Hi all, as I mentioned in the past I consider this document problematic.
The selected hardware gives the impression that IoT devices need very
low requirements. This gives inexperienced readers the wrong impression.
At no point in the document it explains why a typical software stack
required for an IoT device would fit on hardware that has 2 kB of SRAM,
and 32 kB of flash memory. What did you put on that device? (CoAP, DTLS,
Resource Directory, SENML -- protocol talk about in Section 9) I suspect
that there is no firmware update mechanism in place, which is a
typically demanded feature for IoT devices in order to address bugs.
Other IETF publications recommend key sizes of at least 112 bits
(symmetric). Here is the relevant table from RFC 4492:
Symmetric | ECC | DH/DSA/RSA
------------+---------+-------------
80 | 163 | 1024
112 | 233 | 2048
128 | 283 | 3072
192 | 409 | 7680
256 | 571 | 15360
The document, however, describes RSA key sizes of 64, 128, 512 and 2014
bits! It makes no sense to illustrate performance, and memory
requirements of key sizes that shouldn't be used in today's IoT hardware.
The document says that it describes smart object implementation
experience but clearly this is far away from real world product
experience. The need for a random number generator is essentially
missing and a reference to a software library does not help either.
I believe you have started with some hardware and then created the
software & performance measurements. The recommended approach is,
however, to first think about security and the requirements and
subsequently think about what hardware supports the security
requirements and therefore mitigates the threats.
The document references several work in progress specifications. Also
the pointers to specifications like HIP or IPsec for use with IoT
devices is misleading since they are not reflecting industry practice.
They are at best university research projects.
Ciao
Hannes
On 03/06/2017 10:35 AM, Mudugodu Seetarama Raghavendra wrote:
> +1
>
>
> Regards,
>
> Raghavendra
>
>
>
> ------------------------------------------------------------------------
> *From:* Lwip <lwip-boun...@ietf.org> on behalf of Rahul Jadhav
> <rahul.i...@gmail.com>
> *Sent:* Saturday, March 4, 2017 7:30 PM
> *To:* lwip@ietf.org
> *Subject:* Re: [Lwip] WGLC for draft-ietf-lwig-crypto-sensors-02
>
> The draft provides useful information to implementors about different
> challenges related to security aspects especially towards using low-end
> hardware. The deployment model described with the experiences will prove
> helpful to implementors. Will be helpful to take this work forward.
>
> Regards,
> Rahul
>
> On 22 February 2017 at 08:45, Zhen Cao <zhencao.i...@gmail.com
> <mailto:zhencao.i...@gmail.com>> wrote:
>
> Hello everyone,
>
> This email starts the WGLC for draft-ietf-lwig-crypto-sensors-02
> (https://tools.ietf.org/html/draft-ietf-lwig-crypto-sensors-02
> <https://tools.ietf.org/html/draft-ietf-lwig-crypto-sensors-02>)
>
> Could you help review the document and send your comments to the
> mailing list. Thank you in advance.
>
> The WGLC will end in two weeks from now.
>
> BR,
> Zhen
>
> _______________________________________________
> Lwip mailing list
> Lwip@ietf.org <mailto:Lwip@ietf.org>
> https://www.ietf.org/mailman/listinfo/lwip
> <https://www.ietf.org/mailman/listinfo/lwip>
>
>
>
>
> _______________________________________________
> Lwip mailing list
> Lwip@ietf.org
> https://www.ietf.org/mailman/listinfo/lwip
>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Lwip mailing list Lwip@ietf.org https://www.ietf.org/mailman/listinfo/lwip
