[ietf-enroll] Some thoughts about "imprinting" attracting little attention

[Thierry Moreau]

Dear ietf_enroll participants:

This post is about terminology and high level concepts
in ietf_enroll.

There are two separate driving factors for the
ietf_enroll activities. Both are concerned with
operational issues. Both are sensitive to operational
efficiencies, closely related to operating cost
concerns.

The "service protocol provisioning" driving factor is
the *complexities of configuring new protocols* that
provide a service to an entity that deserve some
authentication assurance. The main issue is dealing
with the pre-existing infrastructure, closely related
to the "power of the installed base" effect. Security
is a concern, aiming at the re-use of pre-existing
keying material, which is a wise strategy for to reduce
human intervention for enrollment-time authentication.
Operating hindrance is mainly created by the diversity
of the installed base. An ietf_enroll model in this
area would accommodate the installed base
heterogeneity.

The "security association inception" driving factor is
*security in the context of virtually no prior
authenticated key material* that can be relied upon. It
is a narrowly-defined security concern, yet an
inescapable one when considering the security
foundations of most crypto-based security schemes. For
some survey of the field, see
http://www.connotech.com/sakem_white_paper_06.htm. The
operating cost concern is significant only when there
are strong disincentives against using shortcuts in
manual security procedures, which is not occurring in
many context. In the absence of such disincentives,
"security association inception" is merely "leap of
faith."

In the IETF62 discussion, the "service protocol
provisioning" seemed equated to "bootstrapping" while
"security association inception" was "imprinting".
However, within the "bootstrapping" concept, someone
(Eric R.) suggested a difference between bootstrapping
with KDC (Key Distribution Centers) and bootstrapping
with weak key material. I see the former falling into a
special case of "service protocol provisioning," and
the later being either side, depending on someone's
driving factor, i.e. if you are satisfied to re-use
(somehow) weak key material, then it's provisioning,
but if you are worried about getting stronger key
material at the outcome of enrollment procedures, then
it's "security association inception."

There isn't much activity in the "security association
inception" arena. The same was said about imprinting in
the IETF62 meeting. That's an empirical finding that I
can confirm.

I leave as an exercise the classification of ad-hoc
mobile networking requirements ...

Hope it helps ...

-- 

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: thierry.moreau at connotech.com