Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)
Dan Garcia <garciadan@uniovi.es> Wed, 13 January 2021 20:21 UTC
Return-Path: <garciadan@uniovi.es>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10C9E3A1332 for <ace@ietfa.amsl.com>; Wed, 13 Jan 2021 12:21:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.162
X-Spam-Level:
X-Spam-Status: No, score=-2.162 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.262, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=unioviedo.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r_p322WfcGQR for <ace@ietfa.amsl.com>; Wed, 13 Jan 2021 12:21:40 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60057.outbound.protection.outlook.com [40.107.6.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1030A3A1331 for <ace@ietf.org>; Wed, 13 Jan 2021 12:21:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X9Ascl2sG1COT3pbGDSJuTRgTe5oAHolVSy9QBPN8aEZBfMTjTGGOqAatyIEwmFG2MfSJs7j2e/0goeZP3UdQksB3AgBsHFRwKMj90S64YBqZeJR5uPbVaYLOxwAZcH3NQne5XOkUf/tyqYpNxRtryyOSWualNq+6c6pN/Mnj1EjcLPgLhLBHHCC9g2TOSfy79Yb8XvH4OzMeD3XvBb6Pm8o8TAiWOUR/PRkVFv0y1moZ8zgN+bHSR/QwLVdnbARfpL+G/S8DY5RHtnAeOT2sKiCE7LYtw5sV8D+nrogdNGf+lMzp1pN1bX/UiAhB0QKHasE3LZJtAdSvxEPNdvtvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y6QmTIEus6Y2gbdgnGTcIUTjAvx8PSj0eqGSFMmMDcs=; b=GHO93Rusr6WmSGM4tYR3HreU6IM8Ki6ti2mOHFISSoxeQbaNXboBrVMiyKUMoL5RyWLUQw57ZNDZacKpxVENq3E5EbuJFm/FGQ7o9eHy/k+u+yqZ4kbfrbFirwUSd6IbLHD104eTJJeJwwjhtf+svrl+uuSyLQdtcIAGXZcBJw07+DvCnxu2s9fl21tQ9VOILi6Hfgugn/rGqfhGLdtnEm6tq17Xoy9VzG9P14HIRG3y/BNhguweKoc7muWgpFrib31IZjRoWmXUh0EgkDc6ylwZe+KrbjpHK7VvoppK9eRedjg41PkTCZO4LqWmucoRr3OPKIwvoX239dRVv94Qtw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uniovi.es; dmarc=pass action=none header.from=uniovi.es; dkim=pass header.d=uniovi.es; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unioviedo.onmicrosoft.com; s=selector2-unioviedo-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y6QmTIEus6Y2gbdgnGTcIUTjAvx8PSj0eqGSFMmMDcs=; b=Wh5yDK/wlgNZ4PkqPXx90hj6UO1dDgwvO8+6xB1OQHhOwQDVQttHM7tBR/7+D/9PHsrtPAsG2o/CCmB/DiQk8xdyynGwkCOvnLPFkZX+Aguh7JSo1Sfg1U8TBEKYvsxoXgX0EE6ZbtA71yRRlqZgtQ4p5o8td6yyCHqYfPcw2rc=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=uniovi.es;
Received: from DBBPR08MB6202.eurprd08.prod.outlook.com (2603:10a6:10:209::9) by DB6PR0802MB2421.eurprd08.prod.outlook.com (2603:10a6:4:a2::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6; Wed, 13 Jan 2021 20:21:35 +0000
Received: from DBBPR08MB6202.eurprd08.prod.outlook.com ([fe80::a4a6:c1c:21bb:cdea]) by DBBPR08MB6202.eurprd08.prod.outlook.com ([fe80::a4a6:c1c:21bb:cdea%7]) with mapi id 15.20.3763.010; Wed, 13 Jan 2021 20:21:35 +0000
Cc: garciadan@uniovi.es, "ace@ietf.org" <ace@ietf.org>
To: Benjamin Kaduk <kaduk@mit.edu>
References: <CABONVQZRWa5gcN6Z1pfBKx=UVvOTvi1FjLSv0-T_UTUc3XGG5Q@mail.gmail.com> <HE1PR0702MB367429A9C8921A5252133523F4CE0@HE1PR0702MB3674.eurprd07.prod.outlook.com> <24523.1607378991@localhost> <3a4e4b59-3712-7eb9-23b2-8160ad14b6aa@um.es> <2923.1607540144@localhost> <62dad652-8acd-0890-36cd-f7aacde19de2@uniovi.es> <D1AA3C26-4376-409A-A87B-F0D05AD1BAD3@inria.fr> <1fdb134e-54a1-1937-fdd6-3d226c89aea7@uniovi.es> <6C717866-759B-4544-BA04-50D623CF9EFE@inria.fr> <238e2b03-a9b3-918a-2a9b-fbb66b84ddbf@uniovi.es> <20210112190516.GR161@kduck.mit.edu>
From: Dan Garcia <garciadan@uniovi.es>
Message-ID: <7b437403-cc46-3082-7b19-65fcd8300373@uniovi.es>
Date: Wed, 13 Jan 2021 21:21:32 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:78.0) Gecko/20100101 Thunderbird/78.6.1
In-Reply-To: <20210112190516.GR161@kduck.mit.edu>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Originating-IP: [62.175.19.60]
X-ClientProxiedBy: MRXP264CA0004.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:15::16) To DBBPR08MB6202.eurprd08.prod.outlook.com (2603:10a6:10:209::9)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from MacBook-Pro-de-Dan.local (62.175.19.60) by MRXP264CA0004.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:15::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.8 via Frontend Transport; Wed, 13 Jan 2021 20:21:34 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6fc42229-4b65-455a-8a53-08d8b800d31a
