Early Review of draft-richardson-mud-qrcode-02
review-richardson-mud-qrcode-02-opsdir-early-jaeggli-2021-12-22-00
Request | Review of | draft-richardson-mud-qrcode-02 |
---|---|---|
Requested revision | 02 (document currently at 07) | |
Type | Early Review | |
Team | Ops Directorate (opsdir) | |
Deadline | 2021-12-10 | |
Requested | 2021-11-24 | |
Requested by | Adrian Farrel | |
Authors | Michael Richardson , Jacques Latour , Hassan Habibi Gharakheili | |
I-D last updated | 2021-12-22 | |
Completed reviews |
Iotdir Early review of -02
by Jaime Jimenez
(diff)
Opsdir Early review of -02 by Joel Jaeggli (diff) |
|
Comments |
This document has been presented for publication in the Independent Stream. The OPSAWG is a potential home for the document, but the WG chairs have indicated that there is no support to spend WG time on it. The ISE would appreciate reviews from IoT and Operations experts to gather opinions on the document. In particular, the ISE would like to know whether publicaiton would be a bad idea or could be harmful to the Internet. |
|
Assignment | Reviewer | Joel Jaeggli |
State | Completed | |
Request | Early review on draft-richardson-mud-qrcode by Ops Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/ops-dir/9fgTVSq9I47Sx8YruQ0ln5uE4fE | |
Reviewed revision | 02 (document currently at 07) | |
Result | Has nits | |
Completed | 2021-12-22 |
review-richardson-mud-qrcode-02-opsdir-early-jaeggli-2021-12-22-00
I reviewed this document on the behalf of the operations and management directorate. While this document is adequately evocative of the risks associated with essentially unsecured information being ingested via QR codes it's fairly unsatisfying with respect to mitigitations offered. this is a much a property of operating in the real world as it is a question of protocol implementation. While this is described as social engineering, it's a more deeply engineered falsehood that extends outside the realm of human decision-making. If I were to nitpick the described security issues it is that operation of or decision making over a device on the basis of qr code embedded in a sticker can never provide a degree of certainty that the device is what it says it is that powering the device up and interrogating it's mud profile can achieve, that without some transitive trust property that can be extended to the device on the basis of the security of it's internals (e.g. protected cryptoghric secrets that the manufacturer or owner have embedded) that the information embedded in the online formation cannot be trusted to map to that device. so for example if as part of lifecycle management one decides how to dispose of something broken or unpowered based on a mud profile sticker that information is not trustworthy on the basis of anything other than common sense or external validation. e.g. is this transformer full of dioxin or in fact mineral oil as the documentation behind the sticker claims.