IETF Logo Mail Archive

[Ace] Extending the CoAP-DTLS profile to TLS

Göran Selander <goran.selander@ericsson.com> Thu, 04 November 2021 15:39 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E03163A08FF for <ace@ietfa.amsl.com>; Thu, 4 Nov 2021 08:39:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CDolhW-gXWMZ for <ace@ietfa.amsl.com>; Thu, 4 Nov 2021 08:39:14 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00064.outbound.protection.outlook.com [40.107.0.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFEA33A0691 for <ace@ietf.org>; Thu, 4 Nov 2021 08:39:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CrHVuEHZBkDFLkW6Ove5s9GLByO88WXD8mnv7ai827BckAfUP9xlJwVisQ81d4F7As27v+ftk9tSlyjg2EBpPUGsc7kF+oWdmnSYyyko11VhFXH3XEa6QkKjRCez8HI8tvdXhh+V3/JaSGVBqITkLxrkOA3XfVkNaOEK1Kya+iXjgFiX135Wr3Z39s/Rj2i1jE1EGZCqwQMPTf8opc6jbL58WQGPI+plKybl37SdPkHZxwU4eDgH1r7MbDI+g3J+Dk00aIs4TZLFWUfs0mkaFsGBGil2rn0jZlzRI3Ecs04Offq7EfjaRa4Q645judEBKFruHRf1CP8HuRup/UQevw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kKmeUK9tHYMWu2oEsg0AkKsTl2FOEaACZWbpWyC7Nqg=; b=joIUsbX8xPRdA+art8VcQf27dM+ebtvkINTQ94FXR7/TEjVCknirTT2cjyDB64GFTIgfC8Zp5T6mEuNCNY41yCrae3BrSjd8uwdzrndQO/wSEgdhLjqtCaZdKj0OER2gHw/rmShFwg/+9Q1ePcJcFxhbegZejT7ycppzRyERYiQ0v+v5r1Iofi62NjhsBzxYjRFyvOyM7FJFCY2B5oebFtkrE/jBe3X2muB4nrlXYVEIsDmqQ9Re3yk7jTlSsKrgS1rFp6fOnvtmmqUjtnjwCGa52n4r9Eq+4qlOj4o7l9X1uswHi/iDbomgmssT5eEJBoG67srU5JwGV1PK6McIDw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kKmeUK9tHYMWu2oEsg0AkKsTl2FOEaACZWbpWyC7Nqg=; b=PSVKRwPpl7rniVQw08YZfRlEH23TD9QKr6eTIydo/6D0pgeDHo3+627k3RHu3ip1U4oI3LeMvMo0PmWe2YgeauHsEa3zac0uOcTs246F1eAZ+yyWRQMDkmwb9MLCkWfBgzAVLQSuUfuT43x9wkZOb/h6riNjjr7En2vUx82xErE=
Received: from DB6PR0701MB2198.eurprd07.prod.outlook.com (2603:10a6:4:4a::24) by DB7PR07MB5242.eurprd07.prod.outlook.com (2603:10a6:10:6f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.6; Thu, 4 Nov 2021 15:39:11 +0000
Received: from DB6PR0701MB2198.eurprd07.prod.outlook.com ([fe80::897f:bb93:a2fd:fcb]) by DB6PR0701MB2198.eurprd07.prod.outlook.com ([fe80::897f:bb93:a2fd:fcb%11]) with mapi id 15.20.4669.010; Thu, 4 Nov 2021 15:39:10 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Extending the CoAP-DTLS profile to TLS
Thread-Index: AQHX0ZAVuKqpPoAQu06vfKMlChK0GA==
Date: Thu, 04 Nov 2021 15:39:10 +0000
Message-ID: <DB6PR0701MB21984F7F195863A7A4EEA1F4F48D9@DB6PR0701MB2198.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 58ab894e-c053-47f4-a2df-08d99fa93f3b
x-ms-traffictypediagnostic: DB7PR07MB5242:
x-microsoft-antispam-prvs: <DB7PR07MB524210EA922831F5B621F63CF48D9@DB7PR07MB5242.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 32e7FASuv59wUq5iEtwgpw7BfKhL1uszFDL2vZtD2Q3bjaND1j8H9LCJl3qqitWv1xvW37Mb9uCx81zDHhGrKYz+h2a2nLELHVMIr1bKmZfEpgrSREFGNOirPyfg2rwiZRsH3zR39VdHONkgyUsfLjEvxxNaAmemfVwN7olAm5d+F2xo61uNLL5+f0LfQ2CtYlnAn01TFyonr1Ht1K0plOcny9a1CIYpqQbgTZvoe9wbaLGw3VsG2wqGjz3by7JGMWS1hGFbxTFmd/aymBi4i8UtSArUa/tn28bQjWYnuLkB92AlpDzWsMzlGX7JIHYSoRkZ5iqmCu/wokVpen3ZEWDYyBqCIAg9KlaXos1t0HgRl8un3mG1C0tqSdujJP6xaD/ecBg2TP5EJ5Kw30lMCyz4JU7Gkr8pKMf8JeNIfdI5Vpa47IQy1E08KHhnqz9ukUMtmlMas+PdkOxeJLRjOijqz5T9shYyWDF0iw5yWPKqCsH/xoI4xDLfyN59U4V3LGWhMlE6J1V613lpWmIV67H+W43UruYyAhznJnaDomTa9CNtKkkCM5VU6jkemwk2vPVgXdf5QP8cnelkAGGE7UaOOyXq//o1XvT6sv/nc3QzI9Hk5x37bj/2HM1QlIaJ1z84CT76rJmBe+dsNrIXxX95v2ORByfH/Srk3bWsJlPF3qbi2EWiadIlZ1Y8IaFehfkU0c8IgGwU/VIe7EGxxTdfBeukk/rGfhwthLTSUJ4ptDSy0td8ikSfzauUx89IdSSX6tZUlnlKnZlekJtR6Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB6PR0701MB2198.