Re: [Ace] Open Issues
Göran Selander <goran.selander@ericsson.com> Fri, 17 January 2014 08:05 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B09441ADFB3 for <ace@ietfa.amsl.com>; Fri, 17 Jan 2014 00:05:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.601
X-Spam-Level:
X-Spam-Status: No, score=-1.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RdXxL7gj1T0l for <ace@ietfa.amsl.com>; Fri, 17 Jan 2014 00:05:21 -0800 (PST)
Received: from sesbmg20.ericsson.net (sesbmg20.ericsson.net [193.180.251.56]) by ietfa.amsl.com (Postfix) with ESMTP id 0ED071ADFAA for <ace@ietf.org>; Fri, 17 Jan 2014 00:05:20 -0800 (PST)
X-AuditID: c1b4fb38-b7f2c8e000006d25-4a-52d8e433847e
Received: from ESESSHC023.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg20.ericsson.net (Symantec Mail Security) with SMTP id 46.BA.27941.334E8D25; Fri, 17 Jan 2014 09:05:07 +0100 (CET)
Received: from ESESSMB303.ericsson.se ([169.254.3.107]) by ESESSHC023.ericsson.se ([153.88.183.87]) with mapi id 14.02.0347.000; Fri, 17 Jan 2014 09:05:07 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: Bert Greevenbosch <Bert.Greevenbosch@huawei.com>, "ace@ietf.org" <ace@ietf.org>, Stefanie Gerdes <gerdes@tzi.de>
Thread-Topic: [Ace] Open Issues
Thread-Index: AQHPEs90KKLZNSLAWkaCJ/RTtKV6zpqIV4AAgAA4iwA=
Date: Fri, 17 Jan 2014 08:05:07 +0000
Message-ID: <CEFE9BBA.1A442%goran.selander@ericsson.com>
References: <52D7FA4C.701@tzi.de> <46A1DF3F04371240B504290A071B4DB63E3DDED6@SZXEMA510-MBX.china.huawei.com>
In-Reply-To: <46A1DF3F04371240B504290A071B4DB63E3DDED6@SZXEMA510-MBX.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [153.88.183.149]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <AF2B12E01E05A84A92CDA4642FEFA1FE@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrPLMWRmVeSWpSXmKPExsUyM+Jvja7xkxtBBs/bVSy+f+thtvj9ZAWr xcaLdxkdmD1ajrxl9Viy5CeTx7a3X5kDmKO4bFJSczLLUov07RK4Mm5M38VeMI2rYtbqVewN jGs5uhg5OSQETCR2PDjDBGGLSVy4t56ti5GLQ0jgCKPE3vn/WSCcJYwSjV1HWUCq2ARcJQ48 eAfUwcEhIlAm8XmTL0hYWEBOYuGMjcwgtoiAvMSNWWvZIGwriR/r74DFWQRUJVrnPWYHsXkF LCQ6bzQxgthCArkSM1c/BYtzCoRJLD28A6yeEeig76fWgB3HLCAucevJfKhDBSSW7DnPDGGL Srx8/I8VxBYV0JO492guC0RcSWLt4e0sEL16EjemTmGDsK0lDrXcZ4WwtSWWLXzNDHGPoMTJ mU9YJjCKz0KybhaS9llI2mchaZ+FpH0BI+sqRo7i1OKk3HQjg02MwEg7uOW3xQ7Gy39tDjFK c7AoifN+fOscJCSQnliSmp2aWpBaFF9UmpNafIiRiYNTqoFRev7cTJW3Nl45kaaut1zZk79P WHG1cl+QUVR8Xti7Sz1iDPK1KvqFWxYf9Js3se+bvrjT3++fcm8aTVlc1u//yy9DYlNGu4Zx lQvvqmK5v4LFP1fOZ3tdyLb6l/BpNc8pM63mv77G2HIg+2KXzMXUJTc2hj7wCLyudWJZvkp5 1y7hhnXneXmVWIozEg21mIuKEwEaXgD3ggIAAA==
Subject: Re: [Ace] Open Issues
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2014 08:05:22 -0000
Hi Bert On 1/17/14 6:42 AM, "Bert Greevenbosch" <Bert.Greevenbosch@huawei.com> wrote: > >> 4. Security modes for CoAP >> (http://www.ietf.org/mail-archive/web/ace/current/msg00104.html). Is it >> in the scope of ACE to define security modes for CoAP? > >From the security modes draft, I have the impression that it mainly >concerns key management (KMS). Is that impression correct? > >Concerning the KMS, I think we should certainly investigate existing >technologies as elaborated upon below comment 3. > >I think it will be hard to define a working system without paying >attention to the KMS. You are right, this is about key management. CoAP security modes in general deals with what keys/credentials of involved parties that are required to be able to authorize the client to run DTLS. E.g. in certificate mode the client must have a X509 public key certificate and corresponding private key and the server must have a list of root trust anchors that can be used for validating certificates. Since certificate mode is very heavy-weight, we investigate in draft-seitz-core-security-modes more light-weight solutions based on the assumption that there is a secret key shared between an authorization server (acting trust anchor) and a resource server. Göran
- [Ace] Open Issues Stefanie Gerdes
- Re: [Ace] Open Issues Ludwig Seitz
- Re: [Ace] Open Issues Corinna Schmitt
- Re: [Ace] Open Issues Göran Selander
- Re: [Ace] Open Issues Stefanie Gerdes
- Re: [Ace] Open Issues Bert Greevenbosch
- Re: [Ace] Open Issues Göran Selander
- Re: [Ace] Open Issues Ludwig Seitz
- [Ace] 4. Security modes (Re: Open Issues) Carsten Bormann
- Re: [Ace] 4. Security modes (Re: Open Issues) Ludwig Seitz
- Re: [Ace] Open Issues Likepeng