Re: [T2TRG] I-D Action: draft-bormann-t2trg-sworn-05.txt

Carsten Bormann <cabo@tzi.org> Mon, 07 February 2022 02:33 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 538CD3A11D0 for <t2trg@ietfa.amsl.com>; Sun, 6 Feb 2022 18:33:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qHEbCCJB_U-K for <t2trg@ietfa.amsl.com>; Sun, 6 Feb 2022 18:32:59 -0800 (PST)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF90E3A11DA for <t2trg@irtf.org>; Sun, 6 Feb 2022 18:32:58 -0800 (PST)
Received: from [192.168.217.118] (p5089ad4f.dip0.t-ipconnect.de [80.137.173.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4JsVYK1JJjzDCc1; Mon, 7 Feb 2022 03:32:53 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <164420063996.4861.16412914210429632901@ietfa.amsl.com>
Date: Mon, 07 Feb 2022 03:32:52 +0100
X-Mao-Original-Outgoing-Id: 665893972.708281-4ce7a822f4226700b4abcf4baea36cba
Content-Transfer-Encoding: quoted-printable
Message-Id: <3BB637D7-CA05-4AC6-A198-007E051C42DE@tzi.org>
References: <164420063996.4861.16412914210429632901@ietfa.amsl.com>
To: t2trg@irtf.org
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/k41Wa_cmp8GFE00D1Q5_Z--b1sE>
Subject: Re: [T2TRG] I-D Action: draft-bormann-t2trg-sworn-05.txt
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2022 02:33:05 -0000

We have now submitted a new version of the SWORN (Secure Wake on Radio Nudging) draft, now with more general considerations on token-based in-network authorization.  I believe in-network authorization can be a useful way to protect energy-limited IoT devices from unwanted traffic (it is not intended to replace application-layer authentication/authorization).  One interesting aspect, as always, is what players are active in this protocol and how they contribute to the ultimate security objective (availability of the IoT devices to legitimate uses).

I hope we can discuss this work in the context of the security activities of this RG.  There of course also is a “Computing in the network” aspect: This design calls for routers to check MACs (message authentication codes) before forwarding packets, and this will generally be needed to be done in the “fast path”.  But maybe fine-tuning of the design can be done once we like its security properties.

The protocol sketches included in the drafts are not intended for standardization (at least not yet), but serve as Gedankenexperiments to obtain the right security and operational properties.

Grüße, Carsten


> On 2022-02-07, at 03:24, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> 
> 
>        Title           : SWORN: Secure Wake on Radio Nudging
>        Authors         : Carsten Bormann
>                          Yizhou Li
> 	Filename        : draft-bormann-t2trg-sworn-05.txt
> 	Pages           : 18
> 	Date            : 2022-02-06
> 
> Abstract:
>   Normally off devices (RFC7228) would need to expend considerable
>   energy resources to be reachable at all times.  Instead, MAC layer
>   mechanisms are often employed that allow the last hop router of the
>   device to "wake" the device via radio when needed.  Activating these
>   devices even for a short time still does expend energy and thus
>   should be available to authorized correspondents only.
>   Traditionally, this has been achieved by heavy firewalling, allowing
>   only authorized hosts to reach the device at all.  This may be too
>   inflexible for an Internet of Things.
> 
>   The present report describes how to use a combination of currently
>   standardized technologies to securely effect this authorization.
> 
>   We also discuss how the general approach of the original SWORN
>   protocol can be extended to cover additional use cases and
>   implementation environments.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-bormann-t2trg-sworn/
> 
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-bormann-t2trg-sworn-05.html
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-bormann-t2trg-sworn-05
> 
> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt