On 2016-07-21 14:49, Michael StJohns wrote:
On 7/21/2016 5:29 AM, Ludwig Seitz wrote:On 2016-07-21 11:04, Michael Richardson wrote:Why will ACE succeed when DICE failed? Does ACE now have some knowledge or mechanism that DICE couldn't have created because it was out of scope?ACE is (also) about authorization, which DICE wasn't. A compromised lightbulb might well have the possibility to talk to a door lock (using it's group key), but it would lack the authorization to do anything with the lock. IMHO that's what ACE add that DICE didn't have (and wasn't chartered to have).Hi Ludwig - Sorry - you are incorrect. The group key is also the authorization key in the model proposed. Any entity that holds that key can forge a message that can cause the action authorized by the issuance of that key. In your example, assuming that the door lock and the lightbulb share the same group key, then compromising the lightbulb allows you to control the door lock.
That is certainly not the model I had in mind. Why on earth would a sane Authorization Server issue OAuth access tokens that authorize operations on the door-locks and that are bound to the lightbulb-group key?
The way I see this play out is this: In the low latency cases, with low security requirements (such as turning on lights, or operating blinds) you can use the group key for authorization, but this authorization would be clearly scoped to the lights or blinds. Resources with higher security requirements (such as door-locks) shouldn't be on the same multicast-group to start with, but even if they were, they SHOULD NOT be configured to accept actuator commands authorized by access tokens bound to a multicast group key.
Would that address your concerns? /Ludwig -- Ludwig Seitz, PhD SICS Swedish ICT AB Ideon Science Park Building Beta 2 Scheelevägen 17 SE-223 70 Lund Phone +46(0)70-349 92 51 http://www.sics.se
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
