Hello René: Thanks for this; indeed, I noted that you and Michael disagree on the questions I attached. So I'm looking for others to give their own point of view. At the very least, I would expect that we define that the authentication of the JA really means that we validate that the JA pertains to the network that the node should join, as opposed to validate that the JA is whoever it claims, which is of secondary interest.
Cheers, Pascal From: Rene Struik [mailto:[email protected]] Sent: mardi 7 avril 2015 21:01 To: Pascal Thubert (pthubert); [email protected] Subject: Re: [6tisch] Michael's comments on the security section Hi Pascal: Please note that I provided suggested dispositions of all security-related comments re draft-ietf-6tisch-architecture-05 roughly a month ago, on Thu March 5, 2015: a) Suggested disposition of Jonathan Simon's comments: Please see my email of Thu March 5, 2015, 7.26pm EDT: http://www.ietf.org/mail-archive/web/6tisch/current/msg03020.html Note: suggested disposition discussed (and formulated) during conf call with Kris Pister, who acted on Jonathan Simon's behalf. b) Suggested disposition of Michael Richardson's comments: Please see my email of Thu March 5, 2015, 7.27pm EDT: http://www.ietf.org/mail-archive/web/6tisch/current/msg03021.html c) Suggested disposition of my own comments: Please see my email of Thu March 5, 2015, 8:17pm EDT:http://www.ietf.org/mail-archive/web/6tisch/current/msg03022.html I suggest you give this a look. Best regards, Rene On 4/7/2015 2:42 PM, Pascal Thubert (pthubert) wrote: Dear all : I published in the bucket an early version of archie 07 that takes care of most of Michael's comments (Michael please review my responses in the tickets and eventually propose a better stack figure). But some comments on section 13 need some more attention, in particular from the security DT. Here they are: ------------ Device Authentication: The JN and the JA mutually authenticate each other and establish a shared key, so as to ensure on-going authenticated communications. This may involve a server as a third party. I again say that this is incorrect, the JA will never be able to authenticate itself to the JN. It may be able to present some authorization from the network owner, that the JA is authorized to act on behalf of the network owner. Unless you consider un-authenticated DH exchange "authentication", or you decide that it's okay for the JA to just not accept any public (some kind of leap of faith), the JA will not have an identity that a JN will accept. ----------- I have also repeatedly complained that figure 10 is inaccurate, because it fails to depict that authorization begins before authentication finishes. Perhaps the second two unidirectional arrows are part of the authentication phase, I don't know. I suggest that figure 10 be omitted. --------- Comments? Cheers, Pascal _______________________________________________ 6tisch mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/6tisch -- email: [email protected]<mailto:[email protected]> | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
