Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Fri, 17 May 2019 15:36 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C021D120135 for <ace@ietfa.amsl.com>; Fri, 17 May 2019 08:36:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Qagvc9/d; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=NfclOKfO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i8t-c82pEM_4 for <ace@ietfa.amsl.com>; Fri, 17 May 2019 08:36:10 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1D08120364 for <ace@ietf.org>; Fri, 17 May 2019 08:35:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2447; q=dns/txt; s=iport; t=1558107358; x=1559316958; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=X3QF97QHzselvj/mVMjQl3eOQ7BTTUnHNd/A473ucl0=; b=Qagvc9/dPBefWk2CrFqQ1nxTXjNXq2jqPSDz5pRJ6l76pj4oXfX/PnYh KI7pbXIJxp+TAgtbQLvv2wqF1ySajMCm4BhSBc1Q1XKAB2cTbm0FEYMXF MtymOwUCZNvXkrAXzU78prmxIKZogkfr3GbiXjZSO2/jCow19uFsZbXKr Y=;
IronPort-PHdr: 9a23:DK3kABO+YMZlxBMZp7wl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBjjL/fvdyU8FexJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BKAABe1N5c/4oNJK1kHAEBAQQBAQcEAQGBUQcBAQsBgT1QA2lVIAQLKIdZA4RSiiRKgg2XJ4EugSQDVAkBAQEMAQEYCwoCAQGEQAKCNCM0CQ4BAwEBBAEBAgEEbRwBC4VKAQEBBAEBECgGAQEsDAsEAgEIEQQBAR8QJwsdCAIEEwgagwGBagMdAQ6fIgKBNYhfgiCCeQEBBYE2Ag5BgnwYgg8JgTQBi1AXgUA/gRFGgkw+gmEBAQIBARaBMRiDOoImqBoJAoILhi6MaIIdZ4VujSaMUYElhUSOTgIEAgQFAg4BAQWBTziBV3AVGiGCbAmCBoNvhRSFP3IBgSiOWQEB
X-IronPort-AV: E=Sophos;i="5.60,480,1549929600"; d="scan'208";a="272834985"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 May 2019 15:35:57 +0000
Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x4HFZvs7004912 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <ace@ietf.org>; Fri, 17 May 2019 15:35:57 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 17 May 2019 10:35:56 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 17 May 2019 10:35:56 -0500
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 17 May 2019 11:35:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gaYXv+lzYKiey1RuiCXw5DdVrxN97ud8KJWtE0Lg9xw=; b=NfclOKfOkYKY+gVpfIMeRgCj75TvbR87Tx4pMiZ6EUcevzhxUaxyHxVunP7xJ+A1+NAiRDv6x1RfHmvp0djqFAS7zUfa+yoOd3WmiVQw+2faeXNyExK1aZwNNeMJhez9fNSRcjusdZZeh43LjSN7ei/jUmzYoqOzEMsWYAQbEZY=
Received: from MWHPR11MB1838.namprd11.prod.outlook.com (10.175.53.141) by MWHPR11MB1791.namprd11.prod.outlook.com (10.175.53.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.17; Fri, 17 May 2019 15:35:55 +0000
Received: from MWHPR11MB1838.namprd11.prod.outlook.com ([fe80::4964:5495:9121:8f12]) by MWHPR11MB1838.namprd11.prod.outlook.com ([fe80::4964:5495:9121:8f12%7]) with mapi id 15.20.1900.010; Fri, 17 May 2019 15:35:55 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt
Thread-Index: AQHVDMWddQFmHhPwYk+M2tBX23+L/6ZvciLA
Date: Fri, 17 May 2019 15:35:55 +0000
Message-ID: <MWHPR11MB18385D70221AC1A962C97623C90B0@MWHPR11MB1838.namprd11.prod.outlook.com>
References: <155810704144.26327.4695280572619758639@ietfa.amsl.com>
In-Reply-To: <155810704144.26327.4695280572619758639@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [2001:420:c0c4:1007::233]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2bd70e74-ba8d-4688-3960-08d6dadd59f8
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:MWHPR11MB1791;
x-ms-traffictypediagnostic: MWHPR11MB1791:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <MWHPR11MB1791B04579CBCFDCBEEF23F7C90B0@MWHPR11MB1791.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 0040126723
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(39860400002)(346002)(136003)(396003)(53754006)(189003)(199004)(13464003)(14454004)(478600001)(476003)(966005)(6916009)(2906002)(99286004)(7696005)(229853002)(6436002)(5640700003)(55016002)(76176011)(8936002)(6506007)(1730700003)(81166006)(81156014)(8676002)(102836004)(53546011)(186003)(446003)(6116002)(256004)(14444005)(486006)(11346002)(46003)(52536014)(66946007)(76116006)(73956011)(66476007)(66556008)(64756008)(66446008)(86362001)(6246003)(25786009)(33656002)(53936002)(2501003)(2351001)(7736002)(71200400001)(71190400001)(316002)(66574012)(5660300002)(74316002)(305945005)(6306002)(68736007)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1791; H:MWHPR11MB1838.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: WYfEDosMvYTNf0z0D05Ccmoc2k4HIroAEkC6MfLeJIqJXM4bmBao5DLYpQxfIh/miwwN3ZLRaRqcvWNWRQFUBbud+hKsCR7qtxrqt8RaBBKTXb7zCkgKfdTpzBaSz9aSvKnOXPbVtfv6DcitgRWHuD27TzHT4djxOXZZ5+c3aMI7g0LWMb0oiJGDxZQMrRKchEeTRAjDd566uEhROadBqydsSokmnUV/q5fYcmzswDvBFdIy5T04qnZl97PJ0VhIThouG3x2Ixnkc4rGttk+21W6HSktOnMXfvmlcntyDzJR+uH8Mi6l/K2+6KlfZ2ZCD3OH3CUpqd/mFg4LsQGF4S5yUp+ZwOpAEXcqWavKLpyire4i+95BCX/k/KEYWkphTMGkzAL8MunBxkYBdd7y2n4f5AD+PlEiBISML4XFKCo=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2bd70e74-ba8d-4688-3960-08d6dadd59f8
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 May 2019 15:35:55.1170 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1791
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com
X-Outbound-Node: alln-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/1IRs9o9P__weIrqRO0ZStbYpS-4>
Subject: Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2019 15:36:14 -0000

