IETF Logo Mail Archive

Re: [Ace] [Emu] New Version Notification for draft-ietf-ace-wg-coap-eap-04.txt

Dan Garcia Carrillo <garciadan@uniovi.es> Thu, 02 December 2021 09:53 UTC

Return-Path: <garciadan@uniovi.es>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EE1B3A0D6B; Thu, 2 Dec 2021 01:53:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.541
X-Spam-Level:
X-Spam-Status: No, score=-3.541 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-1.852, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=unioviedo.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7knqhvyqag9K; Thu, 2 Dec 2021 01:53:54 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2057.outbound.protection.outlook.com [40.107.20.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39ED63A089A; Thu, 2 Dec 2021 01:53:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bf1trB/P8AHi7V8zdpiI+tgpfog/4xVgY15CXz/pVlJXyIFeGmsHWzyAGq9yqmI8oOzJB1C6n+5BLdEt7Cc3VgsOifCj4QddRPTZO34Zisb9eAhtgnXwPGUTt82BgqQ2N6t35wKNiwE8HDcg+VgCyCksaYakBqmKP8zyXtjL3eWAhYRNIECl516ZOBaX2zIvqw/gx9UHAD+9b6KFGeMqAblkKsDsM7JKQPMx1eUUaA8bHXiABThtbaa0SA+ZWQfyhkL1Ewd5bIQrtx5mby40/YbVp0EldINFgjSci0wlxGjhcXsblPI9u74kkEN0+kPsrrVJI1tR3SoJP85H5/yu2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jd1QBLoJZDMVwdljbiwXGW5OWqupFl58R58K+MOp+sU=; b=jIo9tDYplMTnvPZUmWCDZ+urOIXiBElK9djYpU7XzfpQahgpEAO2wWQZaLiSL1FVcaSBkO1z7tOWs2STjIbSqDuDTCMkuzWNZUeyuHrGbx5JXJZCMXMmBCEiDycxQK9jO2mWIzBB83c8C3/F30LAD9yGCD27laSwBg1yv+xdZYbYSblhnUu65J/tKCVHZ9qEpsXYEQ7aYrDQ4wd0heftdtyrgpf1A4E48Rt0C5+dDtPf14IgocHmmqzPthXODvz+IKcGu/FGfi/8M9liLrA7meckfrkNDj1h0LVybWsj8VXY+Q2zmqZeL92UOirmmlX//08td/y4t2bbTU4FLa854Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uniovi.es; dmarc=pass action=none header.from=uniovi.es; dkim=pass header.d=uniovi.es; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unioviedo.onmicrosoft.com; s=selector2-unioviedo-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jd1QBLoJZDMVwdljbiwXGW5OWqupFl58R58K+MOp+sU=; b=ExKiBkctrhFocyVOPE9s/AtE35c09jFYfmKHrxYmnEuBzcGRKULCXGHZs/iqUqQVSVOoyInBfykbkRHyYVghebjgNzrIJg4Jud51Tr30JzbhpIsJjAtWJC4Auv9H7QG6DINSpqXsnpnuGbEv5XLZATNsrKi2T6eQmcl4zTWMmE8=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uniovi.es;
Received: from DBBPR08MB6202.eurprd08.prod.outlook.com (2603:10a6:10:209::9) by DB9PR08MB6732.eurprd08.prod.outlook.com (2603:10a6:10:2af::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.13; Thu, 2 Dec 2021 09:53:48 +0000
Received: from DBBPR08MB6202.eurprd08.prod.outlook.com ([fe80::1434:d823:a6b5:6f50]) by DBBPR08MB6202.eurprd08.prod.outlook.com ([fe80::1434:d823:a6b5:6f50%8]) with mapi id 15.20.4734.024; Thu, 2 Dec 2021 09:53:48 +0000
Content-Type: multipart/alternative; boundary="------------CbJ9NA8GYps4pSqtXHzpSnej"
Message-ID: <4fe3a6c4-b7d3-089a-dc9a-4849bd39d1f9@uniovi.es>
Date: Thu, 02 Dec 2021 10:53:46 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.3.2
Cc: garciadan@uniovi.es
To: John Mattsson <john.mattsson@ericsson.com>, "ace@ietf.org" <ace@ietf.org>, EMU WG <emu@ietf.org>
References: <163516103436.11405.13911066633297545379@ietfa.amsl.com> <bc792146-39c4-73a3-63e2-7db7acf7aa2f@uniovi.es> <HE1PR0701MB3050A49DC2D32180B2831D6889839@HE1PR0701MB3050.eurprd07.prod.outlook.com>
From: Dan Garcia Carrillo <garciadan@uniovi.es>
In-Reply-To: <HE1PR0701MB3050A49DC2D32180B2831D6889839@HE1PR0701MB3050.eurprd07.prod.outlook.com>
X-ClientProxiedBy: LO2P265CA0237.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:b::33) To DBBPR08MB6202.eurprd08.prod.outlook.com (2603:10a6:10:209::9)
MIME-Version: 1.0
Received: from [10.138.0.134] (156.35.225.70) by LO2P265CA0237.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:b::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.22 via Frontend Transport; Thu, 2 Dec 2021 09:53:48 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8d66099f-d251-4026-e202-08d9b579a32e
X-MS-TrafficTypeDiagnostic: DB9PR08MB6732:
X-Microsoft-Antispam-PRVS: <DB9PR08MB67323F52FE6B1CD74438CC6BB4699@DB9PR08MB6732.eurprd08.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: WAiuu0GNscwjItDzeC32JNo7SiYMsYv8rWrCr9D6htdrvWQ1Qld194a8PWqY3+5f+k9wEVkQX0ZrLQTRGElB5JdVtR9nx3f56VVb+0uuYd0aJ2fsn6MmcmyLhkpubYOqyaQ3Yn2I1fBnVQtbRGyDyCxN1wIlzPtBRbiq05rNpme0GRX7muPU3WmI3kHzlas7MwuLYSaI67Kov/dAqpu3VEkrMv/Y8uyXWeMbpWzVpnRmp471MmRfuWN2fd1rqdLqNwmMqGQ6OWq5cAsQT5gA2IQ5lfObUwqdQsWZ7tKdUEfy3N06+SNNMLxDghTy6maAo0FAuvu31l1UrM6KzCHHtta8PN+7J9gi+IT2DCVZDHZ/YM7Kgj5VTQLCoo2jbuBZwkU6ieC7uVbhLyzJp6m1hB/rtzeRDF7uiqQPXCbt7RE/dJVa9aM43LHMX2obTctP2qOVcBvZqtVYLdeyW2PtnC/4aLgVg7/8BpN9WZJQtJoFXvVUgEkP4sZG+S8u7s+M+ske3vkUCM8nOpLUcT0Xh/QJAsHYPOiu49xt4Pgn1rLeGdZNCe36t0YCobQL9xcwxjlL3KxWBmXF4O0NVe7UZvE7qTacr+kqEdNkI6LllO17OwdXYF4ifVNCiuHgziOPRTmIt2OnTlX10cl+8TyYHfceHD6mMaAq5/q7uL1SbT36u2uiUNMb6HawWJ2eCTTjq87sjrQOUkJJCixW5PmARhBcu1/RmGrsFwKCeL9sXsvSiOFfJf+SwUHYz9d46lrv2zY7jCaqQAfLUlRf8NcYX4Fdo95ob9V8Odc3MNu01RwuMsMburPLZXeqvkwBN5cZfHGfEIV+K7OFieLMKGwzYNvd5TO3Bj3JYOnGOFyThr8=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB6202.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(66946007)(186003)(33964004)(86362001)(66574015)(26005)(8936002)(83380400001)(8676002)(316002)(4326008)(508600001)(16576012)(2616005)(166002)(31696002)(15650500001)(31686004)(4001150100001)(66476007)(38350700002)(956004)(110136005)(107886003)(966005)(6486002)(38100700002)(36756003)(786003)(53546011)(66556008)(5660300002)(2906002)(52116002)(30864003)(43740500002)(45980500001)(579004); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: nCbKKjdXIexeUEzLSYVUl01meRlcUpBN9xm1eaTAtUVhhaUtqrDd5ii2jNciHzWZv9Zxv8uT9iTnupbmXjan+6Tptfrzrp/NGqq40C8d3xJWQ0eruT62tqV2HZ0SH+x9AN0NuBH0Ft6XRna3b5LxmYgnI5m9OD4vsK8y4wOABo5US1ZIbmo67v3FR55uiIZQMQuQMJFrXzlfYOzKIiP9PB+6+i+MsWyZIqKG6BvKWDcp4G15eHqB98ZzzMzv2FVv5vqsQsEarNFeB8ayowoIsOyxvXn1WeRzxVNrRVc/wmPfJS8SBg0l1D4FsVFeF8plQdUzoIx7tCoZB9YJ/V64RxImjvvGgvWoHFzdM1mAhwFGwH0xMDdBOaJwLFFgrna5oJ+ztA0qvNFtsWXLIcnuOtVsxfpiX1RmD1nWsnucBK9TBzcuTIghzRhE8huVY9U344/l8BbBqKdiq2UWBpPS9gKAB2ze3o8DM4cC2wuYZDrYs6PUhBuYuGliFsRKmNXsMVx0eU/r/jGsUYAd2g+sVFt/mrneuLPXvc45q0GGPYwz3V/dbacaWqQ+mGI0y5m6dv0Bn0uFRHrgNCVYzB175ouRPhFBLUNSBEb05nhF3jIIO62isg+SZBnlb0tB0LwOHnaFDonpbv2cPpEt8JEqbU9TnzVzELPPO4zpaqrlmAz+YuQWXwoUz/KqOvryqffYzYvd7Y//NhH8eSQAO9UpYEjv8Kpz49uPUEwhnGJm0V/QKG1EYXuxk6Z/qnYRRVE+A3UBU6/6Z3RGHO+OXW72q3R/eTvSN14CtV9V0QJz1wv4zq61R86n02zxUqu5pg5rvZAKALELcZwqQHcB4TJSUQhvBoWnuC+16/ExTn9aTuFcSep/SI1hD/yYmOjSzgWdP49wYyTWcTP5dwr//gBsY3gdfpSuGhldPLvXUkAfSZiE/hNuVuKfKBe6MaXdxWQNpsaltu9sDPV7e+gsWyfRvQKrHdZ/VPBqSzdNwi4a2g/b0S7NHbFBVQ4mIbepPpQLicjXwbtqNTpZ3dJVZBBz77T0FA6EaxsmDEu0R8I4zrN196isN3faHH8kQDzjm5pLAxCPJRgsrwgIXoZ+8XxR4Eiw0OOid9y6WzKUIQcTS6B/WNL3HuXs3N2qaYCdEcLQET0VcbMjY/OlnxysCyVwSxB5wdujyXGe2JF4Rj9ghvbULc69bfC1bg5vqT1BrhfI4DTP+Jk+cuLALfy4u+6LT3AIXtY+wFYBAqnK+nemNeLv5ljf9PEygYfqt9/eK3iRT/OcfzvH6qLcxOJDhSqD6A4yva4OYf34FfHmts2DNMuyz5JaoHFBO9dEf6ddobgcTthECB1Bxji68OfXLQhf31BDSNlrmPTtw4jvMKK2SEXe8DPJg57Pz1NhiGxUEvQJOLfKQf809XEtwQIjeaQTx7QaneiCX4QuFXS3iU4lyReUyYdVOnNO7dUE989OMBRFTjgVV+3KpqUUnEd3NpJKHDqRE2ykzp4LdOHoWbtcpbbQAhTko4pTR+BCdwiLd10t5l0dwqHuUZdVFWcL5nDmRCxgmAmFlA6BCkbQTLQfRoCTNuXlKMqZ/ieXzuF2409fJRglaAxVdPb4tQGo4kpgfC/XcEI6/TTuDrMCIK7w6/k=
X-OriginatorOrg: uniovi.es
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d66099f-d251-4026-e202-08d9b579a32e
X-MS-Exchange-CrossTenant-AuthSource: DBBPR08MB6202.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Dec 2021 09:53:48.4458 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 05ea74a3-92c5-4c31-978a-925c3c799cd0
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: hE1Iq3fOOemjzjZeO3eOe9JJYt4k3cbFgaIbGn9b01+jCgPtVqabc0svFw0+/kFiEJBKD3KzXgkewpMLT1wAYw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6732
X-MS-Exchange-CrossPremises-AuthSource: DBBPR08MB6202.eurprd08.prod.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 06
X-MS-Exchange-CrossPremises-Mapi-Admin-Submission:
X-MS-Exchange-CrossPremises-MessageSource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 156.35.225.70
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: DB9PR08MB6732.eurprd08.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/jW36VJHi-WJ_TOuFIrPeZaQJNwc>
Subject: Re: [Ace] [Emu] New Version Notification for draft-ietf-ace-wg-coap-eap-04.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2021 09:54:00 -0000

Dear John,

Thank you for taking the time to review the document. I think with this 
the next version would be much more accurate.

Please find responses to your comments inline.

Best Regards,

CoAP-EAP authors.

On 25/10/21 17:02, John Mattsson wrote:
>
> Thanks,
>
> I think this is a very useful mechanism and a well written draft. Some 
> quick comments.
>
> - "ciphersuite"
>
> Note that both TLS and EDHOC spells this with space "cipher suite"
>
  [authors] We will change the wording, thank you

> - Section 2. I don't understand what "SM" in Figure 1 is an 
> abbrevation for.
>
  [authors] SM stands for State Machine, we will explain that in the 
text, thank you for pointing that out.
>
> - Section 2. "UDP/TCP/Websockets" Why is the Websocket protocol in plural?
>
  [authors] Probably a typo, thanks
>
> - Section 3. "EAP method that exports cryptographic material"
>
> This can probably be reformulated in terms of MSK, EMSK or "Key 
> derivation" which
>
> is the property that RFC 3748 uses.
>
  [authors] We will rephrase using key derivation.
>
> - "EAP-MD5 cannot be used since it does not export key material"
>
> MD5 should really not be used at all for security resons. Highlighting 
> it like this might
>
> be the idea that it would be ok if EAP-MD5 had the "Key derivation" 
> property.
>
[authors] That’s correct. Most probably is better to just mentioned that 
any EAP method that does not export key material MUST NOT be used. It is 
worth mentioning that the goal of this statement was, as the document 
defines an EAP lower layer, not so much as trying to make 
recommendations on which EAP methods are secure or should be considered 
deprecated. We just intend to provide information on which EAP methods 
are suitable for its use with this particular EAP lower layer.

> - "The required key, the Master Session Key (MSK), will be available 
> once the
>
> EAP authentication is successful."
>
>    Does this belong in step 2?
>
[authors] It is a clarification to highlight that the MSK is used to 
derive key material for the OSCORE context. We can remove it if it 
clarifies the paragraph or even to point to step 7.
>
> - In Figure 2. I do not think you have to wait until EAP-SUCCES to 
> make MSK available.
>
> The authentication can be successful before EAP-SUCCES.
>
[authors] This is an interesting comment that we already commented on 
EMU WG, though we do not receive any comment. In fact, we tend to agree 
with you. All the details are in this e-mail we sent:

https://mailarchive.ietf.org/arch/msg/emu/bnMFV4_1uTW7sSwVOp7WzVZZCAI/

In summary, the EAP peer state machine does not inform the EAP lower 
layer that the key is available in eapKeyData until it is in SUCCESS 
state. In this final state, the eapKeyAvailable is set to TRUE.

In any case, everything is now solved because the arrival of 
OSCORE-protected CoAP message is considered as an alternate success 
indication.

> - In section 3.3. it might be good to state that "Reauthentication" 
> might be needed to rekey MSK/EMSK and to increase protection against 
> key leakage.
>
> (An important mitigation of pervasive monitoring is to force attackers 
> to do dynamic key exfiltration instead of static key exfiltration. 
> Dynamic key exfiltration increases the risk of discovery for the 
> attacker [RFC7624]. While OSCORE will soon be augmented with a 
> rekeying mechanism with forward secrecy, attackers can still get away 
> with doing static key exfiltration. This is similar to TLS 1.3 with 
> KeyUpdate, after leakage of application_traffic_secret_N, a passive 
> attacker can passively eavesdrop on all future application data sent 
> on the connection including application data encrypted with 
> application_traffic_secret_N+1, application_traffic_secret_N+2, etc.)
>

[authors] Yes, sure. We will add this comment to the text. In fact that 
is the intention to the reauthentication: to refresh the MSK/EMSK. In 
fact, the EAP Key Management Framework establishes a default value of 8 
hours to refresh the MSK/EMSK. Therefore that would be the default value 
each time the OSCORE key material is refreshed.

> - "4.  The values from 65000 to 65535 are reserved for experimentation"
>
> what does "The values" refer to? Lifetime? In that case it would fit 
> better under 3.
>
[authors] Thank you for pointing that out. The CBOR structure is 
intended to be extensible. We have the values for what is currently 
expected in the protocol, but we want to keep the structure open for 
future additions if they are needed.

The values from 65000 to 65535are referring to  the index of the values 
that are not yet assigned, for extensibility. Those indexes are reserved 
for experimentation.

> - In addition to AES-CCM-16-64-128, only ciphersuites only cipher 
> suites with AES-GCM is included. My feeling was that most IoT people 
> are more interested in ChaCha20-Poly1305 than AES-GCM. I don't have a 
> strong personal opinion.
>
> - "which is considered fresh key material"
>
> “considered fresh”? Maybe "uniformally random"?
>
[authors] Basically, the EAP Key Management Framework uses that specific 
terminology (RFC 5274- 5.7 
<https://datatracker.ietf.org/doc/html/rfc5247#section-5.7>.  Key 
Freshness”). That is why we used this term.  “While preserving algorithm 
independence, session keys MUST be strong and fresh.  Each session 
deserves an independent session key.”
>
> - With normal use of DTLS, Appendix A violates “The CoAP-EAP operation 
> is intended to be compatible with the use of intermediary entities 
> between the IoT device and the Controller”. This limitation should be 
> clearly stated.
>

[authors] We agree. that this consideration applies. We will add that to 
the DTLS annex.

> - Probably good if the labels have “CoAP-EAP” in all the labels to 
> guarantee that they do not collide with anything else.
>

[authors] Thank you for this point. We will apply this change when using 
labels for key derivation to avoid confusion.

> Cheers,
>
> John
>
> *From: *Emu <emu-bounces@ietf.org> on behalf of Dan Garcia Carrillo 
> <garciadan@uniovi.es>
> *Date: *Monday, 25 October 2021 at 13:27
> *To: *ace@ietf.org <ace@ietf.org>, EMU WG <emu@ietf.org>
> *Subject: *Re: [Emu] New Version Notification for 
> draft-ietf-ace-wg-coap-eap-04.txt
>
> Dear ACE and EMU WG,
>
> We have submitted a new version of the draft (draft-ietf-ace-wg-coap-eap)
>
> This version provides information on the different comments, from the
> reviews and interim meetings.
>
> Best Regards.
>
>
> El 10/25/2021 a las 1:23 PM, internet-drafts@ietf.org escribió:
> > A new version of I-D, draft-ietf-ace-wg-coap-eap-04.txt
> > has been successfully submitted by Dan Garcia-Carrillo and posted to the
> > IETF repository.
> >
> > Name:         draft-ietf-ace-wg-coap-eap
> > Revision:     04
> > Title:                EAP-based Authentication Service for CoAP
> > Document date:        2021-10-25
> > Group:                ace
> > Pages:                29
> > URL: https://www.ietf.org/archive/id/draft-ietf-ace-wg-coap-eap-04.txt
> > Status: https://datatracker.ietf.org/doc/draft-ietf-ace-wg-coap-eap/
> > Htmlized: 
> https://datatracker.ietf.org/doc/html/draft-ietf-ace-wg-coap-eap
> > Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-wg-coap-eap-04
> >
> > Abstract:
> >     This document specifies an authentication service that uses the
> >     Extensible Authentication Protocol (EAP) transported employing
> >     Constrained Application Protocol (CoAP) messages. As such, it
> >     defines an EAP lower layer based on CoAP called CoAP-EAP.  One 
> of the
> >     primer goals is to authenticate a CoAP-enabled IoT device (EAP peer)
> >     that intends to join a security domain managed by a Controller (EAP
> >     authenticator).  Secondly, it allows deriving key material to 
> protect
> >     CoAP messages exchanged between them based on Object Security for
> >     Constrained RESTful Environments (OSCORE), enabling the 
> establishment
> >     of a security association between them.
> >
> >
> >
> >
> > The IETF Secretariat
> >
> >
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>

v2.23.0 | Report a Bug | By Email