IETF Logo Mail Archive

Re: [Acme] ACME signature mechanics

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 18 December 2014 12:57 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DA731A8891 for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 04:57:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FhIdeZYC5j7 for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 04:57:12 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D5901A888D for <acme@ietf.org>; Thu, 18 Dec 2014 04:57:11 -0800 (PST)
Received: from [192.168.131.138] ([80.92.123.25]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0M03qC-1Xn4Yu1BF6-00uIEB; Thu, 18 Dec 2014 13:57:04 +0100
Message-ID: <5492CF1B.7010508@gmx.net>
Date: Thu, 18 Dec 2014 13:56:59 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <phill@hallambaker.com>, Anders Rundgren <anders.rundgren.net@gmail.com>
References: <548FF9E3.1020703@gmail.com> <CAL02cgT9iYqtX2Ui5XQYnj=yeF_QnSkKn-jE0D5d56WMzB5bBg@mail.gmail.com> <CAMm+LwjwG0dPTkByu5WZ_ev3xNxAMwunoc-A_VK4sKPSZXRYDw@mail.gmail.com> <006c01d01a33$2b086890$811939b0$@icloud.com> <CABkgnnWGQarDzpx-3f488OF2w3eyTV1iUr4GWyND+_avRHNZ6w@mail.gmail.com> <004901d01a94$55e9ebe0$01bdc3a0$@icloud.com> <54928827.9030009@gmail.com> <CAMm+Lwifqgt9e_i=froACzGW3bsY05KBiJJFBRJrqJcZrEqN8A@mail.gmail.com>
In-Reply-To: <CAMm+Lwifqgt9e_i=froACzGW3bsY05KBiJJFBRJrqJcZrEqN8A@mail.gmail.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ABs5MMDmX4OaHL1wSqk4BiR9hCoHkvj2e"
X-Provags-ID: V03:K0:UJqnHRTA+49lZYT0koe4es9+JkhLdIcSO3Dgz1mR0yjsSjdc8tS 5lInvp5h0MQBLEz2ypIPbQVSoQvc6FDwuP7TSAEWckoVDf47fJacUsmI2/Wx8iWH2+i1ceW 9VpTIGRwgOHICwt3xq/gIcxbRkp/WeZuTMVG/g34zAJZmFoRZj4QbGm1plVnaWwSg4urvvv Ur5jkX+YB0PJ/O7NPnuug==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/PdpLDlXzOY2lrEDPYmO_ULmeuP8
Cc: Richard Barnes <rlb@ipv.sx>, Trevor Freeman <trevor.freeman99@icloud.com>, "acme@ietf.org" <acme@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
Subject: Re: [Acme] ACME signature mechanics
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Dec 2014 12:57:14 -0000

Hi Phillip,

this statement caught my attention:

On 12/18/2014 01:33 PM, Phillip Hallam-Baker wrote:
> Minimal TLS stacks for embedded devices don't typically do client auth.
> See 'minimal'.

It depends what devices you are talking about, for what purpose they use
TLS/DTLS, and what the overall design pattern of the device is.

With the work we are doing in other working groups, such as DICE, we are
trying to give guidance on how to use TLS/DTLS for use with  Internet of
Things (=small embedded devices) in an effort to bring more
(standardized) security protocols into those devices.

With that work we are heavily relying on mutual authentication at the
DTLS/TLS level.

Ciao
Hannes

PS: I also don't think that the discussion on this list is relevant to
embedded devices.

v2.23.0 | Report a Bug | By Email