X-MS-TrafficTypeDiagnostic: DB6PR0802MB2421:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <DB6PR0802MB2421AEE223FEAD30350426ACB4A90@DB6PR0802MB2421.eurprd08.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: nStTG8bcq9ofTWsDQ/vG/LWjhYhzmewCdijmRBvWdkFm+8hL2bDmWkAzM0N9yydHiGcejeypmfa5nFVe5Hcr9QTup2HkZwav+hyPTK4KfXZcvcZaMMotEEzdjKnK1PxiUIRMOylObwGFrbk79h3xG09qkXCcWkwA6lURBwfhdXCx7Dd990lYvBgPiUb2aWLZfuoGaHBiwEgD2Krre1VEzd7gJDd7jLNmGBd1LQOpK2jt+OwvNxgpHavFvhafUCyl4aj/OIzwnoELVLEiV0itMUBe6UErYk9toZLM7lDWITqB4LLxGH+PwJOppBqPRGsZlwwsP5z1XLsdNGm2ksCyx1FjUBzGr1zyiTThq+tUUtWv7yUp1/ANNm2HCxZXOd9Ge1N1tLOLrEelYkKjwT+89mXDXtFStVwNYc17baKFzjOBe2/RPEe/YqbrDencBZ6qcrgAlvj6Wr6VtRml0IzWaBR85NbSmhMwJ7txKFJNsT+nvvsP4o3AAzjHNHVkPIPi7Xv3QzWano2JUF8zvljBmnBfma4F1qv+1Oyt/T0tEDg1kGK5eOQr3OPhIrEL1z+0
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB6202.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(396003)(346002)(39860400002)(366004)(376002)(6486002)(956004)(6916009)(83380400001)(86362001)(786003)(2616005)(8936002)(316002)(478600001)(31686004)(66574015)(31696002)(5660300002)(8676002)(66556008)(16526019)(66476007)(186003)(6512007)(36756003)(2906002)(26005)(66946007)(52116002)(4326008)(6506007)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: Po9h/4et9z4yGF5WdZw6uzReH/MIz8WIFaaP3T299fIFYWWkNWMkmvixaQmYpogBJhGDh2R4D3dZTqcjvPPUU5RHWhR3pd8ZbXAa8yHyZttAeuzzlaqmzWaOhbmQxrCuHsdVCMDtQNSiCBVNFj9mz3UjozPd62nlOAGiHaEa+XXsxu/bxaerp6ivVDcexXHTgDmIxRQIG9/vcH5OCKxqcC+6oRhhYiMJxc3pxAniTue60yxX1BjZ+ObB+3kFTbM4++RsHSoK45ySLaBeijfvlMmAtCRombKvAkTM6Vp7CNOFac5KKhCQE/+iln/I3XtthgZj7BOnHILaYWhV+GLhNRVDNIZ7wP2xAJ1gaN+saT2y+U02CSZVurPJKCz4cSG3SgXRdfkqRXRMmRvg3QBFqLoM/gf6JQteEoEayHRvCovpShrrAK2N3TR03x9Jvo/j6MkoY5PPWBKqmUtb09lztF9z3iTph97qD1+jtwEDiLUNUAyPjHEqoDX8n9wLVijeoJxShbWoE6KolFh0dXM3bm/4/3oeAzEZAUSyuVjAggo9P9GA+JKgtgSCcjS60j7cQww+hOJNl1SQD2/PjWLsl92LdNpnr22zOTcvYsCcvdhNsmaPVsJvlPjDON5n9LNNoBXZ3rVOSP7azmrKgkAIIq+MRrVuBmc09cDfgNwPwGyfbcJce7y8bE5N9hSXiBS655AjOQLZIxEGN9nx54qBs+6bEr5/+3Z4kJ+9NylPsKRqnX34tgfSnVhjvVtG91U4o4ZWptM8tTGtN8O5blpG1spn38DfB19mFWbagsZ6a3NjC5pNDsDYcH3G++eISlOSEkKT6h5oxRpiBvMPAxNf5WFIavuelpnY3wMEt0jidKFctVhNQA3J16AXciZP1Kgsu4MeEIP5MB7FOMcSpSeZ/WMeipDvDWCYqHRpyz5+nhqpscsHO7CQI6gq0QzUnT5UUUUq3Dh0aJ2B7szZhfHw/0vZE31gnEqmhSWASZTbtc8=
X-OriginatorOrg: uniovi.es
X-MS-Exchange-CrossTenant-AuthSource: DBBPR08MB6202.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2021 20:21:35.0593 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 05ea74a3-92c5-4c31-978a-925c3c799cd0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6fc42229-4b65-455a-8a53-08d8b800d31a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 3b7mYU/BDG9TGlcPEWTApV5+vTJSA+yKa/luHR6LydRrOr9xD4fxUcnafs5q1mMmBtUI5p+gkcdv7Zq8LSEhvA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2421
X-MS-Exchange-CrossPremises-AuthSource: DBBPR08MB6202.eurprd08.prod.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 06
X-MS-Exchange-CrossPremises-Mapi-Admin-Submission:
X-MS-Exchange-CrossPremises-MessageSource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 62.175.19.60
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: DB6PR0802MB2421.eurprd08.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/4i0EJn4XdvZ_WT-3LGIGdN6zgiE>
Subject: Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2021 20:21:42 -0000
Hi Benjamin, Thank you for your suggestion. Your comment is relevant. In fact, we wrote some time ago an article regarding our initial design, and we perform a comparison with other network layer based EAP lower-layer (https://www.mdpi.com/1424-8220/16/3/358) We compared focusing EAP lower-layer (alone) and taking into account EAP. On the one hand, at EAP lower-layer level, the usage of CoAP gives us an important benefits. On the other hand, when taking into account the EAP method overload, this reduction is less but still significant if the EAP method is lightweight (we used EAP-PSK as a representative example of a lightweight EAP method). As you suggest, if the EAP method is very taxing (as the case you mentioned) the improvement carried