Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)

Dan Garcia Carrillo <garciadan@uniovi.es> Fri, 11 December 2020 17:41 UTC

Return-Path: <garciadan@uniovi.es>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B69FE3A0D39; Fri, 11 Dec 2020 09:41:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=unioviedo.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4ct2Jxz-mpd; Fri, 11 Dec 2020 09:41:32 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2080.outbound.protection.outlook.com [40.107.22.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A11F3A0D37; Fri, 11 Dec 2020 09:41:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZnYJCUzVFCRzlA/bsk11gp7Ol3V6lYUPV7ORd3tA3kk8QfJUGPSGKiq/JkssfabAab3N5EVQ5RFsritd12vZZqwJtdAsV2r4HvWAcqvQrH4XAoZzHsazi8X00ZDDXhb28B9gR6oZdj4NkGd8czjjh2f2Xnxkq/QQbbthLQvBcOo24P3OflR65uPO8lrHpxUHZtS+vbEdS81SGMpS+f5ii9qm3DLTqlWsdMB6EiyqZHRex2cDCkr/tCZ9LkbnyfvRjSgUckA2PQGDPdvK2YPSBAh2ibzKSltU+/PDNDGwQzBqHXjNoUddV8maFIS46Hjr5ZI5hUuGU4Ws5glKeOA0Rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vrysoN34OwpEJixfuOsex4iM5AeGJPP6GjEsqrqi4UM=; b=WTt83fMt5k1PrLcsOuxCTnr/pj9DGqAScUdCQWPHFrsQ+N95XP10OWGrvVQUWelBUZS3ptswP0uwhVH7rPSGdwLZvMKLExeAkyN/dsAz4Rsptmj4z/wg41AGjYecJE6D5DXkmQ7ywoahUx4qKcvwSGLre6S3NA5J7gLUCGXwaFvciR38x3VYtfaiXZN6vnNtY+Eg3ZyA9Q3mAl20SoNSXOt8TuMR9XXGVRItWTcHDqyKTrOhIYkguXHU1lvLe6Qql+OU47kl/ZCgHNrYJmJWbMZfZk34HkgRaJRe83ANvzZbwu8n8v39RxD1cib8bhF/D47CyxKiZTCRdEAh4xj79g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uniovi.es; dmarc=pass action=none header.from=uniovi.es; dkim=pass header.d=uniovi.es; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unioviedo.onmicrosoft.com; s=selector2-unioviedo-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vrysoN34OwpEJixfuOsex4iM5AeGJPP6GjEsqrqi4UM=; b=OCNlajE7tYNB4Lza0aCf1YRj/+MdOLlX/8q5fM15fwDwdx/aR/k9J2elzoO6M3ILNIn77ByvJ0G/h8RUZqGy5moOn1WQ3Z92LN6xTwTLSeA7l1eMcCYbkYZ6uvCKcpgbRPAe3FH2a0pXADLhtCcHfXUNC0neqlC8nWOU9mxU7O0=
Authentication-Results: uniovi.es; dkim=none (message not signed) header.d=none;uniovi.es; dmarc=none action=none header.from=uniovi.es;
Received: from AM0PR08MB3940.eurprd08.prod.outlook.com (2603:10a6:208:124::19) by AM0PR08MB4417.eurprd08.prod.outlook.com (2603:10a6:208:13f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Fri, 11 Dec 2020 17:41:29 +0000
Received: from AM0PR08MB3940.eurprd08.prod.outlook.com ([fe80::9c65:30a3:58fe:e6dd]) by AM0PR08MB3940.eurprd08.prod.outlook.com ([fe80::9c65:30a3:58fe:e6dd%7]) with mapi id 15.20.3654.012; Fri, 11 Dec 2020 17:41:29 +0000
Cc: garciadan@uniovi.es
To: =?UTF-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>, Michael Richardson <mcr+ietf@sandelman.ca>, EMU WG <emu@ietf.org>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>, "ace@ietf.org" <ace@ietf.org>
