IETF Logo Mail Archive

Re: [Ace] IETF 108 tentative agenda and presentations (Daniel Migault)

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Wed, 22 July 2020 13:08 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71EA13A0971 for <ace@ietfa.amsl.com>; Wed, 22 Jul 2020 06:08:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.621
X-Spam-Level:
X-Spam-Status: No, score=-9.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=RyRY+6s6; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=wCcXUr14
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id udpB3HL3rXHs for <ace@ietfa.amsl.com>; Wed, 22 Jul 2020 06:08:24 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A8C83A0970 for <ace@ietf.org>; Wed, 22 Jul 2020 06:08:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9337; q=dns/txt; s=iport; t=1595423304; x=1596632904; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=abGfjC6FK3glkRcWiHOD+CWjZHOPPYUVhoAyAC1ALtk=; b=RyRY+6s62YyOgcV4m7RMFFXvhFILCECwD3CiEP1ydtTMVb0MNUiK5XDf 2ry0DlwIIuoYV3G4Ab0agdc9vSIL3bliGNnN9Ln2RIu1IpOh5SRtBLJOA 6/XG3Do6Qo8+Lr6LScmwbFWF/ZA9mdOVmuOnQrAX9vu0w8XDrZDqSeATa I=;
X-Files: smime.p7s : 4024
IronPort-PHdr: 9a23:S0sh1xGI/WEzG7dH6F8L251GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e401Q+bRoTW7v9CkKzdtKWzEWAD4JPUtncEfdQMUhIekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutfFzfp3C09ngZHRCsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wRzM8XY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CBAABNORhf/5JdJa1gDgsBAQEBAQEBAQEBAQEBAQEBAQESAQEBAQEBAQEBAQEBQIFKgVJRB28rLS8sCodvA41JigKOXIJTA1UEBwEBAQkDAQEYDQgCBAEBgW2CXwKCDAIkOBMCAwEBCwEBBQEBAQIBBgRthVwMhXEBAQEDAQEBEC4BASwCCQEEBwQCAQgRBAEBAS4CHwYLHQgCBAENBQgGFIJ/BAKBfk0DDhEPAQ6iAAKBOYhhdIE0gwEBAQWFIAMKC4IHBwMGgTgBgVKBF4YEhAQagUE/gRFDgh8uPoEEgRZCAQECARaBSBWDMoItj1KCS4hPmhlNCoJdhDOCWIFLjB2FFJ9RkgaNCJF/AgQCBAUCDgEBBYFqIw2BSnAVO4JpUBcCDY4eDBeDToUUhQQ+dAIBATMCBggBAQMJfI4WAYEQAQE
X-IronPort-AV: E=Sophos;i="5.75,381,1589241600"; d="p7s'?scan'208";a="516086862"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jul 2020 13:08:23 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 06MD8Mxq029149 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 22 Jul 2020 13:08:23 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 22 Jul 2020 08:08:22 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 22 Jul 2020 08:08:22 -0500
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 22 Jul 2020 09:08:21 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VNC3fJv3VxukHERAPnXGGynqL1DpHuuDPVcEOCbTmF3ks1gYx6wK0w+2iOa58KrXS9lMAEH/UYlx4c4ZoPhkRBrELQy+A2JEy+Ot9V0gYVdEptc4aesqgCl7PvPo0yZ34TSTOWE8X2OhqW8esHfDtew1cFWgVx1umW38ObBn99hEqHudXMvXdKwP9ENlc7Ehs15Vq0YDQVJWLh+DekSHjNIxVTvji1b4bh8YE3k18RKOlsFCVHqQLWn6BYLd2KcDi/5FrkMxxC5VnVLin51ArCgFo/K1LIp4USQVsQvfWx5IB4qzU8m5kfrupTwe1+atVqdBo+Tic1SFyaWzDUh8GA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w9qOisay4VNyiVX4NXTZ4eZTwHrswoncILjPkZ4eGn4=; b=ZBmIx5nPvWmRA23CU+NHKvQIBLOUv+KtiZX6iKPU432Eqsrml3Eq4Z1bku8Uyo2zLoEfwn73Ka6IAkCsg48PBxJMhaNi/aiIEWvNlNPw8rzD9TNCaag1SiismNGQrBYnQAGyiKvMKizZNf3nrCwwg/oAvC3jFfnSudAGzZkxIGmbQfqt/Jxl6Hbmy+g7pPI1IDHDsQ+r57sIXI51OFBg6EUAZkBXWxIzojKKxQ6GmDMNl4AgtyWY6g5CNg4FXUlOZoCIFaAa8iZtlr1m9HQKgANnskDDDvdiVCl8ykPJWgUew2hNpWH9DCZFggko0SSHOPM/fL1yB7MJfkUxlUSauA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w9qOisay4VNyiVX4NXTZ4eZTwHrswoncILjPkZ4eGn4=; b=wCcXUr14J8KFFS/hHsDuIhsbwfHOP+xgnJ1FOjtobE/z7Pxh5+s9+zYwZQTmAQpz5cLPNb1JvEuj3R2tCsrKP0fmG/a7KZybFPh6H/k0YvjyoEhG/g3wcCCcgNoGzAm0oUD9Us0pqrzCTffOjDAS2HZexgRC0KmLrKLRh+yzh5Y=
Received: from DM6PR11MB2555.namprd11.prod.outlook.com (2603:10b6:5:c5::33) by DM6PR11MB2748.namprd11.prod.outlook.com (2603:10b6:5:c8::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.23; Wed, 22 Jul 2020 13:08:20 +0000