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(26005)(8676002)(66574015)(186003)(33656002)(2906002)(8936002)(71200400001)(7696005)(6916009)(6506007)(38070700005)(5660300002)(9686003)(66946007)(86362001)(316002)(508600001)(76116006)(91956017)(66446008)(64756008)(83380400001)(966005)(66476007)(66556008)(55016002)(52536014)(82960400001)(122000001)(38100700002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 0xlSHLrChY1gcQ6E8QQp+QDbAuKpIIVXUkreqRXZd2K3qZDVxVz0Ain2LpcMctJ/ryG5RLTjP20Z6Vcv2olYnRBY4v8b6beH6wdzpff4f7mtMXBDCogwUXgL1aRuXJI1JEq6YiVgmmbg7etB7GsYavYy7p4jDUHByyvRLdBgQ9ht+QI0yS0fuwPZXALpxpBGm47p1pfbtWgUMekeq9WvbbatZlc9yDOug73b3BeG8LwNFPr3NGBO/sBIK+maA1rBau+h1iQTufJ+hWKnrzsGxdbiQezICUny175O3CP9ABAsgmpiZ6tiSh+OcgFuE7KNNjtBK3LzMb5ukVs5R34UEQvXtxLy1/DQ8En4ww0gC0zx2Ed9RXxNZGRxhMs5I50K/woVeBcMlEI+AUvQ3QjUEIchaIk86ImAe0snwLwSXHdRLxVwIjqlti5uKUza58SHi/diCnjPnHZ350VwTCsZ1RM65i8d66N/EoFtMC5guql5d+36f2dwo+y6EKIngm5+HfyRq1HGWEw1kDX8IEgL2FeJtxBWomCBSqQQO5JS6fV1hGuVjteM4Z/RTpssODnNqy4GKG2S5Wb9YMGOBjLDGf9dQ4sg0eGBYs1tmEvKvf0ZTD5RC55YyyXfDvTqqsRamzDm6LtQ57BjgtstTmEoQmnN+yOS7287g9O2h+8lOvrDHhhvmPWg0FAc1EuOW+1RggZDwIA5wTvd7PBBlQbv/o+FOKbSn9Uk1/av7b3LWrvRVPjjW0eWb+iHQnS5uasJOCIO8YTk5b4AtOaezJITE6gdIALHqJtGkzGIb+cAWcYv2mbBzB8DyCBeFjFg/OgfG5D0pCqOeaLSmStgPPeHZMFCHqVA0S2tPAznpWHQxo+o+mxQtkDi95URjA6sRmmvTApqRAhF1tFiR9Gre2fIzJ/k8xJKU/3tMteDjcHX4M0c8iASA+n0/YpZYZyj5q+jQI+JPVREZ87Hk2cD7xOaYx/+CY0Hk3PqvQzKflkLNwuIW2IbTJ9DeP4Q3lYUyKx65nEL5Z0Y3RjQtluZmZAAenmUPafOx2C+so3rqZdqpPvDLeABHiaMyDDYkSaGvjz/wxeEjWLlzON5GJeokwIzGIEnFm6ST99riexQUpYM+O1TvaJFtdrg7tA2A/Pm6/1ilBnzFlgfrhmx73qpTsr+mU8noahJljLAu4tm1+gRd6VEg6GGykJtZ45ZZ6W3Sxyw/HorKpxI2cK9rqp/TvKSno4bWcc6zwAgH0BudZyPLbXU9rBAErsFh4Dn5k0xJ5Y3jw8mnQX4uD4+Wr+Emh2w0xMB5IS611qfFJ8c6S8NavkUFcN1Ar+H8S4YAGWROq12C2dnR+WYsGPH0mVlBUXQ9BXp6ypRB3/BjojsFjqB7lNLHLKk0oyZsPuCz4HdGNdq7OL5+kYI9EbQbxxLmOToqmdLbByTRbCd5IX0tKovLvvq2C4bl/vfJYQKLZrhZqDMxMCHCHE26hB65+8qSQM8ARzWAyX9tqkWtLNdsi+JZhCinqE0h5G+2mBp78DMmb8xSYnvqrZ+ARV/YlixWt+d9qJzjWF8S2C0k8aSCoZcU84EP1MRGLmrB2kJaSUVNITBEe0jnABz9IN2Vsu1vvLm1M2zJT5/21EBQa5sw/mcz3zVYY+kB78wCzrZNgp192NFVr1hP8/rGMbbPHxjeEKRyFMq1U9vqxWJkhxIpA4GMLU=
Content-Type: multipart/alternative; boundary="_000_DB6PR0701MB21984F7F195863A7A4EEA1F4F48D9DB6PR0701MB2198_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB6PR0701MB2198.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 58ab894e-c053-47f4-a2df-08d99fa93f3b
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2021 15:39:10.5749 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gatw6WS7ylvoDU8IlLTYCbGi2N2C2hQrSpS0pV3RC+1Q4ehEm+Us7fmEk/+opkP/Rc1maiy5ovtYEqmEG3Zo27EItPdxEAmOnlzJRi24PH0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB5242
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/vztCdl158xIFc-jTAXI-YkRR6iM>
Subject: [Ace] Extending the CoAP-DTLS profile to TLS
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Nov 2021 15:39:19 -0000

All,

We would like the ACE WG to consider the extension of the CoAP-DTLS profile of the ACE framework (draft-ietf-dtls-authorize) to TLS.

An example of where this may be useful: 3GPP has specified the use of CoAP in SEAL (Service Enabler Architecture Layer for Verticals) [1] and the Service-Based Architecture has previously adopted OAuth 2.0 for authorization of access to services. CoAP as specified there is not restricted to UDP but may also carried in TCP and web sockets. To apply the ACE framework in that setting would require an ACE profile supporting TLS.

The CoAP-DTLS profile supports DTLS 1.2 and 1.3, but is applicable also to corresponding versions of TLS. What is missing is essentially that statement. This has been discussed previously as John noted in a recent email to the list.

Considering the CoAP-DTLS profile is in a progressed state it may be too late to include this in the CoAP-DTLS profile. The other option is a new draft updating draft-ietf-dtls-authorize. To illustrate how little additional information is needed we wrote a draft with all content in the two-paragraph introduction, available in [2], to be submitted when the I-D submission opens again.

Note that the proposal is not to define a new profile of the ACE framework. That is not desirable since for most practical purposes the authorization is independent of whether UDP, TCP or websockets is used.

Could we have a slot on the ACE agenda on Tuesday to discuss this?

Thanks,
Göran


[1] https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3587

[2] https://gitlab.informatik.uni-bremen.de/ace/extend-dtls-authorize/-/blob/main/draft-bergmann-ace-extend-dtls-authorize-00.txt

v2.23.0 | Report a Bug | By Email