Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt
Esko Dijk <esko.dijk@iotconsultancy.nl> Mon, 20 May 2019 06:31 UTC
Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2236C120134; Sun, 19 May 2019 23:31:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancynl.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cIdHJEdGCs5i; Sun, 19 May 2019 23:31:30 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10122.outbound.protection.outlook.com [40.107.1.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5082120041; Sun, 19 May 2019 23:31:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancynl.onmicrosoft.com; s=selector1-iotconsultancynl-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bg4xAMWbTc7q0HoeoGDXyEIsxiRWOHqHlg0hFuqCZF0=; b=zAREjpboMY0aTi0hW7Hl8mwkmZxNZp0DyAbUwC7syaMgWBWuvNOvzFCpdMp62wGZZB1XhO2NTuO1PAAPls524Psk/w3MLNzoxZqmLvjKcXtvQE/ktWVJXdmoZB0KXw6zs7ChesrvszCC6VomYuw8yASoH7L3WTwnh0kwQz3eYTw=
Received: from DB6P190MB0054.EURP190.PROD.OUTLOOK.COM (10.172.229.12) by DB6P190MB0149.EURP190.PROD.OUTLOOK.COM (10.172.228.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.18; Mon, 20 May 2019 06:31:25 +0000
Received: from DB6P190MB0054.EURP190.PROD.OUTLOOK.COM ([fe80::c46d:5ae5:fe3e:ca20]) by DB6P190MB0054.EURP190.PROD.OUTLOOK.COM ([fe80::c46d:5ae5:fe3e:ca20%8]) with mapi id 15.20.1900.020; Mon, 20 May 2019 06:31:25 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, "ace@ietf.org" <ace@ietf.org>
CC: "draft-ietf-ace-coap-est@ietf.org" <draft-ietf-ace-coap-est@ietf.org>
Thread-Topic: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt
Thread-Index: AQHVDMWjkc1/UB/X3EaGxntG4OXylKZvcuOAgAQcGnA=
Date: Mon, 20 May 2019 06:31:25 +0000
Message-ID: <DB6P190MB005480059C7AC6C165475F7CFD060@DB6P190MB0054.EURP190.PROD.OUTLOOK.COM>
References: <155810704144.26327.4695280572619758639@ietfa.amsl.com> <MWHPR11MB18385D70221AC1A962C97623C90B0@MWHPR11MB1838.namprd11.prod.outlook.com>
In-Reply-To: <MWHPR11MB18385D70221AC1A962C97623C90B0@MWHPR11MB1838.namprd11.prod.outlook.com>
Accept-Language: en-US, nl-NL
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=esko.dijk@iotconsultancy.nl;
x-originating-ip: [81.82.250.44]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3e656467-ec67-4952-37fe-08d6dcecc883
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(7168020)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:DB6P190MB0149;
x-ms-traffictypediagnostic: DB6P190MB0149:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <DB6P190MB0149778F77A9002A7DC3533AFD060@DB6P190MB0149.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 004395A01C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(366004)(39830400003)(396003)(136003)(53754006)(13464003)(189003)(199004)(14454004)(74482002)(74316002)(446003)(11346002)(6246003)(26005)(186003)(2906002)(53936002)(25786009)(86362001)(8676002)(81156014)(81166006)(8936002)(7736002)(229853002)(476003)(305945005)(486006)(4326008)(44832011)(55236004)(508600001)(52536014)(76176011)(71200400001)(71190400001)(6116002)(6506007)(6436002)(3846002)(53546011)(102836004)(2501003)(7696005)(110136005)(316002)(66556008)(64756008)(256004)(14444005)(6306002)(966005)(33656002)(99286004)(66574012)(5660300002)(66476007)(9686003)(66446008)(55016002)(76116006)(66066001)(68736007)(73956011)(66946007); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6P190MB0149; H:DB6P190MB0054.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: iotconsultancy.nl does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: JN6D+cF/QNZtgeWx+G1VrEiJotx3dXTBRRyBAYOpHgQHD4i025ShYkRqu0Cf6sMDAqNpxyzGfG37G8y4dT6RZcEJVtzVMNfsQswIGir2nQYBOcbT4D0QfXUBYt/ExD0qczb58/V4VALXCOVTPITLlPgRdVov5LnCHMgb9F1fCxJFwr4em6a8lbCx6WGIZjaOLwOZzHZyghz/BiKbyX5IQMJqDs5IIbkDeYT1pJW+ABzUoVtjWC6YFCIUMjAN7h18mg/EKmED9nRZzksfbJBf/Ag7jgfkdqXMs9A0GX4tyDtzyMj3s5MqJaQKH/QXE45Ds94jMggDF26fvWZvSrT2yFjVir+Uv26Swokh7ark+1SH2uhKaH2JEvNIJrN2riD9wb/zml3Xc1VM1LWH9F0jrl1LvG46cznG0ULXarVzatQ=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: 3e656467-ec67-4952-37fe-08d6dcecc883
