Re: [Ace] Questions for the IETF#90 Meeting
Ralph Droms <rdroms.ietf@gmail.com> Wed, 09 July 2014 11:22 UTC
Return-Path: <rdroms.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE9231A03F7 for <ace@ietfa.amsl.com>; Wed, 9 Jul 2014 04:22:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DsySCFuHF_pH for <ace@ietfa.amsl.com>; Wed, 9 Jul 2014 04:22:25 -0700 (PDT)
Received: from mail-qc0-x22f.google.com (mail-qc0-x22f.google.com [IPv6:2607:f8b0:400d:c01::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ED821A03F5 for <ace@ietf.org>; Wed, 9 Jul 2014 04:22:25 -0700 (PDT)
Received: by mail-qc0-f175.google.com with SMTP id i8so6508968qcq.6 for <ace@ietf.org>; Wed, 09 Jul 2014 04:22:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=QEuZ0pnD60A4g4iDjhzl4g3DcLBA517WOP57U8Vy5wA=; b=gPR2UkGRVI0DxOk+dYA8N4OXiOaDd0L5nv/xaZALa/HX0obb4e3Llbf7KzpwO2yFjI SliYuzd739O/TBHjH3YSZWFkFI+qr0W3xgW0Ixd1uNtaATMf/q3aMm4aSrIiaPRF6upM 7vvpCNqA8urEf4TYne45hYb/4Ukaz4LKg4y+imWN7ANhPJQVyR9BCEO6B3zpxyn0+QUb Lz+JHqDZFtQg3YXC4sE59EjJMb5Rwuf4z8se7hxlb3EKW5IwG2FciLXW+7mpnxB4u2uf vChTCeksS03VCyM3gP/eaw0NKak6/FGuWSRny53ujtGvPSbWwli3Ph0DCqSjo68DS5Q2 I5JA==
X-Received: by 10.224.137.9 with SMTP id u9mr71161002qat.24.1404904944397; Wed, 09 Jul 2014 04:22:24 -0700 (PDT)
Received: from ?IPv6:2601:6:6780:19e:f053:14bb:710c:20fe? ([2601:6:6780:19e:f053:14bb:710c:20fe]) by mx.google.com with ESMTPSA id y79sm31863243qgy.18.2014.07.09.04.22.22 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 09 Jul 2014 04:22:23 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Ralph Droms <rdroms.ietf@gmail.com>
X-Mailer: iPad Mail (11D201)
In-Reply-To: <D7E5703D-792F-447E-9B23-0F676861902F@nymbus.net>
Date: Wed, 09 Jul 2014 07:22:22 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <C7A72F49-192D-4476-95A4-D4870F2D84B9@gmail.com>
References: <53BCF608.5010606@gmx.net> <D7E5703D-792F-447E-9B23-0F676861902F@nymbus.net>
To: Paul Lambert <paul@nymbus.net>
Archived-At: http://mailarchive.ietf.org/arch/msg/ace/G8As_8RrI8hcyeyJaVrk4eTQjZU
Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Ace] Questions for the IETF#90 Meeting
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2014 11:22:27 -0000
> On Jul 9, 2014, at 4:29 AM, Paul Lambert <paul@nymbus.net> wrote: > > >> On Jul 9, 2014, at 12:58 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: >> >> To me there appear to be four questions for the group: >> >> 1) Are there requirements/use cases that allow anything other than the >> OAuth/Kerberos design pattern? > Allow? Any square peg (Kerberos) could be allowed to fill a round hole > with a large enough hammer. > > I have requirements for P2P consumer connections that will not > initially have any Internet connectivity. Direct enrollment and > management of headless consumer devices is important > and especially during bootstrapping from out-of-box does not > fit well into OAuth/Kerberos > >> >> Partially the answer should come from the use case document. >> >> 2) Should the design re-use existing work or should the design start >> from scratch? > Scratch. > >> >> This is more a question of taste / preference but will obviously have a >> huge impact on the subsequent work in the group. I disagree with the characterization as "taste/preference". In my opinion, there needs to be strong evidence for the need for a design from scratch and an implicit bias toward reusing existing technologies. Use cases like the one outlined above should be reviewed to see if they constitute evidence in support of a design from scratch. - Ralph >> >> 3) Should the design be based on symmetric or asymmetric crypto? >> (or both?) > Both of course, and hash algorithms. > Asymmetric crypto should be used for key establishment and identity. > Algorithms should be lumped together as a Cipher Suite that defines > a set of algorithms for key established/authentication, encryption, hashing, etc. > > >> >> We have various documents that talk about this issue, for example >> draft-seitz-ace-design-considerations-00 and >> draft-seitz-ace-problem-description-01 >> >> 4) How to address cross-domain support in the initial protocol design? >> Is it a feature that can be added later easily? >> >> draft-gerdes-ace-actors-01 talks about this aspect. > from this ... > " According to the Internet Security Glossary [RFC4949], authentication > is "the process of verifying a claim that a system entity or system > resource has a certain attribute value." Examples for attribute > values are the ID of a device, the type of the device or the name of > its owner. Authentication attributes might be (but not necessarily > are) suitable to uniquely identify an individual entity.” > > The hash of the public key is a attribute that can be directly > authenticated by the key holder and is unique. The hash > process should include the encoding of the Cipher Suite > values to bind the algorithms to the instance of a key. > Other attribute bindings can be built on these unique ‘ids' > > Paul > >> >> If we could get an answer to these questions during the meeting that >> would be good step forward. >> >> Ciao >> Hannes >> >> PS: One question that has been answered by all document in the same way >> at the moment is about the use of DTLS. Currently, everyone seems to be >> focused on using DTLS everywhere. There would be alternative approaches >> as well. >> >> _______________________________________________ >> Ace mailing list >> Ace@ietf.org >> https://www.ietf.org/mailman/listinfo/ace > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace
- [Ace] Questions for the IETF#90 Meeting Hannes Tschofenig
- Re: [Ace] Questions for the IETF#90 Meeting Paul Lambert
- Re: [Ace] Questions for the IETF#90 Meeting Hannes Tschofenig
- Re: [Ace] Questions for the IETF#90 Meeting Ralph Droms
- Re: [Ace] Questions for the IETF#90 Meeting Michael Richardson
- Re: [Ace] Questions for the IETF#90 Meeting Paul Lambert
- Re: [Ace] Questions for the IETF#90 Meeting Paul Lambert
- Re: [Ace] Questions for the IETF#90 Meeting Carsten Bormann
- Re: [Ace] Questions for the IETF#90 Meeting Hannes Tschofenig
- Re: [Ace] Questions for the IETF#90 Meeting Göran Selander
- Re: [Ace] Questions for the IETF#90 Meeting Hannes Tschofenig
- Re: [Ace] Questions for the IETF#90 Meeting Paul Lambert
- Re: [Ace] Questions for the IETF#90 Meeting Paul Lambert
- Re: [Ace] Questions for the IETF#90 Meeting Hannes Tschofenig
- Re: [Ace] Questions for the IETF#90 Meeting Hannes Tschofenig
- Re: [Ace] Questions for the IETF#90 Meeting Ludwig Seitz
- Re: [Ace] Questions for the IETF#90 Meeting Robert Cragie
- Re: [Ace] Questions for the IETF#90 Meeting Ludwig Seitz
- Re: [Ace] Questions for the IETF#90 Meeting Robert Cragie
- Re: [Ace] Questions for the IETF#90 Meeting Michael Richardson