References: <CADZyTkmnV_Dhb5iXzykUyEAskLDg7tj=80CbEBGmSyFQNS2FHw@mail.gmail.com> <HE1PR0702MB36740BAAFD7FDA2688564BF7F4E60@HE1PR0702MB3674.eurprd07.prod.outlook.com> <CADZyTkkpLRvqD5Vx704u=qbRvE82o4cKk3Ff2Y2ZXes_B+nRbA@mail.gmail.com> <CADZyTkkSGiUvXf0NoVUwj0Vjf7AQ=pjdEHyHZsDdE67OvfTepw@mail.gmail.com> <20201117234700.GR39170@kduck.mit.edu> <CADZyTknej3DUbbKbRxdfi0HqVR7G7qkAh5htu3w9yFjE09sOtg@mail.gmail.com> <b78c1176-ffa0-9ad5-847e-94e9134b4212@um.es> <DM6PR15MB2379308BD779061F6F46233EE3F20@DM6PR15MB2379.namprd15.prod.outlook.com> <CABONVQZRWa5gcN6Z1pfBKx=UVvOTvi1FjLSv0-T_UTUc3XGG5Q@mail.gmail.com> <HE1PR0702MB367429A9C8921A5252133523F4CE0@HE1PR0702MB3674.eurprd07.prod.outlook.com> <24523.1607378991@localhost> <3a4e4b59-3712-7eb9-23b2-8160ad14b6aa@um.es> <2923.1607540144@localhost> <62dad652-8acd-0890-36cd-f7aacde19de2@uniovi.es> <D1AA3C26-4376-409A-A87B-F0D05AD1BAD3@inria.fr>
From: Dan Garcia Carrillo <garciadan@uniovi.es>
Message-ID: <1fdb134e-54a1-1937-fdd6-3d226c89aea7@uniovi.es>
Date: Fri, 11 Dec 2020 18:41:27 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
In-Reply-To: <D1AA3C26-4376-409A-A87B-F0D05AD1BAD3@inria.fr>
Content-Type: multipart/alternative; boundary="------------A06EE6867811146F2926CFCF"
Content-Language: es-ES
X-Originating-IP: [192.145.124.84]
X-ClientProxiedBy: MRXP264CA0040.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:14::28) To AM0PR08MB3940.eurprd08.prod.outlook.com (2603:10a6:208:124::19)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.5.0.2] (192.145.124.84) by MRXP264CA0040.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:14::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21 via Frontend Transport; Fri, 11 Dec 2020 17:41:28 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 333c9aeb-320d-4913-672d-08d89dfbfe0d
X-MS-TrafficTypeDiagnostic: AM0PR08MB4417:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <AM0PR08MB441791F00229322C99CA47CDB4CA0@AM0PR08MB4417.eurprd08.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 0UkVSidqNgXEgTY0Seyvi38+52fiVOkWHfYK1CU0iX+OLc8HXH1N3/pr34p/FCmRtE7NG+u+hiGaoROKIt35gX+l7Mb64JS0xlMX/Gs9VX5cdNOyCUvFwtGsugN30rB8Tb5l86+u6PuUYevX2hZJZEZTJkveQLv3UTCCc3ni/zGLo1HXAXZPTr3PFqvAtJ1RxEfofAAHPEZxSCSS3Q4anwAeXvAC+mGBZbcfv2a648Agr8UlIBns9/q+waBVKWOq1GMm6DQD4KMlJOpJHNxcevSL5xc/0G7rTjmYfRjFNh534JivbJK2RcE5K5AjdVm4VIM4tZ7JJOKcclTmLtByEyv7B83C55ujnV3wP8Py6RD1vKwUqqPlblpUx9DkuWt13Ws1VVLVBWiOKGtOfOppRJLFwk9i5HzkoxWmMFrTsUY=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3940.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(396003)(136003)(39860400002)(366004)(66946007)(6486002)(16576012)(66556008)(31686004)(956004)(5660300002)(86362001)(33964004)(31696002)(786003)(66476007)(107886003)(83380400001)(316002)(26005)(4326008)(8676002)(478600001)(186003)(52116002)(36756003)(66574015)(2906002)(2616005)(8936002)(16526019)(110136005)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?Y0cyQlQ1eVJFM1VEWXBwMUtBdUF0MGFWZVh4YzQzbzJiRk14Y0RkMU9VNG5P?= =?utf-8?B?V0g1cEo4ZkR6YnRmQzM4ZTlYUzF3V3dlNkdNSDNOODJlSGJzOFZ2UXNIeDBQ?= =?utf-8?B?WnM0VEY2MWlCWjRpTW5FbmFtWFBYQjdrbThjWDkwMmRqZGN2eEgzbWtoNDlj?= =?utf-8?B?c1VsVTkvS2wxZlpYZFdIOWp6c3ZwMi9RRmk5YmdQTVBQREdBL0pPb1dSSmdC?= =?utf-8?B?dytlQzNoK1ZwK2hxc3dQc2pIQUdqSFVseWVoblQ2V0xPemNvemlTTjlqR1Nz?= =?utf-8?B?Q08yUmkyWDg2bm9XUE1JRUpXT2s3bk1YbDl3NGFFSXRzL3l1VUN6R28wcUgw?= =?utf-8?B?dUFoNStxYVRIL1pwa3gyeGlKWStlTUozUFMxL3J4aDB5RXBmSWJreWVKT3BN?= =?utf-8?B?bHhTTmNQNkt4ZGE3T05ab0pqV0gvTHlVK2svWUZ0YWdUdGNKMzh0Q1BKclNT?= =?utf-8?B?YTFQZ1VEWTBOaHNVd3g1TnZuRWZ0NVBsRE9aeURldFVYVFU0VFU1aWdvc08v?= =?utf-8?B?QU5YNWV3ckhVZ1JyTm1XQkRpN1hpYkpvS0ZyVlVEUG56TWt3RzA4MkpFQzJ5?= =?utf-8?B?WE5tNFZ6NUx1Nm5Ialo1bTBzelUrN05lSEFpQ3hRc2xPb1RJVndXZjlYR21M?= =?utf-8?B?VGduMzhpKzFtaFZiOUlyTE1jaVExWVNXcXZibEx2Rlo4NVFqdWpnTkZqYTA3?= =?utf-8?B?QVBpbGkwWjBndkpnNG5ScWdtOFJBRDZ1TkcxaThwNTZCOGd3V0JMbGxGbE9a?= =?utf-8?B?bkZZMEhLekMrRjNmQjNhVWhtZkhsYkVxQWh3ZktsNlBlRUxvSVIxeDFGUUZJ?= =?utf-8?B?cW81dnRleHV1VDduMFd5anBzaG1GS2ZrczhqYlF0blQ3Y0F2UEhuWDhqWUNp?= =?utf-8?B?di9nRTkwMGZHa3dmb3dNWENoUnJ6Szh0Z2ZmWlpETkxOTElydkpkdEhoRUU1?= =?utf-8?B?YlY5REYrV2tLWHBSUVhrZU53NVEyNlN6Q1RZbFk4L3BpY1BmOHZEV2kxSExo?= =?utf-8?B?ellGMUxpazRTSzM2dk51aEZNVG0xRzJDRkRkd1RibTlhVlcyV1pLUm8rUXpM?= =?utf-8?B?a2htSTFsTnorR3FJZjlWVThYelNJa2tXNTlLd1l6SFRzZ2VtWERmSmJFQWww?= =?utf-8?B?a29NRWI3QXVJNzFzUXFHSzI1YTVLTHkyOWhuTE8zOEV3VTF6Y1BUQkJSWHhr?= =?utf-8?B?TFQ5c1pzYWF4RGpieWh6ZE9oelB6UjhCZWxBR1ptK0Z2ekcwT21IT1Q1bnhr?= =?utf-8?B?Zk55bUlhVmlLNjRVazRJNEU3T0pXSjRpbXVlMUFHblI5b3kxRC84dVlpZnlt?= =?utf-8?Q?tHRGztBiFgHsU9fMP/YKlnx+MfR3ItP4iv?=
X-OriginatorOrg: uniovi.es
X-MS-Exchange-CrossTenant-AuthSource: AM0PR08MB3940.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Dec 2020 17:41:29.7068 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 05ea74a3-92c5-4c31-978a-925c3c799cd0
X-MS-Exchange-CrossTenant-Network-Message-Id: 333c9aeb-320d-4913-672d-08d89dfbfe0d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: psitBhu88BrlQNBTbC/MULy4HgUC9bs1uDGyT+bigkAmlUjBON9GcE4vkM+ivubYumu5g514HKcCnf+yJDgkNw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4417
X-MS-Exchange-CrossPremises-AuthSource: AM0PR08MB3940.eurprd08.prod.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 06
X-MS-Exchange-CrossPremises-Mapi-Admin-Submission:
X-MS-Exchange-CrossPremises-MessageSource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 192.145.124.84
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: AM0PR08MB4417.eurprd08.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/eEX1-BO0ROg1o9JBiDyhSw0hfvo>
Subject: Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2020 17:41:35 -0000

Hi Mališa,

My intention was not to turn this conversation into a criticism of your 
work. “deficiencies” was not the most appropriate word.

What we had in mind was a way of providing authentication  to the 
variety of IoT devices with different capabilities, limitations or 
different types of supported credentials. A way of doing that is to 
provide different authentication methods. Since in IoT there are 
different technologies we looked for a link-layer independent solution. 
Additionally, since some technologies are very constrained, we needed a 
very constrained protocol to carry out the process.

EAP provides flexible authentication, and it has EAP Key Management 
Framework which is well specified and working for many years, from which 
you can generate generate a fresh pre-shared key (MSK) dynamically. This 
is even possible if you do not want to interact with AAA infrastructures 
running EAP in standalone mode. Having said this, another thing that we 
looked into was to give support to large scale deployments. We can ease 
this process with EAP and its interaction with a AAA infrastructure, 
which gains relevance in Industrial IoT and 5G.

All these characteristics can be provided by the use of EAP, if we of 
course have a lightweight EAP lower layer to transport EAP from the IoT 
device. Then we considered the usage of CoAP as EAP lower-layer.

In this sense, we saw minimal security did not fit our view (no 
potential interaction with AAA , flexible authentication, fresh 
generation of PSK).  In fact,  the provisioning of the PSK was out of 
scope.

At some level, we could even consider the work complementary. EAP over 
CoAP could be a way of providing the PSK for the work of minimal security.


Best Regards,
Dan.

El 10/12/2020 a las 18:43, Mališa Vučinić escribió:
>
> Hi Dan,
>
> Could you be more specific on the point below, what deficiencies do 
> you have in mind?
>
> Mališa
>
> *From: *core <core-bounces@ietf.org> on behalf of Dan Garcia 
> <garciadan@uniovi.es>
> *Date: *Thursday 10 December 2020 at 10:06
> *To: *Michael Richardson <mcr+ietf@sandelman.ca>ca>, EMU WG 
> <emu@ietf.org>rg>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>rg>, 
> "ace@ietf.org" <ace@ietf.org>
> *Subject: *Re: [core] [Ace] Proposed charter for ACE (EAP over CoAP?)
>
> As you comment , draft-ietf-6tisch-minimal-security - offers minimal 
> security and has several deficiencies that can be solved by using EAP 
> and AAA infrastructures.
>