[6tisch-security] planning for ANIMA hackathon work
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 09 February 2017 16:59 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id D00C5129C0C;
Thu, 9 Feb 2017 08:59:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id t-jLeO1zkjOO; Thu, 9 Feb 2017 08:59:29 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca
[IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 3186B129C0D;
Thu, 9 Feb 2017 08:59:29 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21])
by tuna.sandelman.ca (Postfix) with ESMTP id 99A6FE1E2;
Thu, 9 Feb 2017 12:20:34 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1])
by sandelman.ca (Postfix) with ESMTP id 846FF6381A;
Thu, 9 Feb 2017 11:59:25 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: anima@ietf.org
In-Reply-To: <269DFF6F-9F5B-4D10-AB36-D2638CB9C1AE@cisco.com>
References: <269DFF6F-9F5B-4D10-AB36-D2638CB9C1AE@cisco.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;
<'$9xN5Ub#
z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 09 Feb 2017 11:59:25 -0500
Message-ID: <6577.1486659565@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/RiScI5ww4qBC4MAol-u0o-eyeQw>
Cc: 6tisch-security@ietf.org, "hackathon@ietf.org" <hackathon@ietf.org>
Subject: [6tisch-security] planning for ANIMA hackathon work
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: anima@ietf.org
List-Id: Extended Design Team for 6TiSCH security architecture
<6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>,
<mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>,
<mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 16:59:31 -0000
In the last two ANIMA-bootstrap weekly design team calls we had some
discussion about hackathon work. We are mere milimeters away from
a pretty firm voucher specification: with that part nailed down the
bootstrap protocol is essentially done.
We have identified a few places in the bootstrap process where we think that
we will benefit from some interoperation and working together. They are:
1) voucher creation, exchange and validation.
(even if we are doing this with RSA keys and PKCS#7 S/MIME-like wrapping
of JSON rather than the ideal "modern" EdDSA signed CWT objects)
2) Join Registrar / MASA interaction (we recognize we aren't close for March)
3) pledge / Join Registrar interaction (using EST)
4) Join Proxy/Join Registrar discovery (ACP and GRASP things)
5) Pledge/Join proxy discovery (GRASP DULL, but we still have advocates
for using straight mDNS here)
I know that Brian had other things, and he already put some stuff at:
https://www.ietf.org/registration/MeetingWiki/wiki/98hackathon
and I've extended it with the above five points.
I note that the COSE/JOSE people lead by Jim Schaad, are also planning work,
and we have identified CWT as being an important voucher format, probably
it will be *the* format for the 6tisch version of bootstrap.
--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
- [6tisch-security] planning for ANIMA hackathon wo… Michael Richardson