IETF Logo Mail Archive

[Ace] Review of draft-ietf-ace-coap-est-oscore-00

Marco Tiloca <marco.tiloca@ri.se> Sat, 29 April 2023 10:04 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2D4FC1519BF for <ace@ietfa.amsl.com>; Sat, 29 Apr 2023 03:04:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9hGT40eAUUnR for <ace@ietfa.amsl.com>; Sat, 29 Apr 2023 03:04:44 -0700 (PDT)
Received: from MM0P280CU005.outbound.protection.outlook.com (mail-swedensouthazon11011002.outbound.protection.outlook.com [52.101.76.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4C87C1519A4 for <ace@ietf.org>; Sat, 29 Apr 2023 03:04:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=exJBdd85KHjLznEadXYs52ctyutW5BxCbWMjDo5LN1iYwHLx1TvBfhZ2NpCUohzxXc+e1ixnJVSFqGQdqVo5cAcFSfJfmFDQh/58BU5o53LsBBIS+JGTUJwHkufUEpI0NC/uFHS9DZNQ8rJLTynUa0F9y+yUkRr3sWAWahexvUrzBxjFX6wFCIyz5O5/GHLjI3dLb28krNUZ/+rNMKDlvWvwIo2sWpbt4rxzht2xmrbqX19xFGXuw/qaZQlhJ2IWp7qlyPhStB8R8aRQ2ZJ8FpTL8YdT3lE8lmTJs1Z/UwAUmCMsEVyvA3EfwRaG4GK9/Uu0+aUDM7/1LqLi4uhYQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VlV/oz1F7DJ9elb7kVIA8Eoh6VaY14FDuIsfawP56HA=; b=AxhsRkeqF5rO0hHNbFp+PBljxkn8rMCVpF1Z0q33Ueik9rPBI1GZwtJ5OSsho5iPg4i28exvGgY3EezH8IisgKAF6V9vhlODAN13GT9LkmOaHL5RIcpj0mMu8rUkImGD+igp1lgHDYHOtaia9Tsg9SRoLnnV0cZPrFT8uklemyLN3jYAhDAdqbcpYUqKxjLokrZRPa9R1vXcfN3w+Y34bHivLQzuxIdw4kKojQHLrCtIvL3cN3GTUb7WyF18Tc8MVQ6m9fwsmeaSM7O8Wq3ZVx+piRuEeZqnuuRhZZyDjU0OPoBXFRo6Glsx6ID68vl7w+v5eTuiGNq2F+k+7K1ghg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VlV/oz1F7DJ9elb7kVIA8Eoh6VaY14FDuIsfawP56HA=; b=KFDJ+iVmXFUKqVxNadxzbQnjBvjlKncDtG2aZaI0cCAZjqRLgiitkF96nL7Pe/m46zaB9ggTw2kCfuEb9+/Wo1zWUSK2IriiNKWqdUKYKt9lM61DA0aB4Pi2NX64w/HwbJhCslYMp5MK2We08ADf3tTKUXJqAbwyHsuAGkDACGg=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17) by GVYP280MB0799.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.26; Sat, 29 Apr 2023 10:04:38 +0000
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::c0b1:e5f:ef9b:2dde]) by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::c0b1:e5f:ef9b:2dde%5]) with mapi id 15.20.6340.026; Sat, 29 Apr 2023 10:04:38 +0000
Message-ID: <a6bad0ac-2101-d764-04ff-a1c3796e8ad3@ri.se>
Date: Sat, 29 Apr 2023 12:04:37 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0
Content-Language: en-US
From: Marco Tiloca <marco.tiloca@ri.se>
To: Ace Wg <ace@ietf.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------CrxMRtjhfPnkvsCRsgUZVMYV"
X-ClientProxiedBy: GVX0EPF000013EF.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1::1a) To GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GVYP280MB0464:EE_|GVYP280MB0799:EE_
X-MS-Office365-Filtering-Correlation-Id: 8548d823-60d6-4793-14fe-08db489924a3
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: +Cxfsk1y3ovW3DLgytQgco5rsMSWPFW7r3GsnKmChTaYa1BTuwKdLtxF9d2SxHDpkaSROuJkAyWmoriu6i797Gk1gwbaJgzilcuZDNMxa0zZvODP6LBft1y1fvXnTsFWNeTSG3pTVxoRQolvqdZ8pMu7wk9sd5KaavoGstQlQG16mSvkZXy6Kjr1iTuFaJjwMjgVttsSE3tBTs3gpWdxJlI0xWzPaqXmSruoRdQSnWdb86Hlx7fD1+UOEJvFwwTBici7d8/9kT16ROB7TV9psXvk0iVTyz+eQDGfIZk3phGNHMO2rvZC0vODrYQChpGeaFs9lMQxov84aB6y0xKrJswUVAHYVMpd9M9AgS/GMh3XvCh0J6ze23EX6ej/5yjYGS2NUH9F17ShRruWBucvDKLP6gVrNi6MJbhMTy7O/Wan80P/uKnygvjh0f4o/erVWbmk1Nj6z5P0lnGv7QXAF/hI9+A9q7RBaoGz0sFPlfA5w4I9POE/7Z+EgReq0M07zKjClBN4Zdhll4qPMztnNHI5xLT5y601b+4v+JugDFcacjw6lcq6VpK+8mrTXr5Gn9kCwOgd6CCpIJ+7Mq/dVy1t1MYhL2VrDkb82m4jwLzgwkAn1pq1KbW9hzufAz+CnbRFj0nfHLl+d6iYQMVlBA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(376002)(136003)(346002)(39850400004)(366004)(451199021)(31686004)(31696002)(36756003)(86362001)(166002)(38100700002)(83380400001)(2616005)(21480400003)(6512007)(6506007)(26005)(186003)(6486002)(966005)(33964004)(478600001)(66946007)(66556008)(66476007)(6916009)(316002)(41300700001)(8676002)(8936002)(5660300002)(235185007)(44832011)(2906002)(30864003)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: x/QjQdTZ+aHqw9A3hZkXcUTtHP4IKzVlcBdZGysBV+E+QXZfH6JrqiIpZbAPCXFqVTmGSw71ByMuLS1R5Uo4a7LhRuWbK4hYakghU9eGWXJtW5+CONyaPdfnEvRiswyODaSDlsmUv3wMWZR3lQWUMbH6l834yfukpd1baOkxm0HgvxQ05vxlqa+nSmp1/6n1D/8+SnVWbUoTJGXL7bNZwKlTcQu0W2NIxT0xXPl/GcerPZmXO1WcnMTbGChNik6jX4AspwTmqe0eVdvCQOWNtfD7xmnrk/uDT4a37jEzmOF8PNuUayVIyBxmev91/Guf0t0WMX0wo5+jZvL9Ns4/pegVx79+oFu23U2xvTYI3OTzkpdbWz2T1X7IMu8JXC4soLY/LZlTSh28fFNq/j8LPP7mp5l6ilqoNKBjKlZv7J1TdPaKx9Z+PBhhOhXE8qzxFVxUY0Co3bUstkK5ywmERC3lbokFUdGdfK2V+KOU1/N3nx4rW7Cs3H5wHyM3bvQ13f23fYjzAFwXYUKw0BlMsxUC6lfIp0lI95TUm7GWybAHGsZtDyK2OAo94zXnARyfcSGKZ9BFgxhEbWVz3k/fdpiKASm0ADepCWtQzW5qK+BLntfcv2ebOTQ57vmJb2VW76TYZNq5ylvNFx40eBgz58MQZKzLGFXtTKHGL/Hj6rarI5K5OhXf7aDkKWz7SFf7mIK7WaOrK7WWlukiWXXPuOYM1tS/uNmB4AFzNWh9fLRMhxh/Cj2E8jwW9UuvsXI9WH8Iv3t0VOBws0K9vFh+3q9XWu1vOO5Omz6luS2l5g5R6yDGuxI/GHoVMy3ACMtnjKo9XFoLuXH1sjiUWFnRxgtjwsiErDTnWJeAPpltsEEPGrL5VcvjkayYbFTyhTM2ETDdi6r7TgU8LKzKGXPR9EeZtg5hpeYCxnYV0tAuSx8FhhpP2oJ2f+hX0KCZEHtf1q8au/bmOWRVyrj0/FzuI2ov41sNQxWXpq0q9Wpj13GBdch7SOj9hNQub3gHW0qsza0lbCqb6DzNddLuMPFXMh+nDJeO8wH0L3L+jLFpIOl2NuFeVgc6USR0xZcOV55QDgpMo0nP2bK4Gt1pzf3g3FWqP0BKI1vDIRdlQEfnNCT2CgJdR/MzTd4ICh2a1AFdTH/bd6IJtxiYP+XZvB4u4IZnlGxEu9eKuc5xyX4EVC63mhjmVfZksGSn6W0gy9nrXQX5IkPp5tg+2751PIiSXM9azMlzbGFLoCv8UcZ6Uw0039g26a0ykE8ohKNsKe/4kRNq3aOrmenlcqMYGVRDZjv71M8NwdjHsrntM/++X0HwFY1ugAeRrEGI0QL7z3fc2efcjZSAgytaZZp2RsW1bJ10qFCGA7oaCGdMjyp96oS8Q6N6QThh9IX3fwmzalyhn7J0JvHeZ6GrAxnqOU45t7IhaAUPBQ5UfupsK+l2PZ0cm+a0h+xP4OLlI703dTpOb0/Hfuv/NjC98a9+ZaZxtr96dR+EoLCkLdPrbhsH3u8AzUigtuBNpO/1qDbPDE1WMzV2NWp/MuuZDr+NFpJ65kjA9i1Y4jduXaxiP3h8NZ2BxS0R11RjZc4KqCatS6Ut
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 8548d823-60d6-4793-14fe-08db489924a3
X-MS-Exchange-CrossTenant-AuthSource: GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Apr 2023 10:04:38.5862 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ac9+ww+x+DgDdIJKpsV48L+ILZN5K8janC75w1fOI3tJ+vx3+C4b/6w//JoANCnqAxBHi3DiPFhkZgm5jkvw6Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVYP280MB0799
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/iXUjFD3hsS1vL8X8rRJyudiMCZQ>
Subject: [Ace] Review of draft-ietf-ace-coap-est-oscore-00
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Apr 2023 10:04:48 -0000

Hello ACE,

Please see below some comments on this document.

Best,
/Marco


[General]

* Replace RFC 7049 with RFC 8949

* Replace RFC 8152 with RFC 9052 and RFC 9053

* When mentioning DTLS and referring to RFC 6347, refer also to RFC 9147

* As expected, the draft focuses on the EDHOC forward message flow, as 
it better maps against the EST expected workflow and ensures to protect 
the identity of the EST client. That said, can the use of the EDHOC 
reverse message flow be explicitly ruled out altogether?


[Section 1]

* s/secured HTTP/HTTP [RFC9110][RFC9112] and TLS [RFC8446]

* s/which protects the application layer message/which protects messages 
at the application layer

* s/multicast CoAP messages/CoAP group messages


[Section 1.1]

* "The concept "Registrar" and its required trust relation with EST 
server as described in Section 5 of [RFC9148] is therefore redundant."

    Do you really mean "redundant"? Isn't it actually "inapplicable"?

    In the presence of end-to-end security through OSCORE between the 
EST client and server, an hypothetical Registrar cannot perform its task 
as it does instead in RFC 9148. In this case instead, an intermediary 
would be simply limited to be a (cross-)proxy, on which indeed less 
trust needs to be put.


[Section 3.0]

* "This specification replaces the DTLS handshake in EST-coaps with the 
lightweight authenticated key exchange protocol EDHOC 
[I-D.ietf-lake-edhoc]."

    However, Section 1 talks about possible co-existence of OSCORE and 
DTLS, rather than of replacement. I think you mean "replaces or 
complements", like said in the previous sections.

* "... and establish the OSCORE security context with which the EST 
payloads are protected."

    This should be "... Security Context used to protect the messages 
conveying the EST payloads."

* I suggest to split the second paragraph into two parts.

   The first part ends with the current "The server MUST authenticate 
the client". The text can highlight that all those requirements are 
fulfilled when specifically using EDHOC.

   The second part would say "The server MUST also provide relevant 
information to the CA for decision about issuing a certificate".


[Section 3.1]

* "or a pointer such as a URI to the credential (e.g., x5t, see 
[I-D.ietf-cose-x509])"

    This is mixing a type of credential reference with the abbreviated 
name of a different reference type. Either say a hash and then the 
parameter x5t, or a URI and then the parameter x5u.


[Section 3.3]

* Section 1 says: "pre-shared OSCORE keying material would also be an 
option."

    In such a case, is channel binding simply not achievable?

    Or is it somehow possible as long as the OSCORE keying material was 
established through some sort of interactive protocol (e.g., like the 
OSCORE profile of ACE, see RFC 9203)?

* "length equals the desired length of the edhoc-unique byte string"

    I think it's better to specify a length of the byte string to use, 
unless otherwise indicated/advertised (e.g., in a used EDHOC application 
profile). RFC 9148 considers 32 bytes (see its Section 3).


[Section 3.4]

* In scenarios using message_4, wouldn't it make sense to have the 
PKCS#10 request and response transported in an EAD_3 and EAD_4 item, 
respectively?

* s/The certificate MAY be referenced/The client certificate MAY be 
referenced

* s/response to the PKCS#10 request MAY be/response to the PKCS#10 
request MAY specify


[Section 4.0]

* "OSCORE [RFC8613] is used to protect the EST payloads."

    This should be "OSCORE [RFC8613] is used to protect the messages 
conveying the EST payloads."

* s/DTLS handshake is replaced with EDHOC/The DTLS handshake is 
complemented by or replaced with EDHOC

    Then the following sentence can clarify that the architecture shown 
in Figure 6 does not consider the additional use of DTLS.


[Section 4.1]

* In the shown example, the resource type should be rt="ace.est.sen" 
also in the link specified in the response.

* Per Section 9 of RFC 8613, the "osc" attribute is optionally included 
in a link to specify that a resource has to be accessed with OSCORE. 
Should it remain optional here too?

    Consider a setup where OSCORE and DTLS are combined. Especially when 
discovering EST resources on a non-default port number, the links to 
those resources would have URI scheme "coaps". Then, the absence of the 
"osc" attribute might wrongly suggest that the EST server is actually 
using EST-coaps.

    Therefore, it might be worth mandating the use of the attribute 
"osc" in links to EST resources accessed as in this specification.

    An alternative would be defining a new set of EST-OSCORE-related 
Resource Type values, such as "ace.est.osc.*".


[Section 4.2]

* Regarding the response from /skc, is it possible to deviate from what 
is defined in RFC 9148 and *not* encrypt the private key? After all, 
end-to-end encryption of the whole EST payload is ensured by OSCORE.

    If yes, that might open for a new Content-Format pair (284, 287), 
i.e., an unencrypted PKCS #8 private key together with a single 
certificate (not a PKCS #7 container).


[Section 4.3]

* "EST-oscore uses the same CoAP Content-Format Options to transport EST 
requests and responses"

    I think you mean: "EST-oscore uses the same CoAP Content-Format 
identifiers when transferring EST requests and responses".

* The caption of Table 2 should be: "EST functions and the associated 
CoAP Content-Format identifiers"

* I suppose your intention is for the EST client and server to support 
Content-Formats just like in RFC 9148, i.e.:

    "Content-Format 281 MUST be supported by EST-coaps servers. Servers 
MAY also support Content-Format 287. It is up to the client to support 
only Content-Format 281, 287 or both."

    I think it is good to have an explicit statement here too.

* Like RFC 9148 does in its Table 3, it is good to also recap the 
Content-Format identifiers used for the different parts of the responses 
from /skg and /skc.


[Section 4.4]

* The list of requirements is preceded by "It is RECOMMENDED that". 
However, isn't it a MUST for (at least) the CoAP options OSCORE and 
Uri-Path?

* "The EST URLs based on https:// are translated to coap://, but with 
mandatory use of the CoAP OSCORE option."

    The scheme "coap" is the translation target only if DTLS is not 
additionally used.


[Section 4.6]

* "such as CBOR-encoded payloads ([I-D.ietf-cose-cbor-encoded-cert])"

    Perhaps you meant to refer to RFC 8949?

* s/reconstitution/reassembly

* "this specification mandates the implementation of CoAP option Block1 
and Block2 fragmentation mechanism [RFC7959]"

    This is good, but it contradicts the text in Section 4.4 where the 
support of the CoAP option Block1 and Block2 is only RECOMMENDED.


[Section 4.8]

* "The EST client prepares the PKCS #10 object and signs it by following 
the steps in Section 4 of [RFC6955]."

    Even though Section 4 of RFC 6955 does use the words "The value to 
be signed", it is quite confusing to read "signs it" in this section, 
which correctly starts with saying that a Diffie-Hellman key pair cannot 
be used for signing operations.

    I think that here it is worth saying "and computing a MAC" instead 
of "and signs it".


[Section 5]

* "the EST payloads can be protected end-to-end"

    This should be "the messages conveying the EST payloads can be 
protected end-to-end"

* "Therefore the concept "Registrar" and its required trust relation 
with EST server as described in Section 5 of [RFC9148] is redundant."

    See a previous comment about Section 1.1, on the word "redundant".

* "The use of TLS and DTLS is optional."

    Proposed rephrasing: "The additional use of TLS or DTLS is optional."

* If a secure association is needed between the EST Client and the 
CoAP-to-HTTP Proxy, this may alternatively and more conveniently rely on 
OSCORE as well, see 
https://datatracker.ietf.org/doc/draft-tiloca-core-oscore-capable-proxies/


[Nits]

* Section 1
--- s/of underlying transport/of the underlying transport
--- s/needs to be kept/need to be kept
--- s/between EST-oscore client/between the EST-oscore client

* Section 1.1
--- s/replaced, or complemented, with OSCORE/replaced by, or 
complemented with, OSCORE
--- s/replaced, or complemented, with the lightweight/replaced by, or 
complemented with, the lightweight
--- s/relation with EST/relation with the EST

* Section 3
--- s/initial enrollment the EST-oscore/initial enrollment, the EST-oscore
--- s/EST-oscore clients and/The EST-oscore clients and

* Section 3.2
--- s/between EST client and/between the EST client and

* Section 3.4
--- s/e.g. using/e.g., using

* Section 4
--- s/Instead of DTLS record/Instead of the DTLS record

* Section 4.2.1
--- s/e.g. using/e.g., using

* Section 4.6
--- s/depending on application/depending on the application
--- s/than available frame size resulting/than the available frame size 
thus resulting
--- s/implementation of CoAP option/implementation of the CoAP option
--- s/fragmentation mechanism/to enforce the fragmentation mechanism 
defined in

* Section 5
--- s/between EST client and EST server independent/between the EST 
client and EST server, irrespective


-- 
Marco Tiloca
Ph.D., Senior Researcher

Phone: +46 (0)70 60 46 501

RISE Research Institutes of Sweden AB
Box 1263
164 29 Kista (Sweden)

Division: Digital Systems
Department: Computer Science
Unit: Cybersecurity

https://www.ri.se

v2.23.0 | Report a Bug | By Email