsson.com>, t2trg@irtf.org
Cc: "Garcia-Morchon O, Oscar" <oscar.garcia-morchon@philips.com>, Jim Schaad <ietf@augustcellars.com>
References: <4c4023dd-4f36-eb55-8178-2e12f40c52a8@cs.tcd.ie> <fe111a5b-c474-74d1-fb7c-2adb0dc53cd1@ericsson.com> <ab60cda0-1bc2-bdb8-3427-a5a31d2f899b@cs.tcd.ie> <e6353500-ad62-ec8e-db56-43e5879bde9d@cisco.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <437bcece-df2d-230f-357b-9208fe0e88ac@cs.tcd.ie>
Date: Thu, 22 Feb 2018 12:41:52 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <e6353500-ad62-ec8e-db56-43e5879bde9d@cisco.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="QTOHXUCFRE0sVWdrTrXVExFMX0g7xO6as"
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/RPsPWUayonh1dGEu8lhkuv7L28M>
Subject: Re: [T2TRG] review of draft-irtf-t2trg-iot-seccons
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2018 12:42:00 -0000

Hiya,

On 22/02/18 12:08, Eliot Lear wrote:
> Hi Stephen,
> 
> 
> On 22.02.18 12:05, Stephen Farrell wrote:
>> I still think the RG should consider whether to make a strong
>> recommendation that devices that are incapable of verifying a
>> reasonable signature are really highly likely to cause trouble.
>> IOW, couldn't the RG RECOMMEND that such devices ought not be
>> even indirectly exposed to the Internet, given the real-world
>> threats faced? If the RG did have consensus on that, then that
>> would I think help those developing standards and subsequent
>> users of devices built to those standards.
> 
> I think this depends on just how connected we are talking about. Where
> does one draw the line?  Surely we have seen Bluetooth exploits, for
> example.  What about serial devices?  Does an actuator that takes a
> simple +/- count?  To put this into some context, let's talk about
> automotive vulnerabilities.  A classic way into a car is via the 3G
> interface in the entertainment system, but an equally possible way in,
> as Cantor et al demonstrated was via the diagnostic port.  Should a
> brake actuator require authentication on the CAM?  How many ms do you
> get or how many mw can you spend on the op before it impacts the
> distance an electric vehicle can travel before its next charge?  A
> careful drawing of the line is in order for any such recommendation, and
> the parameters of that recommendation are worthy of exploration.

I agree that any "baseline" crypto capability recommendation
would need such exploration and justification. OTOH, we do
kinda know that s/w update pretty much needs signatures, which
is why I suggest that the ability to verify some signatures
at some time(s) could be a good baseline capability to consider.
(That's not to suggest that all inbound messages to all devices
be signed, as that'd not be a good plan:-)

What I'm suggesting is that the RG do the exercise of trying
to see if such a baseline could be usefully described. (And as
I'm not on the RG list, it could be that that's been discussed,
but if so, that's not visible in this draft.)

Cheers,
S.

v2.37.1 | Report a Bug | By Email | System Status