Re: [Ace] EST over CoAP
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 16 May 2018 09:16 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C892A120721 for <ace@ietfa.amsl.com>; Wed, 16 May 2018 02:16:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.01
X-Spam-Level:
X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oo2C62G-iegS for <ace@ietfa.amsl.com>; Wed, 16 May 2018 02:16:22 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50046.outbound.protection.outlook.com [40.107.5.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DDAB1200E5 for <ace@ietf.org>; Wed, 16 May 2018 02:16:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PMc2sZ3dJdGoy8Q3PivvRDRnl1o54FioNlKjWXrHdxc=; b=G5AReqns2y1cqdyyM9+MpO6b42HQdKUaryvIRxwFV9KYF4TCCbx0n3qmr0UQhcGG/PMfip8OUte6oZH/HBbiYd5VpywpfNjQA+3e5/7shJHa0BgApUEgMGagoe7hO23w61dfKMyHW+EZRSyIIlQfGL9xarDINSfZKjspiTaeYdY=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1615.eurprd08.prod.outlook.com (10.167.211.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.755.16; Wed, 16 May 2018 09:16:19 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::7c43:c1a5:4f69:5365]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::7c43:c1a5:4f69:5365%17]) with mapi id 15.20.0755.018; Wed, 16 May 2018 09:16:19 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: EST over CoAP
Thread-Index: AdPrYipD0kyce1IOREqwxYCd2nFDSgAKCPZwAACDJXAAAGyyQAAlwdwAAAwByGAAKB+2gA==
Date: Wed, 16 May 2018 09:16:19 +0000
Message-ID: <VI1PR0801MB2112B889B6CED5687864B311FA920@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB21122D93F906F952E5E85C87FA9C0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <a4d27053f1d2431abee07d2597e14972@XCH-ALN-010.cisco.com> <VI1PR0801MB21125B520BA3DE027A49AFA6FA9C0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <b1f75e92b9f34235b5922847e9595ad1@XCH-ALN-010.cisco.com> <VI1PR0801MB2112BB24EA1AD68B1EEA0DB5FA930@VI1PR0801MB2112.eurprd08.prod.outlook.com> <e6e07b2a458e4417a18027d592db0b2b@XCH-ALN-010.cisco.com>
In-Reply-To: <e6e07b2a458e4417a18027d592db0b2b@XCH-ALN-010.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [156.67.194.220]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1615; 7:GPkgdZCHl5DNU8h3x7Jmk/RsSefJ7J0JDYuSeFM8BOiNUZaL2BjVvxUgsTGe90BHhDIcqYU2puvKFofwAP2it9fejYhmZqIo/oyMqHZwS5CcPSn/7JsrgCadKiLtEcTDsmwVgdVIOU/Kpa+S/3Bq409ih4lGHH8x+iUqP6wDYTh2LIEQ8YUOuSc+ZF7PjlgNhOC0uIgeT1jMNPkCqn8DStaVl/7fuBFggb8O8xdK4Z4alo79oirLuMsOjsHMy40t
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1615;
x-ms-traffictypediagnostic: VI1PR0801MB1615:
x-microsoft-antispam-prvs: <VI1PR0801MB1615547321D92334E4F5426EFA920@VI1PR0801MB1615.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(180628864354917)(192374486261705)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:VI1PR0801MB1615; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1615;
x-forefront-prvs: 0674DC6DD3
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(366004)(39380400002)(39860400002)(346002)(40434004)(199004)(189003)(486006)(55016002)(476003)(86362001)(25786009)(8936002)(81156014)(3480700004)(81166006)(14454004)(3660700001)(966005)(606006)(446003)(2900100001)(11346002)(6506007)(72206003)(6436002)(186003)(7696005)(7116003)(66066001)(53936002)(74316002)(26005)(93886005)(5660300001)(106356001)(7736002)(9686003)(102836004)(59450400001)(54896002)(33656002)(478600001)(6306002)(236005)(105586002)(76176011)(6246003)(5250100002)(97736004)(2906002)(229853002)(99286004)(3280700002)(316002)(6116002)(790700001)(110136005)(2501003)(68736007)(5890100001)(8676002)(3846002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1615; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: X7DPgME3DPZmnzzKZkz9rsXfDlX5zPxFRHtQTrRVKTtgNVwsyStUjIq6H6FZ2BguvDOyi+c+xqaH2AerW8aHlK+ncRi9OM752HH4+Q0b9iNytFkd1BkqaPpq6KErZCWvPqc62BxGHgdlQqlMVw9/tGsqhuGPM9wOBs7h9/fz0KC181eLD44I0oWQRKmXDurT
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB2112B889B6CED5687864B311FA920VI1PR0801MB2112_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 1e313750-3d85-48e3-dcc9-08d5bb0daf44
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1e313750-3d85-48e3-dcc9-08d5bb0daf44
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2018 09:16:19.1037 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1615
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/yRhc3Q3DYlPVIqArHqCnowpSE0s>
Subject: Re: [Ace] EST over CoAP
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 09:16:25 -0000
Ø But I don't think we can tell endpoints that they are on their own unless they get the right hardware or they comply with the ACE-OAuth model, or DOXS. [This is probably an issue unrelated to EST topic but worthwhile to talk about nevertheless.] How do you expect companies to come up with reasonable IoT security? Our (Arm) thinking was that working on building blocks that are then combined in complete IoT device management solutions (like LwM2M) and supplemented with security guidance that includes the implementation (software & hardware), as we do it with the Platform Security Architecture (see https://developer.arm.com/products/architecture/platform-security-architecture), is the only way to improve IoT security. If you just dump ideas and protocols with lots of options to OEMs and let them figure out the security story themselves then guess what the outcome will be. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Ace] EST over CoAP Hannes Tschofenig
- Re: [Ace] EST over CoAP Michael Richardson
- Re: [Ace] EST over CoAP Hannes Tschofenig
- Re: [Ace] EST over CoAP Panos Kampanakis (pkampana)
- Re: [Ace] EST over CoAP Hannes Tschofenig
- Re: [Ace] EST over CoAP Michael Richardson
- Re: [Ace] EST over CoAP Hannes Tschofenig
- Re: [Ace] EST over CoAP Michael Richardson
- Re: [Ace] EST over CoAP Hannes Tschofenig
- Re: [Ace] EST over CoAP Panos Kampanakis (pkampana)
- Re: [Ace] EST over CoAP Michael StJohns
- Re: [Ace] EST over CoAP Mohit Sethi
- Re: [Ace] EST over CoAP Hannes Tschofenig
- Re: [Ace] EST over CoAP Hannes Tschofenig
- Re: [Ace] EST over CoAP Panos Kampanakis (pkampana)
- Re: [Ace] EST over CoAP Hannes Tschofenig
- Re: [Ace] EST over CoAP Panos Kampanakis (pkampana)
- Re: [Ace] EST over CoAP Mohit Sethi
- Re: [Ace] EST over CoAP Hannes Tschofenig
- [Ace] CA generated keys (was Re: EST over CoAP) Michael Richardson