IETF Logo Mail Archive

Re: [T2TRG] RESTful Design & Security

Eliot Lear <lear@cisco.com> Wed, 08 March 2017 10:02 UTC

Return-Path: <lear@cisco.com>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDB2912945E for <t2trg@ietfa.amsl.com>; Wed, 8 Mar 2017 02:02:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zkpr_pBhsJ55 for <t2trg@ietfa.amsl.com>; Wed, 8 Mar 2017 02:02:50 -0800 (PST)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1B7912944F for <T2TRG@irtf.org>; Wed, 8 Mar 2017 02:02:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13864; q=dns/txt; s=iport; t=1488967370; x=1490176970; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=OHKInk2L+JK8MAW5BfNXw4Q/BqaLQZldjEeBCCmTWgk=; b=Hkkj8JAFVrXQmELmeM1xgL++Ywg+mFECNpHPxmwcGsl7aSW2H6Up1GLX HkWKXqRGC9giikKsIDtAhc53qDglnJgYTz5IAwerkjWokI7IsVPzvbYyE ZHXf6evgUUEOtGetXOBN7keBTBQGYGE4e37p1Xidouv17+q9nFhgcJGl6 M=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AMCQB/1b9Y/xbLJq1UCRkBAQEBAQEBAQEBAQcBAQEBAYJugUQDJ2CDYIoMc5A5H5ALhS2CDR8BCoJCgzYCgnMYAQIBAQEBAQEBayiFFQEBAQQBASEKOwYLDAQJAhUCASoCAicoCAYBDAYCAQGJYwMVDpIwnVmCJiuKUwEBAQEBAQEBAQEBAQEBAQEBAQEBAQ4KBYhTCIJiglGBXIMtgl8FlXiGO4N4ggmMN4pOhlGTPR84gQMiFQgXFT+GVT81ihMBAQE
X-IronPort-AV: E=Sophos;i="5.36,262,1486425600"; d="asc'?scan'208,217";a="653103522"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Mar 2017 10:02:47 +0000
Received: from [10.61.255.19] ([10.61.255.19]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v28A2k86027867; Wed, 8 Mar 2017 10:02:47 GMT
To: "Kovatsch, Matthias" <matthias.kovatsch@siemens.com>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, "mcr+ietf@sandelman.ca" <mcr+ietf@sandelman.ca>
References: <c15a387f-9dd3-987e-2901-b86fd8f60108@gmx.net> <10144.1488908366@obiwan.sandelman.ca> <952c4a16-174f-2457-1f11-8f733e738f90@gmx.net> <4EBB3DDD0FBF694CA2A87838DF129B3C01AA2F98@DEFTHW99EL4MSX.ww902.siemens.net> <558bae1a-ff84-9fb3-c6bf-021f492e9a04@gmx.net> <4EBB3DDD0FBF694CA2A87838DF129B3C01AA313F@DEFTHW99EL4MSX.ww902.siemens.net>
From: Eliot Lear <lear@cisco.com>
Message-ID: <c85cbfa5-083c-9159-3e01-001b353a3e35@cisco.com>
Date: Wed, 08 Mar 2017 11:02:45 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <4EBB3DDD0FBF694CA2A87838DF129B3C01AA313F@DEFTHW99EL4MSX.ww902.siemens.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="pAtqxFEcAmPSO1vvvwnWJEIhII0WTCp5M"
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/VAx39_WyCx5jQ_HpdlblUY4N5bY>
Cc: "T2TRG@irtf.org" <T2TRG@irtf.org>
Subject: Re: [T2TRG] RESTful Design & Security
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2017 10:02:53 -0000

Matthias,

I think the key question that everyone seems to be dancing around is this:

What is an Internet host in the context of IoT?  What are the minimum
qualities it must possess?  I don't mean this to be a vote, but more of
a law of physics sort of thing.  For instance, does a host have a secure
unique identity?  What capabilities must it have?  I would expect them
to be very few, but there are assuredly some...

Eliot


On 3/7/17 8:36 PM, Kovatsch, Matthias wrote:
> Fair enough.
>
> Yes, I am on this IoT Directorate. I would say a large fraction of the
> T2TRG participants has been arguing that the Internet of Gateways is
> not a good approach. Your security-related summary proves this point.
>
> I personally don't see end-to-end security happening if we keep mixing
> application protocols, keep using black-magic middleboxes, and keep
> using proprietary interfaces at the device level. We need something
> end-to-end (or T2T) for end-to-end security.
>
> Best wishes
> Matthias
>
>
>
> Sent from my phone, limitations might apply.
>
> -----Original Message-----
> *From:* Hannes Tschofenig [hannes.tschofenig@gmx.net]
> *Received:* Tuesday, 07 Mar 2017, 20:10
> *To:* Kovatsch, Matthias (CT RDA NEC EMB-DE)
> [matthias.kovatsch@siemens.com]; mcr+ietf@sandelman.ca
> [mcr+ietf@sandelman.ca]
> *CC:* T2TRG@irtf.org [T2TRG@irtf.org]
> *Subject:* Re: [T2TRG] RESTful Design & Security
>
> Hi Matthias,
>
> I know that this is a research group and everyone can create whatever
> they want.
>
> We briefly talked about security at the IoT directorate conference call
> and I would be interesting to hear what works and what does not work for
> others.
>
> Ciao
> Hannes
>
>
> On 03/07/2017 07:45 PM, Kovatsch, Matthias wrote:
> > On big propaganda tour? :P
> >
> > Regards
> > Matthias
> >
> >
> > Sent from my phone, limitations might apply.
> >
> > -----Original Message-----
> > *From:* Hannes Tschofenig [hannes.tschofenig@gmx.net]
> > *Received:* Tuesday, 07 Mar 2017, 19:39
> > *To:* Michael Richardson [mcr+ietf@sandelman.ca]
> > *CC:* t2trg@irtf.org [T2TRG@irtf.org]
> > *Subject:* Re: [T2TRG] RESTful Design & Security
> >
> > OSCOAP does not work when
> >
> > * you mix protocols,
> > * use a middlebox for some processing interactions (such as data
> > aggregation), and
> > * when one of the protocols is a non-RESTful protocol, such as BLE
> or MQTT.
> >
> > Unfortunately, these the use cases we are facing in current IoT
> > deployments. For similar reasons we cannot use RFC 8075 either.
> >
> > Maybe you are seeing different deployment environments.
> >
> > Ciao
> > Hannes
> >
> > On 03/07/2017 06:39 PM, Michael Richardson wrote:
> >>
> >> Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> >>     > Needless to say that these challenges have also been observed
> in other
> >>     > protocols as well, such as HTTP and even SIP.
> >>
> >>     > What is the story for providing application layer security?
> >>
> >> OSCOAP seems to be end-to-end to me.
> >>
> >> --
> >> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> >>  -= IPv6 IoT consulting =-
> >>
> >>
> >>
> >
> >
> >
> > _______________________________________________
> > T2TRG mailing list
> > T2TRG@irtf.org
> > https://www.irtf.org/mailman/listinfo/t2trg
> >
>
>
>
> _______________________________________________
> T2TRG mailing list
> T2TRG@irtf.org
> https://www.irtf.org/mailman/listinfo/t2trg

v2.23.0 | Report a Bug | By Email