Re: [Ace] EST over CoAP in ACE wg

Shahid Raza <shahid@sics.se> Mon, 21 November 2016 19:07 UTC

Return-Path: <shahid@sics.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5170D129B70 for <ace@ietfa.amsl.com>; Mon, 21 Nov 2016 11:07:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sics.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gU8gAkzeRnTZ for <ace@ietfa.amsl.com>; Mon, 21 Nov 2016 11:07:11 -0800 (PST)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9C86129665 for <ace@ietf.org>; Mon, 21 Nov 2016 11:07:10 -0800 (PST)
Received: by mail-wm0-x22a.google.com with SMTP id g23so164649020wme.1 for <ace@ietf.org>; Mon, 21 Nov 2016 11:07:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sics.se; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=YodnX6ZU9wQX84UbTM7qj1u6wf2/MTKlFSscGjglcZg=; b=ZSYVsvOqVyWJUCqeSk2phc4vzoI1tVJgELoF9gidepIcr+pTppl+TejXTqk9/8mlkT jg6hWIOWEzRTYf+rFjRUZDCoBlpGrHzTU+7tD41hOKwD1zsKMYek9Zw7CNiYg+Vq7uGz JieLt55TbhMp+lzcqZYoiqe56JK+YyxdLksQIOdRhBikA1VXW+pqa/A//MAm5/RQfu9B qwGlj2mHs6ddJS7dJ9kIyTCNM8b9u+NUx/K/txTrdUq2bDhWGVVpy74iZqZWFswbibg8 PKVf3V+Dlnd53SWL8LCcZa31Ez6RHvayV5eBhPnfoZUx5bKmq+L0U9V+zJNbJ+ydFVJi Yleg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=YodnX6ZU9wQX84UbTM7qj1u6wf2/MTKlFSscGjglcZg=; b=KwGhebnXG3TXiBkSCNkor4SXW3GPiUhBcN7ZrYlmKCAL26Jty8kKn3XnREDja7CeRu l7A7w6IHtOtIN0TpsIC9P1fUavCubVRKAcuMWfmgczTm0W68fVf4C5uTD2p0R3UX5dQU HmHYpN2ZIye4zHeuOl5a+qamklvtilFR05ZqOB7z++L7jTMR27MZGeZx5PVLVQaHzp9r ixrNYUB8IYWIVc5lX110DELEDX3FI/GUqZZIlnRDnhwrFsuhPHnRb/Vv15j+qSYCf4RO u/7mWatdick2pR59wD7cQYo6W2EupQLzC92eSom9Btl+2t/4gLS4YDwe/Yv8TIu4UBSr IThg==
X-Gm-Message-State: AKaTC015ih6/KEfh5seyYZRo0Np+21rtomqdsdgUuv8mESCAmjsUMRwbZs0KUyZz8rG2r40h
X-Received: by 10.25.32.195 with SMTP id g186mr3664727lfg.157.1479755229367; Mon, 21 Nov 2016 11:07:09 -0800 (PST)
Received: from [10.0.1.5] ([92.244.13.72]) by smtp.gmail.com with ESMTPSA id u12sm5555290lja.4.2016.11.21.11.06.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 21 Nov 2016 11:06:57 -0800 (PST)
From: Shahid Raza <shahid@sics.se>
Message-Id: <2066854B-4AC9-4EDA-B03E-855EA5135545@sics.se>
Content-Type: multipart/alternative; boundary="Apple-Mail=_71DDE6F6-7337-44FE-AACE-E68B242AD437"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Date: Mon, 21 Nov 2016 20:06:54 +0100
In-Reply-To: <CAF2hCbZ20qp91wVyMCSsXu-HMD5dzPhq5KKJkO+SVBrTK09qbQ@mail.gmail.com>
To: Samuel Erdtman <samuel@erdtman.se>
References: <6525c5f0b6e040b683ccd9c43b1c5e2f@VI1PR9003MB0237.MGDPHG.emi.philips.com> <CAF2hCbZ20qp91wVyMCSsXu-HMD5dzPhq5KKJkO+SVBrTK09qbQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/4ze5S9KMVDlrZlcFLgoMjPmewgI>
Cc: "Panos Kampanakis \(pkampana\)" <pkampana@cisco.com>, "Kumar, Sandeep" <sandeep.kumar@philips.com>, "consultancy@vanderstok.org" <consultancy@vanderstok.org>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Ace] EST over CoAP in ACE wg
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 19:07:14 -0000

Hi,

Thanks for the initiative Sandeep. I fully support this. 
As Samuel mentioned, SICS has been working with neXus on this solution for more than a year now. We would be glad to bring in our experience and would be happy to share our Contiki side and the SICSthSense side (sense.sics.se <http://sense.sics.se/>) implementations. 

Regards,
Shahid


> On 21 Nov 2016, at 17:30, Samuel Erdtman <samuel@erdtman.se> wrote:
> 
> Hi All,
> 
> To run EST over DTLS and CoAP to address more constrained devices is not new to me, this was part of conversations that neXus (my previous employer) and SICS had about one and a half year ago.
> 
> I would support this work. I think certificates makes sense for ACE because of the connection to existing security infrastructure.
> 
> At neXus we did SCEP and CMP enrollment but when moving to more constrained devices it would make sense to move to use EST over CoAP and DTLS. 
> In addition to being quite simple compared to SCEP and CMP, EST also support server side generated keys which could be a benefit for constrained devices. Not because the devices could not generate the key but in some case keys needs to be generated in trusted and certified hardware (FIPS, CC etc.) to "know" that keys are of good quality.
> 
> //Samuel
> 
> 
> 
> 
> 
> 
> On Mon, Nov 21, 2016 at 3:00 PM, Kumar, Sandeep <sandeep.kumar@philips.com <mailto:sandeep.kumar@philips.com>> wrote:
> Dear ACE members
> 
>  
> 
> Peter van Stok gave a short overview during the ACE f2f meeting on the work related to EST (RFC 7030) over DTLS secured CoAP (draft-vanderstok-core-coap-est-00 <https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00>). In the meeting there was general interest among the audience for the work and ACE as the preferred WG for this item. There are additional drafts and work on the same topic like the draft-pritikin-coap-bootstrap-01 <https://tools.ietf.org/html/draft-pritikin-coap-bootstrap-01> and the email from Shahid https://www.ietf.org/mail-archive/web/ace/current/msg02029.html <https://www.ietf.org/mail-archive/web/ace/current/msg02029.html>
> The idea is to merge these into a single draft (already discussed among us).
> 
>  
> 
> We would like to get feedback on the mailing list if indeed ACE would be a right place to continue this work as was perceived during the f2f meeting. Please respond if you support (or not) the activity going forward in ACE wg.
> 
>  
> 
> Kind Regards
> 
> Sandeep
> 
>  
> 
>  
> 
> 
> The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
> 
> _______________________________________________
> Ace mailing list
> Ace@ietf.org <mailto:Ace@ietf.org>
> https://www.ietf.org/mailman/listinfo/ace <https://www.ietf.org/mailman/listinfo/ace>
> 
>