IETF Logo Mail Archive

Re: [Ace] some suggestions - clarification of ACE scope and secauth

Stefanie Gerdes <gerdes@tzi.de> Fri, 10 October 2014 08:51 UTC

Return-Path: <gerdes@tzi.de>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 516101A6FE5; Fri, 10 Oct 2014 01:51:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.348
X-Spam-Level:
X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmKl-Y_pblT6; Fri, 10 Oct 2014 01:51:06 -0700 (PDT)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01A731A6FA9; Fri, 10 Oct 2014 01:51:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id s9A8opgV002656; Fri, 10 Oct 2014 10:50:51 +0200 (CEST)
Received: from [134.102.218.214] (dynamic-218-o.informatik.uni-bremen.de [134.102.218.214]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 68D4096; Fri, 10 Oct 2014 10:50:51 +0200 (CEST)
Message-ID: <54379DEB.6070303@tzi.de>
Date: Fri, 10 Oct 2014 10:50:51 +0200
From: Stefanie Gerdes <gerdes@tzi.de>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Hosnieh Rafiee <hosnieh.rafiee@huawei.com>, "ace@ietf.org" <ace@ietf.org>
References: <D04EDD20.185CB%goran.selander@ericsson.com> <34966E97BE8AD64EAE9D3D6E4DEE36F2581A37D0@SZXEMA501-MBS.china.huawei.com> <D05AF6C0.18C97%goran.selander@ericsson.com> <34966E97BE8AD64EAE9D3D6E4DEE36F2581A3B0D@SZXEMA501-MBS.china.huawei.com> <814D0BFB77D95844A01CA29B44CBF8A7A47504@lhreml513-mbb.china.huawei.com> <54379D37.6060609@tzi.de>
In-Reply-To: <54379D37.6060609@tzi.de>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ace/L9nj9_OqlviXvJuQ0Nm4xtH_lyY
Cc: "secauth@ietf.org" <secauth@ietf.org>
Subject: Re: [Ace] some suggestions - clarification of ACE scope and secauth
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Oct 2014 08:51:07 -0000

[1] https://tools.ietf.org/id/draft-seitz-ace-usecases-01.txt

On 10/10/2014 10:47 AM, Stefanie Gerdes wrote:
> Hi Hosnieh,
> 
> Thank you for your suggestions. I am not sure if I completely understand
> which part of your scenario you want us to integrate into the use cases
> document. Some questions inline.
> 
> On 10/09/2014 12:48 PM, Hosnieh Rafiee wrote:
>> Hi,
>>
>> In secauth requirement draft, there is two requirements that I suggest to be considered by ACE however, If ACE does not want to work on them,  I will keep it in secauth.
>>
>> Here is the link to secauth requirement draft.
>> https://tools.ietf.org/html/draft-rafiee-secauth-usecase-01 
>>
>>
>>    Scenario 2: Alice's wash machine technically has a problem. Its
>>    application was configured by the vendors? in a way to report this
>>    problem automatically to third party technical service (repair
>>    place). Both the technical service application and wash machine need
>>    to authenticate each other so that they can trust and exchange
>>    information.
> 
> Why does the washing machine contact the repair service and not Alice
> herself? She would have to make an appointment with them anyway if the
> machine is broken.
> 
>>  Since the application are usually implemented by the
>>    third party and there was not much effort to secure the
>>    communications between the device and the application, the security
>>    of them is a big concern.
>>
>> Alice turned on the wash machine at home and then went to work. Alice
>>    can check the status of this wash machine using an application on her
>>    Smartphone remotely at company x. Wash machine doesn't support any
>>    certificates signed by a CA. Alice needs to be authenticated in the
>>    wash machine and wash machine needs to trust Alice to allow her
>>    control it remotely. Since the application are usually provided by
>>    third parties, the security of this communication is important and
>>    the first point of trust is really important.
> 
> 
> Which authorization problem do you want to solve here? Please have a
> look at section 2.2.1. in [1]. Do you want to address an authorization
> problem that is not already covered here?
> 
> Thanks,
> Steffi
> 
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
> 


-- 
Stefanie Gerdes			Tel: +49 421 218 63906
TZI Universität Bremen		E-Mail: gerdes@tzi.de
Bibliothekstr. 1, MZH 5150
28359 Bremen, Germany

v2.23.0 | Report a Bug | By Email