[Ace] Certificate processing for MQTT
Jim Schaad <ietf@augustcellars.com> Thu, 05 December 2019 06:19 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 014521200B6; Wed, 4 Dec 2019 22:19:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pr174i1Mz8on; Wed, 4 Dec 2019 22:19:42 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BFB612008F; Wed, 4 Dec 2019 22:19:42 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 4 Dec 2019 22:19:36 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-ace-mqtt-tls-profile@ietf.org
CC: ace@ietf.org
Date: Wed, 04 Dec 2019 22:19:35 -0800
Message-ID: <02c101d5ab33$f89d5540$e9d7ffc0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdWrLjW/BDRtZ50KQX+CFvJ7EA7/IA==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/vaNwOalFQwDlJ_3ZfQwkjI8krXA>
Subject: [Ace] Certificate processing for MQTT
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2019 06:19:44 -0000
I got to the point of needing to start producing and validating certificates for MQTT and started running into some questions as well as starting to pickup some odd information that this document does not point to. 1. Should probably reference the mqtt(s) URI scheme, I am however somewhat irritated that it is not a registered scheme with IANA. 2. Has OASIS done anything sort of document for certificate validation. As an example is there an OID defined for extended key usage? 3. What should be said about matching data in the response from the AS and the certificate. What should be said about matching for raw public keys. I think that later is easy as it should just match the rs_cnf returned from the AS, but I don't know what should be said for certificates. 4. With the definition of some guidance in COSE, should there be a field for doing certificates in the rs_cnf - returning a fingerprint not the entire certificate. Jim
- [Ace] Certificate processing for MQTT Jim Schaad
- Re: [Ace] Certificate processing for MQTT Cigdem Sengul
- Re: [Ace] Certificate processing for MQTT Jim Schaad