Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)
Dan Garcia Carrillo <garciadan@uniovi.es> Fri, 11 December 2020 17:41 UTC
Return-Path: <garciadan@uniovi.es>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B69FE3A0D39; Fri, 11 Dec 2020 09:41:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=unioviedo.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4ct2Jxz-mpd; Fri, 11 Dec 2020 09:41:32 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2080.outbound.protection.outlook.com [40.107.22.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A11F3A0D37; Fri, 11 Dec 2020 09:41:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZnYJCUzVFCRzlA/bsk11gp7Ol3V6lYUPV7ORd3tA3kk8QfJUGPSGKiq/JkssfabAab3N5EVQ5RFsritd12vZZqwJtdAsV2r4HvWAcqvQrH4XAoZzHsazi8X00ZDDXhb28B9gR6oZdj4NkGd8czjjh2f2Xnxkq/QQbbthLQvBcOo24P3OflR65uPO8lrHpxUHZtS+vbEdS81SGMpS+f5ii9qm3DLTqlWsdMB6EiyqZHRex2cDCkr/tCZ9LkbnyfvRjSgUckA2PQGDPdvK2YPSBAh2ibzKSltU+/PDNDGwQzBqHXjNoUddV8maFIS46Hjr5ZI5hUuGU4Ws5glKeOA0Rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vrysoN34OwpEJixfuOsex4iM5AeGJPP6GjEsqrqi4UM=; b=WTt83fMt5k1PrLcsOuxCTnr/pj9DGqAScUdCQWPHFrsQ+N95XP10OWGrvVQUWelBUZS3ptswP0uwhVH7rPSGdwLZvMKLExeAkyN/dsAz4Rsptmj4z/wg41AGjYecJE6D5DXkmQ7ywoahUx4qKcvwSGLre6S3NA5J7gLUCGXwaFvciR38x3VYtfaiXZN6vnNtY+Eg3ZyA9Q3mAl20SoNSXOt8TuMR9XXGVRItWTcHDqyKTrOhIYkguXHU1lvLe6Qql+OU47kl/ZCgHNrYJmJWbMZfZk34HkgRaJRe83ANvzZbwu8n8v39RxD1cib8bhF/D47CyxKiZTCRdEAh4xj79g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uniovi.es; dmarc=pass action=none header.from=uniovi.es; dkim=pass header.d=uniovi.es; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unioviedo.onmicrosoft.com; s=selector2-unioviedo-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vrysoN34OwpEJixfuOsex4iM5AeGJPP6GjEsqrqi4UM=; b=OCNlajE7tYNB4Lza0aCf1YRj/+MdOLlX/8q5fM15fwDwdx/aR/k9J2elzoO6M3ILNIn77ByvJ0G/h8RUZqGy5moOn1WQ3Z92LN6xTwTLSeA7l1eMcCYbkYZ6uvCKcpgbRPAe3FH2a0pXADLhtCcHfXUNC0neqlC8nWOU9mxU7O0=
Authentication-Results: uniovi.es; dkim=none (message not signed) header.d=none;uniovi.es; dmarc=none action=none header.from=uniovi.es;
Received: from AM0PR08MB3940.eurprd08.prod.outlook.com (2603:10a6:208:124::19) by AM0PR08MB4417.eurprd08.prod.outlook.com (2603:10a6:208:13f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Fri, 11 Dec 2020 17:41:29 +0000
Received: from AM0PR08MB3940.eurprd08.prod.outlook.com ([fe80::9c65:30a3:58fe:e6dd]) by AM0PR08MB3940.eurprd08.prod.outlook.com ([fe80::9c65:30a3:58fe:e6dd%7]) with mapi id 15.20.3654.012; Fri, 11 Dec 2020 17:41:29 +0000
Cc: garciadan@uniovi.es
To: Mališa Vučinić <malisa.vucinic@inria.fr>, Michael Richardson <mcr+ietf@sandelman.ca>, EMU WG <emu@ietf.org>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>, "ace@ietf.org" <ace@ietf.org>
References: <CADZyTkmnV_Dhb5iXzykUyEAskLDg7tj=80CbEBGmSyFQNS2FHw@mail.gmail.com> <HE1PR0702MB36740BAAFD7FDA2688564BF7F4E60@HE1PR0702MB3674.eurprd07.prod.outlook.com> <CADZyTkkpLRvqD5Vx704u=qbRvE82o4cKk3Ff2Y2ZXes_B+nRbA@mail.gmail.com> <CADZyTkkSGiUvXf0NoVUwj0Vjf7AQ=pjdEHyHZsDdE67OvfTepw@mail.gmail.com> <20201117234700.GR39170@kduck.mit.edu> <CADZyTknej3DUbbKbRxdfi0HqVR7G7qkAh5htu3w9yFjE09sOtg@mail.gmail.com> <b78c1176-ffa0-9ad5-847e-94e9134b4212@um.es> <DM6PR15MB2379308BD779061F6F46233EE3F20@DM6PR15MB2379.namprd15.prod.outlook.com> <CABONVQZRWa5gcN6Z1pfBKx=UVvOTvi1FjLSv0-T_UTUc3XGG5Q@mail.gmail.com> <HE1PR0702MB367429A9C8921A5252133523F4CE0@HE1PR0702MB3674.eurprd07.prod.outlook.com> <24523.1607378991@localhost> <3a4e4b59-3712-7eb9-23b2-8160ad14b6aa@um.es> <2923.1607540144@localhost> <62dad652-8acd-0890-36cd-f7aacde19de2@uniovi.es> <D1AA3C26-4376-409A-A87B-F0D05AD1BAD3@inria.fr>
From: Dan Garcia Carrillo <garciadan@uniovi.es>
Message-ID: <1fdb134e-54a1-1937-fdd6-3d226c89aea7@uniovi.es>
Date: Fri, 11 Dec 2020 18:41:27 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
In-Reply-To: <D1AA3C26-4376-409A-A87B-F0D05AD1BAD3@inria.fr>
Content-Type: multipart/alternative; boundary="------------A06EE6867811146F2926CFCF"
Content-Language: es-ES
X-Originating-IP: [192.145.124.84]
X-ClientProxiedBy: MRXP264CA0040.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:14::28) To AM0PR08MB3940.eurprd08.prod.outlook.com (2603:10a6:208:124::19)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.5.0.2] (192.145.124.84) by MRXP264CA0040.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:14::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21 via Frontend Transport; Fri, 11 Dec 2020 17:41:28 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 333c9aeb-320d-4913-672d-08d89dfbfe0d
X-MS-TrafficTypeDiagnostic: AM0PR08MB4417:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <AM0PR08MB441791F00229322C99CA47CDB4CA0@AM0PR08MB4417.eurprd08.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 0UkVSidqNgXEgTY0Seyvi38+52fiVOkWHfYK1CU0iX+OLc8HXH1N3/pr34p/FCmRtE7NG+u+hiGaoROKIt35gX+l7Mb64JS0xlMX/Gs9VX5cdNOyCUvFwtGsugN30rB8Tb5l86+u6PuUYevX2hZJZEZTJkveQLv3UTCCc3ni/zGLo1HXAXZPTr3PFqvAtJ1RxEfofAAHPEZxSCSS3Q4anwAeXvAC+mGBZbcfv2a648Agr8UlIBns9/q+waBVKWOq1GMm6DQD4KMlJOpJHNxcevSL5xc/0G7rTjmYfRjFNh534JivbJK2RcE5K5AjdVm4VIM4tZ7JJOKcclTmLtByEyv7B83C55ujnV3wP8Py6RD1vKwUqqPlblpUx9DkuWt13Ws1VVLVBWiOKGtOfOppRJLFwk9i5HzkoxWmMFrTsUY=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3940.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(396003)(136003)(39860400002)(366004)(66946007)(6486002)(16576012)(66556008)(31686004)(956004)(5660300002)(86362001)(33964004)(31696002)(786003)(66476007)(107886003)(83380400001)(316002)(26005)(4326008)(8676002)(478600001)(186003)(52116002)(36756003)(66574015)(2906002)(2616005)(8936002)(16526019)(110136005)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: cG2BT5yRE3UDYpp1KAuAt0aVeXxc43o2bFMxcDd1OU4nOWH5pJ8fDzbtfC38e9XS1wWwe6GMH3N82eHbs8VvQsHx0PZs4TF61iBZ4iMnEnamXPXB7km8cX902djdcvxH3mkh49csUlU9/Kl1fZXdWH9jzsvp2/QFi9bgPMPPDGA/JOoWRJgBw+eC3h+Vp+hqswPsjHAGjHUlyehnT6WLOzcoziSN9jGSsCO2Ri2X86noWPMIEJWOk7nMXl9w4aEIts/yuUCzGo0qH0uAh5+qaTH/Zpkx2xiJY+eMJ3PS1/rxh0yEpfIbkyeJOpMlxSNcP6Kxda7ONZoJjWH/LyU+k/YFtagTtcJ38tCPJrSSa1PgUDY0NhsUwx5NvnEft5PlDOZyDetUXTU4TU5igosO/ANX5ewrHUgRrNmWBDi7XibJoKFrVUDPnzMkwG082JEC2yXNm4Vz5Lu6nHjZ5m0szU+7NeHAiCxQslOoTIVwWf9XGmLTgn38i+1mhVb9IrLMciQ1YSWqvblLvFZ85QjujgNFja07APili0Z0gvJg4nRqgm8RAD6uNG1i8p56B8gwWBLllFlOZnFY0HKzC+F3fB3aUhmfHlbEqAhwfKl6PeELoIR1x1FQFIqo5vtexuuT7n0WyjpshmFKfks8jbQtnT7cAvPHnX8jYCiv/gE900fGkwfowMXChRrzK8tgffZZDNLNLIrvJdtHhEE5bV9DF+WkKXpRQXkeNw5Q26SzCTYlY8/picPf8vDWi1HLhzYF1Lik4SK36vNuhFMTm1G2CFDdwTbm9aVW2WZKRo+QzLkhmI1lNz+GqIf9VU8XzSIkkW59KwYzHTsgemXDfJbEAl0koMEb7AuI71sQqGK25a5KLy29hnLO38EwU1zcPTBBRXxkLT9sZsaaxDjbyhzdOhzPzR8BelAGZm+FvzG0OmHOT5nxkfNymIaViK64Uk4I4E7OJWJ4imue1AGnR9oy1D/8uYifymtHRGztBiFgHsU9fMP/YKlnx+MfR3ItP4iv
X-OriginatorOrg: uniovi.es
X-MS-Exchange-CrossTenant-AuthSource: AM0PR08MB3940.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Dec 2020 17:41:29.7068 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 05ea74a3-92c5-4c31-978a-925c3c799cd0
X-MS-Exchange-CrossTenant-Network-Message-Id: 333c9aeb-320d-4913-672d-08d89dfbfe0d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: psitBhu88BrlQNBTbC/MULy4HgUC9bs1uDGyT+bigkAmlUjBON9GcE4vkM+ivubYumu5g514HKcCnf+yJDgkNw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4417
X-MS-Exchange-CrossPremises-AuthSource: AM0PR08MB3940.eurprd08.prod.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 06
X-MS-Exchange-CrossPremises-Mapi-Admin-Submission:
X-MS-Exchange-CrossPremises-MessageSource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 192.145.124.84
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: AM0PR08MB4417.eurprd08.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/eEX1-BO0ROg1o9JBiDyhSw0hfvo>
Subject: Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2020 17:41:35 -0000
Hi Mališa, My intention was not to turn this conversation into a criticism of your work. “deficiencies” was not the most appropriate word. What we had in mind was a way of providing authentication to the variety of IoT devices with different capabilities, limitations or different types of supported credentials. A way of doing that is to provide different authentication methods. Since in IoT there are different technologies we looked for a link-layer independent solution. Additionally, since some technologies are very constrained, we needed a very constrained protocol to carry out the process. EAP provides flexible authentication, and it has EAP Key Management Framework which is well specified and working for many years, from which you can generate generate a fresh pre-shared key (MSK) dynamically. This is even possible if you do not want to interact with AAA infrastructures running EAP in standalone mode. Having said this, another thing that we looked into was to give support to large scale deployments. We can ease this process with EAP and its interaction with a AAA infrastructure, which gains relevance in Industrial IoT and 5G. All these characteristics can be provided by the use of EAP, if we of course have a lightweight EAP lower layer to transport EAP from the IoT device. Then we considered the usage of CoAP as EAP lower-layer. In this sense, we saw minimal security did not fit our view (no potential interaction with AAA , flexible authentication, fresh generation of PSK). In fact, the provisioning of the PSK was out of scope. At some level, we could even consider the work complementary. EAP over CoAP could be a way of providing the PSK for the work of minimal security. Best Regards, Dan. El 10/12/2020 a las 18:43, Mališa Vučinić escribió: > > Hi Dan, > > Could you be more specific on the point below, what deficiencies do > you have in mind? > > Mališa > > *From: *core <core-bounces@ietf.org> on behalf of Dan Garcia > <garciadan@uniovi.es> > *Date: *Thursday 10 December 2020 at 10:06 > *To: *Michael Richardson <mcr+ietf@sandelman.ca>, EMU WG > <emu@ietf.org>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>, > "ace@ietf.org" <ace@ietf.org> > *Subject: *Re: [core] [Ace] Proposed charter for ACE (EAP over CoAP?) > > As you comment , draft-ietf-6tisch-minimal-security - offers minimal > security and has several deficiencies that can be solved by using EAP > and AAA infrastructures. >
- [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Göran Selander
- Re: [Ace] Charter discussion Michael Richardson
- Re: [Ace] Charter discussion Göran Selander
- Re: [Ace] Charter discussion Panos Kampanakis (pkampana)
- Re: [Ace] Charter discussion Brockhaus, Hendrik
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Göran Selander
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Benjamin Kaduk
- [Ace] Proposed charter for ACE Daniel Migault
- [Ace] Proposed charter for ACE (EAP over CoAP?) Dan Garcia
- Re: [Ace] Proposed charter for ACE (EAP over CoAP… Daniel Migault
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Laurent Toutain
- Re: [Ace] [Emu] Proposed charter for ACE (EAP ove… Mohit Sethi M
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Göran Selander
- Re: [Ace] Charter discussion Olaf Bergmann
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] Charter discussion Brockhaus, Hendrik
- Re: [Ace] Charter discussion Daniel Migault
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Michael Richardson
- Re: [Ace] Charter discussion Brockhaus, Hendrik
- Re: [Ace] [Emu] [core] Proposed charter for ACE (… Dan Garcia
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Alexander Pelov
- Re: [Ace] Proposed charter for ACE (EAP over CoAP… Christian Amsüss
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Carsten Bormann
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Michael Richardson
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia
- Re: [Ace] Proposed charter for ACE (EAP over CoAP… Georgios PAPADOPOULOS
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Mališa Vučinić
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia Carrillo
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Mališa Vučinić
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia Carrillo
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Benjamin Kaduk
- Re: [Ace] [core] Proposed charter for ACE (EAP ov… Dan Garcia