Skip to main content

Early Review of draft-richardson-mud-qrcode-02
review-richardson-mud-qrcode-02-opsdir-early-jaeggli-2021-12-22-00

Request Review of draft-richardson-mud-qrcode-02
Requested revision 02 (document currently at 07)
Type Early Review
Team Ops Directorate (opsdir)
Deadline 2021-12-10
Requested 2021-11-24
Requested by Adrian Farrel
Authors Michael Richardson , Jacques Latour , Hassan Habibi Gharakheili
I-D last updated 2021-12-22
Completed reviews Iotdir Early review of -02 by Jaime Jimenez (diff)
Opsdir Early review of -02 by Joel Jaeggli (diff)
Comments
This document has been presented for publication in the Independent Stream.
The OPSAWG is a potential home for the document, but the WG chairs have indicated that there is no support to spend WG time on it.

The ISE would appreciate reviews from IoT and Operations experts to gather opinions on the document. In particular, the ISE would like to know whether publicaiton would be a bad idea or could be harmful to the Internet.
Assignment Reviewer Joel Jaeggli
State Completed
Request Early review on draft-richardson-mud-qrcode by Ops Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/9fgTVSq9I47Sx8YruQ0ln5uE4fE
Reviewed revision 02 (document currently at 07)
Result Has nits
Completed 2021-12-22
review-richardson-mud-qrcode-02-opsdir-early-jaeggli-2021-12-22-00
I reviewed this document on the behalf of the operations and management
directorate.

While this document is adequately evocative of the risks associated with
essentially unsecured information being ingested via QR codes it's fairly
unsatisfying with respect to mitigitations offered.  this is a much a property
of operating in the real world as it is a question of protocol implementation. 
While this is described as social engineering, it's a more deeply engineered
falsehood that extends outside the realm of human decision-making.

If I were to nitpick the described security issues it is that operation of or
decision making over a device on the basis of  qr code embedded in a sticker
can never provide a degree of certainty that the device is what it says it is
that powering the device up and interrogating it's mud profile can achieve,
that without some transitive trust property that can be extended to the device
on the basis of the security of it's internals (e.g. protected cryptoghric
secrets that the manufacturer or owner have embedded)  that the information
embedded in the online formation cannot be trusted to map to that device.  so
for example if as part of lifecycle management one decides how to dispose of
something broken or unpowered based on a mud profile sticker that information
is not trustworthy on the basis of anything other than common sense or external
validation. e.g. is this transformer full of dioxin or in fact mineral oil as
the documentation behind the sticker claims.