Re: [Ace] call for adoption for draft-marin-ace-wg-coap-eap

Michael Richardson <mcr@sandelman.ca> Fri, 22 January 2021 16:38 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 407AB3A1360 for <ace@ietfa.amsl.com>; Fri, 22 Jan 2021 08:38:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZSlq6AVT_mbL for <ace@ietfa.amsl.com>; Fri, 22 Jan 2021 08:38:06 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4CC03A1362 for <ace@ietf.org>; Fri, 22 Jan 2021 08:38:06 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id A932038A06; Fri, 22 Jan 2021 11:40:11 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id V7ym_ZjETsgy; Fri, 22 Jan 2021 11:40:11 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3F7D038A05; Fri, 22 Jan 2021 11:40:11 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 6D793136; Fri, 22 Jan 2021 11:38:04 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: Mohit Sethi M <mohit.m.sethi@ericsson.com>, Ace Wg <ace@ietf.org>
In-Reply-To: <919f10b3-7ec5-1575-1893-41e4d4cc25b8@ericsson.com>
References: <CADZyTkkiqC=x_oAYsc_jHHeiNWhjvXHHvOKEeF=9W3si8Dp3pw@mail.gmail.com> <25210.1611242790@localhost> <919f10b3-7ec5-1575-1893-41e4d4cc25b8@ericsson.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Fri, 22 Jan 2021 11:38:04 -0500
Message-ID: <29623.1611333484@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/E7IjsKvmHMfxB5rQL0yV3WIfnkk>
Subject: Re: [Ace] call for adoption for draft-marin-ace-wg-coap-eap
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 16:38:09 -0000

Mohit Sethi M <mohit.m.sethi@ericsson.com> wrote:
    > Is your concern only in the context of IoT or do you think in general
    > we are better off using protocols directly without the EAP framework
    > overhead?

EAP is designed to be used within a protocol, to interact with AAA
infrastructure.   Use within 802.1X, and IKEv2 has been great.
The purpose of which is to authenticate a relationship, and provide keying material.

This document claims to be useful between two peers, then goes on to
acknowledge that there are more entities involved.

1) If we aren't talking about IoT, why would we be talking about CoAP?

2) I haven't seen a use case for this yet.

3) If you are trying to produce keying material for OSCORE, and EDHOC is not
   to your liking, and you want *TLS* involved, then just use DTLS or ATLAS or cTLS.
   You can run your favourite EAP methods within TLS if you want to.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [