Re: [Ace] EST over CoAP in ACE wg
Samuel Erdtman <samuel@erdtman.se> Mon, 21 November 2016 16:30 UTC
Return-Path: <samuel@erdtman.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3253F1296AF for <ace@ietfa.amsl.com>; Mon, 21 Nov 2016 08:30:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JGtaxnbKhG3Q for <ace@ietfa.amsl.com>; Mon, 21 Nov 2016 08:30:51 -0800 (PST)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F82C12963E for <ace@ietf.org>; Mon, 21 Nov 2016 08:30:51 -0800 (PST)
Received: by mail-wm0-x233.google.com with SMTP id f82so154677633wmf.1 for <ace@ietf.org>; Mon, 21 Nov 2016 08:30:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IULcAwVxHsnWDxIxEq5JepeEgMqfuoe9WemLn+TfQ0c=; b=xWpYeXKPTWI+CjmJBNmuCjzvCajSZTSYPxmWKPXhod128anstMHrvrHhTmETbtXHwa rGGGcuEObiq0t7bsBR0btBfVk+5CH3nVg0C51AV53wjp5ANgsWX8GDzaUAJgYHIuZwcR pe7j3Pr21EcdwnVyLo9p4a5DTKFs36H3jPAl83vFfG5pq4XGm7z5gU3R+eOE5sBnB/q0 Szj0V1z69P0V69PI6flsDZQsMtEMffPrLkthbqy7Rd3pCTEYrekNBYEw1v8O83X6NInz iQTsidzSV0GMzlAvF6OzRrOwhFtVUWc4AEjuODQfrZYWSGzIno4PXNfEM1J3Jy4zB2V9 Z4Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IULcAwVxHsnWDxIxEq5JepeEgMqfuoe9WemLn+TfQ0c=; b=Flk0ri9AYg3KJYdhdwd8HscSJsHmlRgoH+POGhK31SSpPqXA0WhCYpRuLdD156ySDb N2+WjeMh1IsVXnEFIfiL1eTrzgtNF5QQ6+BoriE96/F/Ifiew0SJThGtBd0IMum7GCxV 5MqXFuGGHE0uQfQYAXW0SvsbUY1NxFfamvDfDB3uYsD4A+2yrCvANeAoc4a+iP5Uoqhi NktyBpyLmN5JHGqzxqb4yx1ez1cEi9NNHOqb9TX0Qv7Cq2kb8TCeYAg7R/g7pQEbuCFF VA3GtLGJYWcskLr95TAFQlFfEfTbUVGx/Az8uwOwlvow00RZ08SVva7KZk7lZ4xsypyI sohg==
X-Gm-Message-State: AKaTC02UqiUYvQYASckxoE7XY+MC+FVOghneNt/XUNVGuotwx5BYdKViHNEC3pJ9tR57wGrV91r19DsQOis4/Q==
X-Received: by 10.28.178.10 with SMTP id b10mr16934860wmf.83.1479745849954; Mon, 21 Nov 2016 08:30:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.117.103 with HTTP; Mon, 21 Nov 2016 08:30:49 -0800 (PST)
In-Reply-To: <6525c5f0b6e040b683ccd9c43b1c5e2f@VI1PR9003MB0237.MGDPHG.emi.philips.com>
References: <6525c5f0b6e040b683ccd9c43b1c5e2f@VI1PR9003MB0237.MGDPHG.emi.philips.com>
From: Samuel Erdtman <samuel@erdtman.se>
Date: Mon, 21 Nov 2016 17:30:49 +0100
Message-ID: <CAF2hCbZ20qp91wVyMCSsXu-HMD5dzPhq5KKJkO+SVBrTK09qbQ@mail.gmail.com>
To: "Kumar, Sandeep" <sandeep.kumar@philips.com>
Content-Type: multipart/alternative; boundary="001a1144513cbead910541d22d2f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/0PIuQQtVnemZIz5Hydar0rLMGVA>
Cc: Shahid Raza <shahid@sics.se>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, "consultancy@vanderstok.org" <consultancy@vanderstok.org>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Ace] EST over CoAP in ACE wg
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 16:30:58 -0000
Hi All, To run EST over DTLS and CoAP to address more constrained devices is not new to me, this was part of conversations that neXus (my previous employer) and SICS had about one and a half year ago. I would support this work. I think certificates makes sense for ACE because of the connection to existing security infrastructure. At neXus we did SCEP and CMP enrollment but when moving to more constrained devices it would make sense to move to use EST over CoAP and DTLS. In addition to being quite simple compared to SCEP and CMP, EST also support server side generated keys which could be a benefit for constrained devices. Not because the devices could not generate the key but in some case keys needs to be generated in trusted and certified hardware (FIPS, CC etc.) to "know" that keys are of good quality. //Samuel On Mon, Nov 21, 2016 at 3:00 PM, Kumar, Sandeep <sandeep.kumar@philips.com> wrote: > Dear ACE members > > > > Peter van Stok gave a short overview during the ACE f2f meeting on the > work related to EST (RFC 7030) over DTLS secured CoAP ( > draft-vanderstok-core-coap-est-00 > <https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00>). In the > meeting there was general interest among the audience for the work and ACE > as the preferred WG for this item. There are additional drafts and work on > the same topic like the draft-pritikin-coap-bootstrap-01 > <https://tools.ietf.org/html/draft-pritikin-coap-bootstrap-01> and the > email from Shahid https://www.ietf.org/mail-archive/web/ace/current/ > msg02029.html > > The idea is to merge these into a single draft (already discussed among > us). > > > > We would like to get feedback on the mailing list if indeed ACE would be a > right place to continue this work as was perceived during the f2f meeting. > Please respond if you support (or not) the activity going forward in ACE wg. > > > > Kind Regards > > Sandeep > > > > > > ------------------------------ > The information contained in this message may be confidential and legally > protected under applicable law. The message is intended solely for the > addressee(s). If you are not the intended recipient, you are hereby > notified that any use, forwarding, dissemination, or reproduction of this > message is strictly prohibited and may be unlawful. If you are not the > intended recipient, please contact the sender by return e-mail and destroy > all copies of the original message. > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > >
- [Ace] EST over CoAP in ACE wg Kumar, Sandeep
- Re: [Ace] EST over CoAP in ACE wg Somaraju Abhinav
- Re: [Ace] EST over CoAP in ACE wg Eliot Lear
- Re: [Ace] EST over CoAP in ACE wg Panos Kampanakis (pkampana)
- Re: [Ace] EST over CoAP in ACE wg Samuel Erdtman
- Re: [Ace] EST over CoAP in ACE wg Shahid Raza
- Re: [Ace] EST over CoAP in ACE wg Brian Weis (bew)
- Re: [Ace] EST over CoAP in ACE wg Martin Furuhed Nexus
- Re: [6tisch-security] [Ace] EST over CoAP in ACE … Michael Richardson
- Re: [Anima-bootstrap] [Ace] EST over CoAP in ACE … Michael Richardson
- Re: [6tisch] [Ace] EST over CoAP in ACE wg Michael Richardson
- Re: [Ace] EST over CoAP in ACE wg Michael Richardson
- Re: [Ace] EST over CoAP in ACE wg Michael Richardson
- Re: [Anima-bootstrap] [Ace] EST over CoAP in ACE … peter van der Stok
- Re: [6tisch] [Ace] EST over CoAP in ACE wg peter van der Stok
- Re: [6tisch-security] [Ace] EST over CoAP in ACE … peter van der Stok
- Re: [Ace] EST over CoAP in ACE wg peter van der Stok
- Re: [Ace] [Anima-bootstrap] EST over CoAP in ACE … Panos Kampanakis (pkampana)
- Re: [Anima-bootstrap] [Ace] EST over CoAP in ACE … Panos Kampanakis (pkampana)
- Re: [6tisch-security] [Anima-bootstrap] [Ace] EST… Panos Kampanakis (pkampana)
- Re: [6tisch] [Anima-bootstrap] [Ace] EST over CoA… Panos Kampanakis (pkampana)
- Re: [6tisch-security] [Ace] [Anima-bootstrap] EST… Sandeep Kumar
- Re: [6tisch] [Ace] [Anima-bootstrap] EST over CoA… Sandeep Kumar
- Re: [Anima-bootstrap] [Ace] EST over CoAP in ACE … Sandeep Kumar
- Re: [Ace] [Anima-bootstrap] EST over CoAP in ACE … Sandeep Kumar
- [Anima-bootstrap] CoAP mandatory? Liubing (Leo)
- Re: [Anima-bootstrap] CoAP mandatory? Panos Kampanakis (pkampana)
- Re: [Anima-bootstrap] CoAP mandatory? Liubing (Leo)
- Re: [Anima-bootstrap] CoAP mandatory? Michael Richardson
- Re: [Anima-bootstrap] CoAP mandatory? Liubing (Leo)
- Re: [Anima-bootstrap] CoAP mandatory? Carsten Bormann
- Re: [Anima-bootstrap] CoAP mandatory? Liubing (Leo)
- Re: [Anima-bootstrap] CoAP mandatory? peter van der Stok
- Re: [Anima-bootstrap] CoAP mandatory? Michael Richardson
- Re: [Anima-bootstrap] CoAP mandatory? Michael Richardson
- Re: [Ace] [Anima-bootstrap] EST over CoAP in ACE … Michael Richardson
- Re: [Anima-bootstrap] [Ace] EST over CoAP in ACE … Michael Richardson
- Re: [6tisch-security] [Anima-bootstrap] [Ace] EST… Michael Richardson
- Re: [6tisch] [Anima-bootstrap] [Ace] EST over CoA… Michael Richardson