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 May 2019 06:31:25.2658 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P190MB0149
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/zYuqp4ydmAS5CYDPjRb1ra0QTT4>
Subject: Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 06:31:33 -0000
Thanks, A few comments I had still on the discovery section - sorry to be late post-WGLC with this: - page 10 bottom mentions "management data" - should say "management resources", or "EST resources" perhaps? - page 10 bottom: " Upon success, the return payload will contain the root resource of the EST resources." - this is not true, since only the individual supported resources are returned. The root (e.g. "/est" in the examples) can be deduced from the response but it is never returned as one link format entry. - page 11 top: the example is only correct for a secure (coaps://) discovery GET request, I think this could be mentioned in text or indicated in the request line. - page 11 bottom requirement: " The client SHOULD use resource discovery when he is unaware of the available EST-coaps resources." - when an EST server is known, this requirement does not really apply since the server always supports .well-known EST resources. So I read it as doing an RD discovery or multicast CoAP discovery if the client doesn't known the EST server address. Hope this is clear enough in the text and intended? - page 11 bottom: "he supports" -> "it supports" - page 11 bottom: " It is up to the implementation to choose its resource paths” -> seems not really the case, because the root resource structure is forced by the specification. It could have been designed as free choice (because it can be discovered anyway) but it is not. Best regards Esko -----Original Message----- From: Ace <ace-bounces@ietf.org> On Behalf Of Panos Kampanakis (pkampana) Sent: Friday, May 17, 2019 17:36 To: ace@ietf.org Subject: Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt Hi all, This latest update addresses feedback while in WGLC" - the comments by Hannes and Esko related to RNG and server-side key gen. It aims to prevent misunderstandings that random numbers are not needed any more if server-side key gen is used. - the nits with "/crt" instead of "/crts" pointed out by Esko. The diff is here https://tools.ietf.org/rfcdiff?url2=draft-ietf-ace-coap-est-11.txt Thanks, Panos -----Original Message----- From: Ace <ace-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Friday, May 17, 2019 11:31 AM To: i-d-announce@ietf.org Cc: ace@ietf.org Subject: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Authentication and Authorization for Constrained Environments WG of the IETF. Title : EST over secure CoAP (EST-coaps) Authors : Peter van der Stok Panos Kampanakis Michael C. Richardson Shahid Raza Filename : draft-ietf-ace-coap-est-11.txt Pages : 48 Date : 2019-05-17 Abstract: Enrollment over Secure Transport (EST) is used as a certificate provisioning protocol over HTTPS. Low-resource devices often use the lightweight Constrained Application Protocol (CoAP) for message exchanges. This document defines how to transport EST payloads over secure CoAP (EST-coaps), which allows constrained devices to use existing EST functionality for provisioning certificates. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-coap-est/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-ace-coap-est-11 https://datatracker.ietf.org/doc/html/draft-ietf-ace-coap-est-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-coap-est-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
- [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt internet-drafts
- Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.… Panos Kampanakis (pkampana)
- Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.… Esko Dijk
- Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.… Panos Kampanakis (pkampana)
- Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.… Esko Dijk
- Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.… Panos Kampanakis (pkampana)