out in the EAP lower-layer is less significant. This leads to the conclusion that possible next steps in this field could be also improving or designing new EAP methods that can be better adapted to the requirements of constrained devices and networks. However, we cannot ignore the impact of the EAP lower-layer itself and try to propose something light as we do proposing CoAP. We consider that may be others EAP methods such as EAP-AKA or new lightweight EAP methods such as EAP-EDHOC (https://tools.ietf.org/html/draft-ingles-eap-edhoc-01) that can benefit from a CoAP-based EAP lower-layer, as well as new ones that may be proposed in the future with IoT constraints in mind. Best Regards, Dan. El 12/1/21 a las 20:05, Benjamin Kaduk escribió: > Hi Dan, > > Sorry to reply to such an old message... > > On Sat, Dec 12, 2020 at 06:36:53PM +0100, Dan Garcia Carrillo wrote: >> Hi Mališa, >> >> >> El 11/12/2020 a las 19:45, Mališa Vučinić escribió: >>> Hi Dan, >>> >>> Thanks for the clarification regarding minimal-security. The points >>> that you mention below, e.g. flexible authentication or the fresh >>> generation of the PSK, were never in the design scope of our work. >>> >>> While I fail to understand what exactly do you plan on using >>> EAP-over-CoAP for, I do not object on this work being done in ACE if >>> you are willing to spend cycles on it. I do have reservations on the >>> lightweight aspect of this, however, considering that the sequence >>> diagram that you depict in Fig. 2 in draft-marin-ace-wg-coap-eap-06 >>> spans 3 pages and consumes 2 round trips just to get things started! >>> Surely, we can do better? >>> >> Yes, we will submit an updated version of the draft. > When you do, I suggest putting in some discussion of the relative > size/overhead for CoAP as EAP lower-layer vs the EAP payloads themselves. > I note that the IESG recently approved draft-ietf-emu-eaptlscert that > discusses some pathological cases with TLS-based EAP methods and very large > certificate chains. While I assume that you're not planning to do > EAP-over-CoAP with such long TLS certificate chains, giving reviewers a > sense for how big of an improvement this mechanism can be will presumably > be helpful. > > Thanks, > > Ben
- [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Göran Selander
- Re: [Ace] Charter discussion Michael Richardson
- Re: [Ace] Charter discussion Göran Selander
- Re: [Ace] Charter discussion Panos Kampanakis (pkampana)
- Re: [Ace] Charter discussion Brockhaus, Hendrik
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Göran Selander
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Benjamin Kaduk
- [Ace] Proposed charter for ACE Daniel Migault
- [Ace] Proposed charter for ACE (EAP over CoAP?) Dan Garcia
- Re: [Ace] Proposed charter for ACE (EAP over CoAP… Daniel Migault
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Laurent Toutain
- Re: [Ace] [Emu] Proposed charter for ACE (EAP ove… Mohit Sethi M
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Göran Selander
- Re: [Ace] Charter discussion Olaf Bergmann
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Brockhaus, Hendrik
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Michael Richardson
- Re: [Ace] Charter discussion Brockhaus, Hendrik
- Re: [Ace] [Emu] [core] Proposed charter for ACE (… Dan Garcia
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Alexander Pelov
- Re: [Ace] Proposed charter for ACE (EAP over CoAP… Christian Amsüss
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Carsten Bormann
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Michael Richardson
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia
- Re: [Ace] Proposed charter for ACE (EAP over CoAP… Georgios PAPADOPOULOS
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Mališa Vučinić
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia Carrillo
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Mališa Vučinić
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia Carrillo
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Benjamin Kaduk
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia