[Ace] EST over CoAP: Introduction

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 15 May 2018 09:34 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE2112D7F9 for <ace@ietfa.amsl.com>; Tue, 15 May 2018 02:34:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iA9ph_g1E9PD for <ace@ietfa.amsl.com>; Tue, 15 May 2018 02:34:13 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40077.outbound.protection.outlook.com [40.107.4.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FE1E12DA27 for <ace@ietf.org>; Tue, 15 May 2018 02:34:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4Z6BY5lzvTLF2QkWMQF4fkUmlMGTyG0Sv6D6d6+clks=; b=JM/20HZj9de3O3nCgMxgrtjeKzD2JZtv/IYQPMzusLK0L8diDB0rCSUhOHS21yACi16QvQlPn8x9Ee23VK62tukfcY2i8n+FzwcY5ibyfVw72icSmvRe82FCBJRA1Yo5q298mX6igiUiDM6PZDpLEiO8M43s/e7PF9fR7vRJfyA=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1774.eurprd08.prod.outlook.com (10.168.67.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.755.16; Tue, 15 May 2018 09:34:09 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::7c43:c1a5:4f69:5365]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::7c43:c1a5:4f69:5365%17]) with mapi id 15.20.0755.018; Tue, 15 May 2018 09:34:09 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: EST over CoAP: Introduction
Thread-Index: AdPsLs4i7p+ZRhEOTMSeKeo6haRT5Q==
Date: Tue, 15 May 2018 09:34:09 +0000
Message-ID: <VI1PR0801MB2112FC1E76250C571880958EFA930@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [156.67.194.220]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1774; 7:gD/sSzj9TP4uAfABLitS/H6egf+O+tpGYIrLKveQkEm/iawIz+tfxUgPAItqapzynHuQXqYAIvMT7JxtbLq1iR2GRN5xdbAJLu41NLxJGccGXvVDtOFiQj5h0TsjpZTSMzp/A5AxpQq2gUy7H/7VtbDe5csBZnknufSAv+CdSgbRPLqucR/gztcm8lbdGG6V1JgKqNA+hTExJccy1IUzF9p77cexzaOPhfuSoAfm3gZ0nCQerEEjl8v/KbhwPx3I
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1774;
x-ms-traffictypediagnostic: VI1PR0801MB1774:
x-microsoft-antispam-prvs: <VI1PR0801MB1774F189A5548C8A5AD2A3DBFA930@VI1PR0801MB1774.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(788757137089)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:VI1PR0801MB1774; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1774;
x-forefront-prvs: 0673F5BE31
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(396003)(39380400002)(366004)(189003)(199004)(40434004)(2906002)(5250100002)(6506007)(7736002)(53936002)(9686003)(316002)(7696005)(6916009)(3280700002)(66066001)(81156014)(8676002)(3660700001)(81166006)(1730700003)(8936002)(54896002)(6436002)(2351001)(6306002)(55016002)(59450400001)(5890100001)(74316002)(5640700003)(2501003)(26005)(5660300001)(186003)(102836004)(6116002)(790700001)(99286004)(561944003)(86362001)(33656002)(3846002)(25786009)(68736007)(5630700001)(105586002)(106356001)(486006)(97736004)(476003)(478600001)(2900100001)(14454004)(72206003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1774; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: OopSCoilt3oJOgPK8kcRiD69Ly84MT0Q9UiwMZIG5PNXeagcc37OeFV5BxzC0C0S9VXGWLM4Au5STSO+7uUFYF7KDAtDhg8piTxKxNRkL975JjXxx4tNdS8Q9IMAAZsU7Wp9laWZoKO/lCED7HpyhpXNu6nDv4rAiBXbx6DURUxJMdxyafk8N+XNlfDVSl1W
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB2112FC1E76250C571880958EFA930VI1PR0801MB2112_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 1df032c7-017b-4011-dcfe-08d5ba47029d
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1df032c7-017b-4011-dcfe-08d5ba47029d
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2018 09:34:09.0887 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1774
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/MICVnLnHUTAekiapRjZZSgdev0c>
Subject: [Ace] EST over CoAP: Introduction
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2018 09:34:16 -0000

Here is a proposal to change the introduction to the relevant parts only and to avoid repetition.
(The current document still keeps talking about IEEE 802.15.4 when there are so many other radio technologies as well.
There is nothing in this spec that makes this 15.4 specific. I understand that some of the authors really like 15.4 but ....)

Here is my proposal to replace Section 1 and Section 1.1:

-----

1.  Introduction

   "Classical" Enrollment over Secure Transport (EST) [RFC7030] is used for
   authenticated/authorized endpoint certificate enrollment (and
   optionally key provisioning) through a Certificate Authority (CA) or
   Registration Authority (RA).  It uses HTTPS.

   This specification defines a new transport for EST based on the
   Constrained Application Protocol (CoAP) since some Internet of Things (IoT)
   devices use CoAP instead of HTTP. This specification therefore utilizes DTLS [RFC6347],
   CoAP [RFC7252], and UDP instead of TLS [RFC5246], HTTP [RFC7230] and TCP.

   This document also profiles EST and only supports certificate-based client
   Authentication. The results are:

      *  The EST-coaps client does not support HTTP Basic authentication
         (as described in Section 3.2.3 of [RFC7030]).

      *  The EST-coaps client does not support authentication at the
         application layer (as described in Section 3.2.3 of [RFC7030]).

   EST messages may be relatively large and for this reason this
   document re-uses CoAP Block-Wise Transfer [RFC7959] to
   offer a fragmentation mechanism of EST messages at the CoAP layer.

-----

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.