Hi all, 

This latest update addresses feedback while in WGLC" 
- the comments by Hannes and Esko related to RNG and server-side key gen. It aims to prevent misunderstandings that random numbers are not needed any more if server-side key gen is used. 
- the nits with "/crt" instead of "/crts" pointed out by Esko. 

The diff is here https://tools.ietf.org/rfcdiff?url2=draft-ietf-ace-coap-est-11.txt 

Thanks,
Panos

-----Original Message-----
From: Ace <ace-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Friday, May 17, 2019 11:31 AM
To: i-d-announce@ietf.org
Cc: ace@ietf.org
Subject: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Authentication and Authorization for Constrained Environments WG of the IETF.

        Title           : EST over secure CoAP (EST-coaps)
        Authors         : Peter van der Stok
                          Panos Kampanakis
                          Michael C. Richardson
                          Shahid Raza
	Filename        : draft-ietf-ace-coap-est-11.txt
	Pages           : 48
	Date            : 2019-05-17

Abstract:
   Enrollment over Secure Transport (EST) is used as a certificate
   provisioning protocol over HTTPS.  Low-resource devices often use the
   lightweight Constrained Application Protocol (CoAP) for message
   exchanges.  This document defines how to transport EST payloads over
   secure CoAP (EST-coaps), which allows constrained devices to use
   existing EST functionality for provisioning certificates.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-coap-est/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-ace-coap-est-11
https://datatracker.ietf.org/doc/html/draft-ietf-ace-coap-est-11

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-coap-est-11


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace