Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)

Dan Garcia Carrillo <garciadan@uniovi.es> Sat, 12 December 2020 17:37 UTC

Return-Path: <garciadan@uniovi.es>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEA0D3A1232; Sat, 12 Dec 2020 09:37:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=unioviedo.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y78cxsIZpt6s; Sat, 12 Dec 2020 09:36:58 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2084.outbound.protection.outlook.com [40.107.22.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C6ED3A0D3F; Sat, 12 Dec 2020 09:36:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V5Htx3BetrBIdL+ze9kQpzNhDkccFjEE4Y/1ikpELWug7KTIcbJmwKhyOqfzQKD/RXStMc789Ab0KZwCOiNn8+iAfiXr7/Lu3Sh9ymcX1V68NBKI4PiXz9A/xE0NPojTmkW0KQHPmVJmHU3OtDfksFBRy0yVXViAdu5BGu/ka/eaCur8u4veutJL4cGcJgBlvmlAWKEzTJFTDVz5+3/pk5dSZifGBbTEM9ORRCHKsT6rbtodsJ6889jS7Y/vL4jS9xGp5FRLL9MQ89vR8RLD4G6qBe8pLIVwaaRjrZdL/E7G3qMd3pRSgkw5m5jQSzK5gjpbqyN98GfEvzYqGi5TZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DvMb+P8VVPM+6YHiGWdMi4ZTT8I620GN/HDN//devZM=; b=WMigQAdtH8/gGa6dxe6HbY90lB42364nlrEbxzDemqD1lqIMmZ/76/shH1ECv4j0NO+DzuLfNFW66od91Y8iVVy+vk4wf+gCeeY2PqtGao6MSMLNuCYS5d3wl4YhocnExeIUfflIl1fB8xeML3o5QWv8nc3fBlukvPNAxRYoMdrgqUIHRbSuzJH5aGXaoev1ygeIdDovDzwJ/D3T8dS4LZ4/Wm5gvvtYjMnbaUWzrCLQj9yBMpKkZv58O08FtORvMZ2mLLbCwTQdW0VJrpo8mjmXXgbGvKG9mxyEaFk1uFrCBXxypfZKID7RDukbniQJKZ2hD6VzA2RCU99L/OmwQw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uniovi.es; dmarc=pass action=none header.from=uniovi.es; dkim=pass header.d=uniovi.es; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unioviedo.onmicrosoft.com; s=selector2-unioviedo-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DvMb+P8VVPM+6YHiGWdMi4ZTT8I620GN/HDN//devZM=; b=ExFS6CgVJZEm/aSfP/UmFTV8x5E798tBX/ROJ0m0Z7H/W/xhzaEgljzs7COoIfLfKh7bLZYzXUOPpIyS+RDVzdEzidXtgItwTyexUxE2H9MYcMegV+9g2Yt+vH6PbgCV7BDkjCF+LwCeRWfPnibpiwSOvvrCI6pYM/usrCaBIFY=
Authentication-Results: uniovi.es; dkim=none (message not signed) header.d=none;uniovi.es; dmarc=none action=none header.from=uniovi.es;
Received: from AM0PR08MB3940.eurprd08.prod.outlook.com (2603:10a6:208:124::19) by AM0PR08MB3748.eurprd08.prod.outlook.com (2603:10a6:208:fb::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.13; Sat, 12 Dec 2020 17:36:55 +0000
Received: from AM0PR08MB3940.eurprd08.prod.outlook.com ([fe80::9c65:30a3:58fe:e6dd]) by AM0PR08MB3940.eurprd08.prod.outlook.com ([fe80::9c65:30a3:58fe:e6dd%7]) with mapi id 15.20.3654.019; Sat, 12 Dec 2020 17:36:55 +0000
Cc: garciadan@uniovi.es
To: =?UTF-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>, Michael Richardson <mcr+ietf@sandelman.ca>, EMU WG <emu@ietf.org>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>, "ace@ietf.org" <ace@ietf.org>
References: <CADZyTkmnV_Dhb5iXzykUyEAskLDg7tj=80CbEBGmSyFQNS2FHw@mail.gmail.com> <HE1PR0702MB36740BAAFD7FDA2688564BF7F4E60@HE1PR0702MB3674.eurprd07.prod.outlook.com> <CADZyTkkpLRvqD5Vx704u=qbRvE82o4cKk3Ff2Y2ZXes_B+nRbA@mail.gmail.com> <CADZyTkkSGiUvXf0NoVUwj0Vjf7AQ=pjdEHyHZsDdE67OvfTepw@mail.gmail.com> <20201117234700.GR39170@kduck.mit.edu> <CADZyTknej3DUbbKbRxdfi0HqVR7G7qkAh5htu3w9yFjE09sOtg@mail.gmail.com> <b78c1176-ffa0-9ad5-847e-94e9134b4212@um.es> <DM6PR15MB2379308BD779061F6F46233EE3F20@DM6PR15MB2379.namprd15.prod.outlook.com> <CABONVQZRWa5gcN6Z1pfBKx=UVvOTvi1FjLSv0-T_UTUc3XGG5Q@mail.gmail.com> <HE1PR0702MB367429A9C8921A5252133523F4CE0@HE1PR0702MB3674.eurprd07.prod.outlook.com> <24523.1607378991@localhost> <3a4e4b59-3712-7eb9-23b2-8160ad14b6aa@um.es> <2923.1607540144@localhost> <62dad652-8acd-0890-36cd-f7aacde19de2@uniovi.es> <D1AA3C26-4376-409A-A87B-F0D05AD1BAD3@inria.fr> <1fdb134e-54a1-1937-fdd6-3d226c89aea7@uniovi.es> <6C717866-759B-4544-BA04-50D623CF9EFE@inria.fr>
From: Dan Garcia Carrillo <garciadan@uniovi.es>
Message-ID: <238e2b03-a9b3-918a-2a9b-fbb66b84ddbf@uniovi.es>
Date: Sat, 12 Dec 2020 18:36:53 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
In-Reply-To: <6C717866-759B-4544-BA04-50D623CF9EFE@inria.fr>
Content-Type: multipart/alternative; boundary="------------80C24DC785D13739DD6EBAE8"
Content-Language: es-ES
X-Originating-IP: [156.35.171.42]
X-ClientProxiedBy: MRXP264CA0030.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:14::18) To AM0PR08MB3940.eurprd08.prod.outlook.com (2603:10a6:208:124::19)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [156.35.171.42] (156.35.171.42) by MRXP264CA0030.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:14::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.17 via Frontend Transport; Sat, 12 Dec 2020 17:36:54 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 978b4392-f75d-419e-a253-08d89ec484cf
X-MS-TrafficTypeDiagnostic: AM0PR08MB3748:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <AM0PR08MB37482BFBB2C5F9B695B0609BB4C90@AM0PR08MB3748.eurprd08.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:1051;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: y0vzrle3ceEIdhRhHmJCFb/3ovkWZODo8qZQWHWWEysdmpoH5V3yIIS6iGp8DoUcruin1gvNzREem306KNN/lZwxVr3zmhBoHrztJGuZrbYjjRp6+HFPbPnivYUpOQ9PG95iy6zwVjS/1u/v7lfokars7VVDvTzxM8lVAS1i6p/JJQJpBxHELbKK7BxzcX5e9kq+l9+wpM+UHljNALItqBEEMzG0eEkZ8T4+nXjUtiY0gxUBAITWvh1u3eOWkoYsN2iGXB55/+J5duKApVgbN7yrv4GVPLVshBa9Mq+hsu5ndC/3IkO9X6gdv7N1KsxyZ7Fzj2QEdgDYfmxxuSURSW+5RK4anynb4c/3RRWZioLAxSmUA5STXyQMHLKeGu2C69BisqU3Y2eSbjdHC5eA0XwShey0mkXaXUldlmKDup+6KKKMTfDOr19EnCKBSpkI
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3940.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(39850400004)(366004)(376002)(346002)(136003)(396003)(83380400001)(2906002)(36756003)(786003)(956004)(478600001)(16526019)(186003)(8936002)(316002)(31686004)(26005)(86362001)(33964004)(2616005)(8676002)(31696002)(66476007)(107886003)(52116002)(4326008)(66574015)(6486002)(6706004)(66556008)(5660300002)(110136005)(66946007)(16576012)(3940600001)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?eXRQc1MwUk1CTlJKdWpVdkxIaHhzQVRqamhVU0ZWVWE3MG02UXVuRVBLVDdi?= =?utf-8?B?NGovR1VLLzdacHNwYUtrWjQyM29oRjZaK3prcXQwSXRjblBrbnFjalVKRnp5?= =?utf-8?B?UUE0NVZEQkhUUWdjVFlCRkFwNzdjUldROTVWMStPVFd6SG9uWmNwR2h2QkZK?= =?utf-8?B?MHZ1L0ZlRVJudHl5a0ZST0pxMU5kZVZJdWpsSmFjZThDOFdDdjBFb3k3OFpu?= =?utf-8?B?akt3OWhJMkpPR1Y5dndvL21UUGUrdjRpajVaN28wVVBvTk5mMXhCcXg3dWQy?= =?utf-8?B?S3I1QVNoWjIwYjZCcTFZdGVmb0J2cmlXV1JkQWJRUmpyWDZjSmNnaERrVllz?= =?utf-8?B?SGhwUlhnZFE0ZHpsaEpKUnloOUU1NDBiNEtsN0V6RXpPYkVIK2twZTNnbzNn?= =?utf-8?B?UW1kczNyaGFndTY2d1hKdHNCT2s3a3JJRFE1RE13bXowWjgvSlZqcmNRaDZj?= =?utf-8?B?dTN1Z2M0SWZYVndRQUhmWUJsczJMamJac2ExSjhPdExVZ2c4NFRJd2xFQXAw?= =?utf-8?B?dHh5aDlCd1VmNlh0Sm9hcGdTeUxMaTcya2hyT1czRU1mUFgyS1pHeGxZUmsx?= =?utf-8?B?eGRlYlJaZ0FseDZvSTBQZnRjQWdqRTlvdjJnR2Vua1FWaXREN29ER216cktw?= =?utf-8?B?REgwdEVQYml4VGJ6WUdkRzZqdkRLOUp5bkNxdHh2clBxV0Uvbk9IdHQ4bHcy?= =?utf-8?B?NWREdWpJb1FlUGFJTzhSQjJxZFRtUzk3MWlLdHZQYUoybUpXMXZKL3drWGFt?= =?utf-8?B?SE4za2MxSVlicXVEU2JJdFFMZXRpWURuclFGMTg3ZGZwU2YwMEtPd3lSallP?= =?utf-8?B?SjQxd1lWc0k2OHpuSFR5eVRVYjF3TGZkUjFzeDRteWFMK3JuOGZBNmpPMHcv?= =?utf-8?B?VlNzQmFhaGZhMU5xSDhMcXduTUNYbEx5UlhMc3NWeFpwa1phSWRtZkszV1h3?= =?utf-8?B?NTlkbGlVcTE1Y29zb3o3TGtHVEtGTHZaY3oyOWF6NDU5dklCSUx4cEN0UEdB?= =?utf-8?B?cE5KMi9QR3JPeG5pbnNBN0ZTYTgrY2Q4NDdBd2tnSS9WWjFHcG5rMituSnpX?= =?utf-8?B?eDc4TVBvNTVQMmlTWURublRWZFdKQXJzUVhrTGV5Uk1PcnArUG9mdzhuVloz?= =?utf-8?B?cHkrSVZVbFkxMnY1eVZqbmFhUDlKaEVBeVhGb0owYWVIZkp6SWp3L1VSRnEy?= =?utf-8?B?WU5QeUNtQjBteFBVM3FZQTBGaHhsK1VDT1ZDVWVlV0hsck1pdXcwb3p3K05i?= =?utf-8?B?UWFmZnY2aGxEM1RLTzVpRTRnQ1djMk4zOHBjNU9wVXVDREVyaUNxMGprc0w3?= =?utf-8?Q?j+6rJLcRGVjKGQQsIUI565YjbUijulJx0k?=
X-OriginatorOrg: uniovi.es
X-MS-Exchange-CrossTenant-AuthSource: AM0PR08MB3940.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2020 17:36:55.0854 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 05ea74a3-92c5-4c31-978a-925c3c799cd0
X-MS-Exchange-CrossTenant-Network-Message-Id: 978b4392-f75d-419e-a253-08d89ec484cf
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: rBPVj4C4rTBXUm+BUCNf4AhPux/i5ndUh+rdTJSrXBxb1Gt8qjHaP0J8WEkXt+/e5KFOc+zEBn7g8tPzqg4gAw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3748
X-MS-Exchange-CrossPremises-AuthSource: AM0PR08MB3940.eurprd08.prod.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 06
X-MS-Exchange-CrossPremises-Mapi-Admin-Submission:
X-MS-Exchange-CrossPremises-MessageSource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 156.35.171.42
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: AM0PR08MB3748.eurprd08.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/4tbc2TQGmFBhY76ykTJKEFu3zes>
Subject: Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2020 17:37:03 -0000

Hi Mališa,


El 11/12/2020 a las 19:45, Mališa Vučinić escribió:
>
> Hi Dan,
>
> Thanks for the clarification regarding minimal-security. The points 
> that you mention below, e.g. flexible authentication or the fresh 
> generation of the PSK, were never in the design scope of our work.
>
> While I fail to understand what exactly do you plan on using 
> EAP-over-CoAP for, I do not object on this work being done in ACE if 
> you are willing to spend cycles on it. I do have reservations on the 
> lightweight aspect of this, however, considering that the sequence 
> diagram that you depict in Fig. 2 in draft-marin-ace-wg-coap-eap-06 
> spans 3 pages and consumes 2 round trips just to get things started! 
> Surely, we can do better?
>
Yes, we will submit an updated version of the draft.

Best Regards,

Dan

> Mališa
>
> *From: *Dan Garcia Carrillo <garciadan@uniovi.es>
> *Date: *Friday 11 December 2020 at 18:41
> *To: *Mališa Vučinić <malisa.vucinic@inria.fr>fr>, Michael Richardson 
> <mcr+ietf@sandelman.ca>ca>, EMU WG <emu@ietf.org>rg>, "core@ietf.org WG 
> (core@ietf.org)" <core@ietf.org>rg>, "ace@ietf.org" <ace@ietf.org>
> *Cc: *<garciadan@uniovi.es>
> *Subject: *Re: [core] [Ace] Proposed charter for ACE (EAP over CoAP?)
>
> Hi Mališa,
>
> My intention was not to turn this conversation into a criticism of 
> your work. “deficiencies” was not the most appropriate word.
>
> What we had in mind was a way of providing authentication  to the 
> variety of IoT devices with different capabilities, limitations or 
> different types of supported credentials. A way of doing that is to 
> provide different authentication methods. Since in IoT there are 
> different technologies we looked for a link-layer independent 
> solution. Additionally, since some technologies are very constrained, 
> we needed a very constrained protocol to carry out the process.
>
> EAP provides flexible authentication, and it has EAP Key Management 
> Framework which is well specified and working for many years, from 
> which you can generate generate a fresh pre-shared key (MSK) 
> dynamically. This is even possible if you do not want to interact with 
> AAA infrastructures running EAP in standalone mode.  Having said this, 
> another thing that we looked into was to give support to large scale 
> deployments. We can ease this process with EAP and its interaction 
> with a AAA infrastructure, which gains relevance in Industrial IoT and 
> 5G.
>
> All these characteristics can be provided by the use of EAP, if we of 
> course have a lightweight EAP lower layer to transport EAP from the 
> IoT device. Then we considered the usage of CoAP as EAP lower-layer.
>
> In this sense, we saw minimal security did not fit our view (no 
> potential interaction with AAA , flexible authentication, fresh 
> generation of PSK).  In fact,  the provisioning of the PSK was out of 
> scope.
>
> At some level, we could even consider the work complementary. EAP over 
> CoAP could be a way of providing the PSK for the work of minimal 
> security.
>
>
> Best Regards,
> Dan.
>
> El 10/12/2020 a las 18:43, Mališa Vučinić escribió:
>
>     Hi Dan,
>
>     Could you be more specific on the point below, what deficiencies
>     do you have in mind?
>
>     Mališa
>
>     *From: *core <core-bounces@ietf.org>
>     <mailto:core-bounces@ietf.org> on behalf of Dan Garcia
>     <garciadan@uniovi.es> <mailto:garciadan@uniovi.es>
>     *Date: *Thursday 10 December 2020 at 10:06
>     *To: *Michael Richardson <mcr+ietf@sandelman.ca>
>     <mailto:mcr+ietf@sandelman.ca>, EMU WG <emu@ietf.org>
>     <mailto:emu@ietf.org>, "core@ietf.org WG (core@ietf.org)"
>     <mailto:core@ietf.orgWG(core@ietf.org)> <core@ietf.org>
>     <mailto:core@ietf.org>, "ace@ietf.org" <mailto:ace@ietf.org>
>     <ace@ietf.org> <mailto:ace@ietf.org>
>     *Subject: *Re: [core] [Ace] Proposed charter for ACE (EAP over CoAP?)
>
>     As you comment , draft-ietf-6tisch-minimal-security - offers
>     minimal security and has several deficiencies that can be solved
>     by using EAP and AAA infrastructures.
>
> -->
>