Received: from DM6PR11MB2555.namprd11.prod.outlook.com ([fe80::75c7:27bf:b5af:a483]) by DM6PR11MB2555.namprd11.prod.outlook.com ([fe80::75c7:27bf:b5af:a483%5]) with mapi id 15.20.3216.020; Wed, 22 Jul 2020 13:08:20 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>, Benjamin Kaduk <kaduk@mit.edu>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: Mohit Sahni <mohit06jan@gmail.com>, "steffen.fries@siemens.com" <steffen.fries@siemens.com>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] IETF 108 tentative agenda and presentations (Daniel Migault)
Thread-Index: AQHWX5lj2xo5I7eQAk6wCDCWveBOMqkSfISAgAAYZoCAAKV/gIAAVHbw
Date: Wed, 22 Jul 2020 13:08:20 +0000
Message-ID: <DM6PR11MB25554D31E5C2DBFA677BD83AC9790@DM6PR11MB2555.namprd11.prod.outlook.com>
References: <mailman.1850.1595355742.7860.ace@ietf.org> <CAEpwuw0JN9RGzEBs+fmcL18OFcHzKj_DDzXCt4VkSkSmG3Rvnw@mail.gmail.com> <9794.1595363465@localhost> <20200721215825.GB41010@kduck.mit.edu> <AM0PR10MB3153493DF2B63A8A061BD916FE790@AM0PR10MB3153.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <AM0PR10MB3153493DF2B63A8A061BD916FE790@AM0PR10MB3153.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=853d4b82-15da-4ce2-9193-0000a3646129; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2020-07-22T07:41:39Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: siemens.com; dkim=none (message not signed) header.d=none;siemens.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [68.93.142.48]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0afa9660-79c6-4739-030c-08d82e404ed7
x-ms-traffictypediagnostic: DM6PR11MB2748:
x-microsoft-antispam-prvs: <DM6PR11MB27488742D4627E1CA289A9F3C9790@DM6PR11MB2748.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4502;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ODYSU2GxrjPuf6KiVfldNX67l0lOrQbSPM0V0yc7q50vWeVpmXf6/J7eacUjDeCjLFjY2n9G6rAkcvDP8SQeuWPXpOUzLCpuMWBaTWdxqvui2Dcm+W9MDgGXi+mKzvLfOjqGH73GFts1t/yVcnPCrHJ5k4Rtn4uw6w1mMAFAlbXj9+Lp3lCK5uw1OZrXuEFbFLLWr2SBtdOqZaEE40GzeP00cg91fmq64KWqZXBd4jqL7ZVBHpJpPnXwTXttIL1x9NkD2s59VPJJYHVTFEf2fFIiXWf2DzJ9uKNkW62ZY2XuCMSOAGwUFudL/pI4r8xX4A8KtDVdHFbyX3lTnng/szq8dKJCC4F1KHoYotE1zEiPA8EFvfEJctE7kIOGuKfSzquApN322LmfcZHeTaeFlQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB2555.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(396003)(376002)(39860400002)(136003)(346002)(83380400001)(45080400002)(5660300002)(9686003)(86362001)(8936002)(71200400001)(33656002)(54906003)(7696005)(6506007)(110136005)(2906002)(316002)(66946007)(8676002)(478600001)(66616009)(76116006)(52536014)(4326008)(64756008)(66446008)(99936003)(966005)(66556008)(26005)(186003)(53546011)(83080400001)(55016002)(66476007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: LD5gQyhbfgwT3UaenOnuPt4vIZX8azsTGjhvsLEKsIQYqu/xiemSRcKs6xCrL/4UXs0o4JaXSPBBlmalDrF1ENAw+joePMyDyOpotYzJFDjcPCrUwXmEr3pAWEN75/3mJw66dbxwzmSpXJ9LrPAuqg7CI3DEEdGPQyb8ofM6CLvBgt95GXiAoHaU7VUyFpboebRYeY8S2yZznFgYSrDr0leByKRb+6K3jWNvBRWNQ1abw8h0TSfHGds18/v7sBxnH+4rUqesv06gIXspHf5OAgJ11kDMtRep66/ivLZYaHdRiRNEpE/vLmowCMMk5v0mO1zUgY3yUxmRDHMwIOACANtQtIxxDxTNYJVUfsLJraIwpZI3WwjVVCVdhn09oQ35FLv/2wgMty4XBvBFS5bfFcqwkRWSBIBzffsdw+KEg26RhBEoNMFuthHj1W9d6lh3c84LBzcuT0rTx8Rio2JRPLjCeTV929VCRYmAMaKZFpA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0005_01D66007.A3F5A270"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB2555.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0afa9660-79c6-4739-030c-08d82e404ed7
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2020 13:08:20.6814 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: y7/gxW0u0DJrOHvUQph9RGVDkPRk1lD9DZSRrcCmflo3GgHoPUYbXlYuKfyNRtAvd0PeCxaFRetoMaF+VVTdyw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2748
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/WoizcKS9OUpgJKm3roOWMEBUFc4>
Subject: Re: [Ace] IETF 108 tentative agenda and presentations (Daniel Migault)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2020 13:08:26 -0000

Hi, 

> Looking into Mohits draft, cmp-over-coap is much simpler than
est-over-coaps, as CMP does not need any binding to an underlying (D)TLS
handshake.

Not sure that is accurate. And EST does not bind to the tunnel protocol
either unless proof of possession is used. For now the cmp-over-coap draft
says 

   When the end to end secrecy is desired for CoAP transport, CoAP over
   DTLS [RFC6347] as a transport medium SHOULD be used.

COAP can run over DTLS or plain UDP and in rare cases TCP, TLS and maybe
Websockets. I am not sure someone would run cmp-over-coap over TCP because
then he could just run CMP natively without COAP in the middle. Any
application layer protocol (CMP etc) can run over any transport but I am not
sure there are more transports than the usual ones for cmp-over-coap anyway.


I agree that if this gets picked up it should be by ACE.

I would like to understand what gaps it is filling compared to
est-over-coaps which took a lot of work and where it will be used and
implemented in. 

Panos
 

-----Original Message-----
From: Ace <ace-bounces@ietf.org> On Behalf Of Brockhaus, Hendrik
Sent: Wednesday, July 22, 2020 3:51 AM
To: Benjamin Kaduk <kaduk@mit.edu>; Michael Richardson
<mcr+ietf@sandelman.ca>
Cc: Mohit Sahni <mohit06jan@gmail.com>; steffen.fries@siemens.com;
ace@ietf.org
Subject: Re: [Ace] IETF 108 tentative agenda and presentations (Daniel
Migault)


> Von: Ace <ace-bounces@ietf.org> Im Auftrag von Benjamin Kaduk
> 
> On Tue, Jul 21, 2020 at 04:31:05PM -0400, Michael Richardson wrote:
> >
> > Mohit Sahni <mohit06jan@gmail.com> wrote:
> >     > To give some background, this draft is an extension of Light
Weight CMP
> >     > Profile (
> >     >
>
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf
.
> org%2Fhtml%2Fdraft-ietf-lamps-lightweight-cmp-profile-
> 02&amp;data=02%7C01%7Chendrik.brockhaus%40siemens.com%7Cc3b352cdfd
> 174b0a7e2008d82dc1484f%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C
> 0%7C637309655452109222&amp;sdata=QWHu3IEwf4TIIpaW0cvKuMiGXixV1AX
> dws6g0vBQJPY%3D&amp;reserved=0)
> >     > draft currently under development in the LAMPS WG. We 
> > discussed the
> "CMPv2
> >     > over CoAP" draft in the LAMPS WG and figured out that ACE WG 
> > is a
> more
> >     > appropriate place for this draft. However, Jim suggested that 
> > we will
> need
> >     > to modify the charter  of the ACE WG to adopt this draft.
> >
> > We did est-over-coaps [still in the queue], why shouldn't we do 
> > cmp-over-
> coap(s)?
> 
> It may just be that "est-over-coaps is so obviously us" that I didn't 
> check the charter carefully at that time.  But, at this point, we're 
> probably overdue for a recharter anyway, as the core framework is making
its way to the IESG.
> 

Steffen and I discussed this with Jim last year in Prague, if I remember
correctly, and he recommended to submit cmp-over-coap to ACE and not to
LAMPS.
As est-over-coaps was in scope of ACE, I also think it is quite obvious to
discuss cmp-over-coap in ACE.
Looking into Mohits draft, cmp-over-coap is much simpler than
est-over-coaps, as CMP does not need any binding to an underlying (D)TLS
handshake.
If you think this needs rechartering, we should go for it.

- Hendrik

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

v2.23.0 | Report a Bug | By Email