Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)

Dan Garcia <dan.garcia@um.es> Wed, 09 December 2020 11:46 UTC

Return-Path: <dan.garcia@um.es>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 610683A0658; Wed, 9 Dec 2020 03:46:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=um.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YidiCvJBEEhX; Wed, 9 Dec 2020 03:46:16 -0800 (PST)
Received: from mx02.puc.rediris.es (outbound4sev.lav.puc.rediris.es [130.206.19.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3BCE3A074B; Wed, 9 Dec 2020 03:46:02 -0800 (PST)
Received: from xenon42.um.es (xenon42.um.es [155.54.212.169]) by mx02.puc.rediris.es with ESMTP id 0B9Bjxm6013240-0B9Bjxm7013240; Wed, 9 Dec 2020 12:45:59 +0100
Received: from localhost (localhost [127.0.0.1]) by xenon42.um.es (Postfix) with ESMTP id 6A55720076; Wed, 9 Dec 2020 12:45:59 +0100 (CET)
X-Virus-Scanned: by antispam in UMU at xenon42.um.es
Received: from xenon42.um.es ([127.0.0.1]) by localhost (xenon42.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id oo1HUmQ_W-tB; Wed, 9 Dec 2020 12:45:59 +0100 (CET)
Received: from [156.35.171.42] (unknown [156.35.171.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: dan.garcia@um.es) by xenon42.um.es (Postfix) with ESMTPSA id C846720A7D; Wed, 9 Dec 2020 12:45:57 +0100 (CET)
To: Michael Richardson <mcr@sandelman.ca>, EMU WG <emu@ietf.org>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>, "ace@ietf.org" <ace@ietf.org>
References: <CADZyTkmnV_Dhb5iXzykUyEAskLDg7tj=80CbEBGmSyFQNS2FHw@mail.gmail.com> <HE1PR0702MB36740BAAFD7FDA2688564BF7F4E60@HE1PR0702MB3674.eurprd07.prod.outlook.com> <CADZyTkkpLRvqD5Vx704u=qbRvE82o4cKk3Ff2Y2ZXes_B+nRbA@mail.gmail.com> <CADZyTkkSGiUvXf0NoVUwj0Vjf7AQ=pjdEHyHZsDdE67OvfTepw@mail.gmail.com> <20201117234700.GR39170@kduck.mit.edu> <CADZyTknej3DUbbKbRxdfi0HqVR7G7qkAh5htu3w9yFjE09sOtg@mail.gmail.com> <b78c1176-ffa0-9ad5-847e-94e9134b4212@um.es> <DM6PR15MB2379308BD779061F6F46233EE3F20@DM6PR15MB2379.namprd15.prod.outlook.com> <CABONVQZRWa5gcN6Z1pfBKx=UVvOTvi1FjLSv0-T_UTUc3XGG5Q@mail.gmail.com> <HE1PR0702MB367429A9C8921A5252133523F4CE0@HE1PR0702MB3674.eurprd07.prod.outlook.com> <24523.1607378991@localhost>
From: Dan Garcia <dan.garcia@um.es>
Message-ID: <3a4e4b59-3712-7eb9-23b2-8160ad14b6aa@um.es>
Date: Wed, 9 Dec 2020 12:45:56 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <24523.1607378991@localhost>
Content-Type: multipart/alternative; boundary="------------90636A2252E88A18749BC547"
Content-Language: es-ES
X-FEAS-SPF: spf-result=pass, ip=155.54.212.169, helo=xenon42.um.es, mailFrom=dan.garcia@um.es
Authentication-Results: mx02.puc.rediris.es; spf=pass (rediris.es: domain of dan.garcia@um.es designates 155.54.212.169 as permitted sender) smtp.mailfrom=dan.garcia@um.es
X-FE-Policy-ID: 2:15:0:SYSTEM
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=um.es; s=DKIM; c=relaxed/relaxed; h=subject:to:references:from:message-id:date:mime-version:content-type; bh=tHpbdjHn76FBnGsB0vLS2A1+onJtTV7cLkabrBjyyT0=; b=IBubtEs1ioN8BqhEJRmDy/DWZMUrZ4cSlBswAQ8friuwxEx67hWgylwtpD5T+Ko+0ZvBIL+2HFCx ea/joAuPc2QqPQLdne52YiJ5AE2faD8T7sd8ccL+VgkLwU7D7VWWMjrhstXGJ2BmlAiVfAah/lXK v5kskklaf0eaVJ+QZdxkiTJ1iWX2b66fX3htE73ouXi6hc5/ziQqaj0wIa1jPmd1+JDYx3zXVQo4 YZi2ZSpUmYChReUUrMK4/gHKa4yRJ03/+HPuMy7nDQjzeCbTXENxFDDhcmYZaQodMswEeBMapVpQ OfLaauoKFeyoDnE0W5t8xN9cQYL2MHq7yfujkw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/2A37STgGoIstYyMcmXUhyh_cmDw>
Subject: Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2020 11:46:19 -0000

  Hi Michael,

EAP can be used in the context of IoT for authentication. To transport 
EAP from the IoT device we need a light EAP lower-layer. This would be 
CoAP. Morover, according to EAP key management framework, keys are 
exported to protect the link and the EAP lower-layer itself. So yes, 
OSCORE could be used for that kind of protection.

  Another aspect, it is that the use case we consider is the case where 
an IoT device is trying to access a security domain under the control of 
a “controller” that is connected to a backend AAA infrastructure, which 
acts as EAP authenticator.

  Best Regards.

El 07/12/2020 a las 23:09, Michael Richardson escribió:
> Could someone point to a use case for "EAP over CoAP" please?
> Is the goal to key an OSCORE context, or what?
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace