Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)

Alexander Pelov <a@ackl.io> Wed, 09 December 2020 12:12 UTC

Return-Path: <alexander@ackl.io>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EE2E3A1414 for <ace@ietfa.amsl.com>; Wed, 9 Dec 2020 04:12:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ackl-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V5NygJYTUS3k for <ace@ietfa.amsl.com>; Wed, 9 Dec 2020 04:12:19 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 525453A1403 for <ace@ietf.org>; Wed, 9 Dec 2020 04:12:19 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id o8so1429218ioh.0 for <ace@ietf.org>; Wed, 09 Dec 2020 04:12:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ackl-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IdwS2AYxqUbqCTETYcXGfH39TpPXB5KtlYgyptLZ+NU=; b=lbG0wr5WfAKXKli7CENaSBFrnf+KM4POhagUT8vLm2dX2AcXVdEFBxPQsuvPRhzZLT Sov4eCKIAisS1HIK3EfqDSswAgQnOhBdSG2iAFpjGAdjn7K9PjSHRWRhYBZkXYuszpYk r5GJcsdZNlKSn9OL4oDF9LCrd/yPeCvYOAbdNZhA3jD1mDEV4hsPTkqUI61bRcaS+1OA He5JxGKK7a/42nYeJFUIpjxEkdrPvQKHpxgs0Ls220AZOjXfJ0ByzCIuWB4FjuleoYLt yIgRTNLdpgHO9f6Lf1HkZhiVRSrEJCvICeK74v4oIvJ+06K9DZmadMAZVLimNswS5QI+ YCOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IdwS2AYxqUbqCTETYcXGfH39TpPXB5KtlYgyptLZ+NU=; b=d+nGN8AQSa7Ww1XaOZAH1a2JoLcoCyuPgd3IageTLEFqRWsxiGsM/BWjCHFcQgEjgl D/2WlFJJDckwp9PRIWdw/YcYjuKeR9lYalRkBcDZUNsLGmR+Zl146+bWwAR3JNcuAGAQ RnhY3D6miVPRUT1/9cHwmeGp6NIfQ/ZphDgJzV2calqjW+tkZnByOAInA8tOdVy2t11U QgV/QR7NY3rXjMl/Vb4C9JUbXwdqDQ009LSd8Srne/VsrNAJWP7N4sKARLweN216mxhD saaP/8bYeho4ziCWL1l7dFrTe2A//wifoAlblw1VDuhllQ9+MFJ+rFLHeV8XlIiLGNw0 e1NA==
X-Gm-Message-State: AOAM530kyd2w5r3EVWj3gMgbkrEuAar7pFjZAprMzAsxngzPSZSbgzww Pei4Mohr4qwZFXVqxXvFQvDxG8o5SBLXleoW9N4scw==
X-Google-Smtp-Source: ABdhPJwJrHlQkjJYxxUoLKGn4EGOVzQt48jprs932YT2YtgMkbmfceMexO2ZMFbFC++SCEzu/xPFnD5y84aSHHPwONs=
X-Received: by 2002:a5e:a614:: with SMTP id q20mr2493946ioi.198.1607515938109; Wed, 09 Dec 2020 04:12:18 -0800 (PST)
MIME-Version: 1.0
References: <CADZyTkmnV_Dhb5iXzykUyEAskLDg7tj=80CbEBGmSyFQNS2FHw@mail.gmail.com> <HE1PR0702MB36740BAAFD7FDA2688564BF7F4E60@HE1PR0702MB3674.eurprd07.prod.outlook.com> <CADZyTkkpLRvqD5Vx704u=qbRvE82o4cKk3Ff2Y2ZXes_B+nRbA@mail.gmail.com> <CADZyTkkSGiUvXf0NoVUwj0Vjf7AQ=pjdEHyHZsDdE67OvfTepw@mail.gmail.com> <20201117234700.GR39170@kduck.mit.edu> <CADZyTknej3DUbbKbRxdfi0HqVR7G7qkAh5htu3w9yFjE09sOtg@mail.gmail.com> <b78c1176-ffa0-9ad5-847e-94e9134b4212@um.es> <DM6PR15MB2379308BD779061F6F46233EE3F20@DM6PR15MB2379.namprd15.prod.outlook.com> <CABONVQZRWa5gcN6Z1pfBKx=UVvOTvi1FjLSv0-T_UTUc3XGG5Q@mail.gmail.com> <HE1PR0702MB367429A9C8921A5252133523F4CE0@HE1PR0702MB3674.eurprd07.prod.outlook.com> <24523.1607378991@localhost> <3a4e4b59-3712-7eb9-23b2-8160ad14b6aa@um.es>
In-Reply-To: <3a4e4b59-3712-7eb9-23b2-8160ad14b6aa@um.es>
From: Alexander Pelov <a@ackl.io>
Date: Wed, 9 Dec 2020 13:12:06 +0100
Message-ID: <CACQW0EqDOE4aO_7tJGxrptBLprfVUn7uJ9CZKYtsZHwp1shpxw@mail.gmail.com>
To: Dan Garcia <dan.garcia@um.es>
Cc: Michael Richardson <mcr@sandelman.ca>, EMU WG <emu@ietf.org>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000764e5505b606f89b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/nG_e_Q9igN-oHSWCrRUA623es78>
Subject: Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2020 12:12:21 -0000

Dear all,

I support the inclusion of EAP-over-CoAP to the charter.

We've done work on this particular item in the past, and we've identified
the need for it in many places.. but unfortunately the draft didn't have a
proper "home" and things never advanced much. Use-cases we've seen include
places where EAP is a MUST, there is support for CoAP, but no support for
the specific FOO technology.

I am confident that it will bring value to the IOT ecosystem and that ACE
is the right home for this draft.

Cheers,
Alexander


On Wed, Dec 9, 2020 at 12:46 PM Dan Garcia <dan.garcia@um.es> wrote:

>  Hi Michael,
>
> EAP can be used in the context of IoT for authentication. To transport EAP
> from the IoT device we need a light EAP lower-layer. This would be CoAP.
> Morover, according to EAP key management framework, keys are exported to
> protect the link and the EAP lower-layer itself. So yes, OSCORE could be
> used for that kind of protection.
>
>  Another aspect, it is that the use case we consider is the case where an
> IoT device is trying to access a security domain under the control of a
> “controller” that is connected to a backend AAA infrastructure, which acts
> as EAP authenticator.
>
>  Best Regards.
> El 07/12/2020 a las 23:09, Michael Richardson escribió:
>
> Could someone point to a use case for "EAP over CoAP" please?
> Is the goal to key an OSCORE context, or what?
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
>
> _______________________________________________
> Ace mailing listAce@ietf.orghttps://www.ietf.org/mailman/listinfo/ace
>
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
>