IETF Logo Mail Archive

Re: [Acme] ACME signature mechanics

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 18 December 2014 14:43 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B22EB1A89ED for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 06:43:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y1j55D2XOWLF for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 06:42:59 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C3221A89F1 for <acme@ietf.org>; Thu, 18 Dec 2014 06:42:59 -0800 (PST)
Received: from [192.168.131.138] ([80.92.123.25]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MZOan-1YMiyP0TK1-00LEMo; Thu, 18 Dec 2014 15:42:52 +0100
Message-ID: <5492E7EA.9000300@gmx.net>
Date: Thu, 18 Dec 2014 15:42:50 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <phill@hallambaker.com>
References: <548FF9E3.1020703@gmail.com> <CAL02cgT9iYqtX2Ui5XQYnj=yeF_QnSkKn-jE0D5d56WMzB5bBg@mail.gmail.com> <CAMm+LwjwG0dPTkByu5WZ_ev3xNxAMwunoc-A_VK4sKPSZXRYDw@mail.gmail.com> <006c01d01a33$2b086890$811939b0$@icloud.com> <CABkgnnWGQarDzpx-3f488OF2w3eyTV1iUr4GWyND+_avRHNZ6w@mail.gmail.com> <004901d01a94$55e9ebe0$01bdc3a0$@icloud.com> <54928827.9030009@gmail.com> <CAMm+Lwifqgt9e_i=froACzGW3bsY05KBiJJFBRJrqJcZrEqN8A@mail.gmail.com> <5492CF1B.7010508@gmx.net> <CAMm+LwgL0j-FjsUv4NSonvHcjJLpSB8JUbNNGmRvyqi37B+K7g@mail.gmail.com> <5492D548.4010709@gmx.net> <CAMm+LwiN9Q8wiP=uLXRtq=f12C=VGwRa_K94u+dcGf+BHxAkfg@mail.gmail.com>
In-Reply-To: <CAMm+LwiN9Q8wiP=uLXRtq=f12C=VGwRa_K94u+dcGf+BHxAkfg@mail.gmail.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="oJfINucR08ewuB8aQNJFKLNn9qgJ9SgMA"
X-Provags-ID: V03:K0:DBkv5bJObmg78+oGffzF3OFEHYMr3YyhACSGU8wK9PS2WTk4JSv IhJuIy6jbqmODJ+z6KOvMp7pzmOidkPb9CIfdOcqel0WqvrdFLSe56znSl8xsvPkci5dVUk y95MJzIqaA9LWHDHYMo5/zEGNH4FUfQ9ohGQlLKUpKcmhk92cgwT+zfnZjDo4eAf9cfcp2c 0wCfU+xwrJdJ4fV53loUw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/saOCHdQ4SoZjmdXBbZsDxLr4eEY
Cc: Richard Barnes <rlb@ipv.sx>, Martin Thomson <martin.thomson@gmail.com>, "acme@ietf.org" <acme@ietf.org>, Trevor Freeman <trevor.freeman99@icloud.com>, Anders Rundgren <anders.rundgren.net@gmail.com>
Subject: Re: [Acme] ACME signature mechanics
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Dec 2014 14:43:01 -0000

Hi Phillip,

the relevant OMA specification can be found here:
http://openmobilealliance.org/about-oma/work-program/m2m-enablers/
(Click on the 'OMA Lightweight M2M (LWM2M) protocol' for the version for
IoT devices and 'OMA Device Management (DM)' for the stuff that is used
on mobile phones.)

Here is a tutorial:
http://community.arm.com/servlet/JiveServlet/previewBody/8693-102-3-15745/ARM%20OMA%20Lightweight%20M2M%20Tutorial.pdf

When you look through the tutorial then you will see that IoT devices
need more than just credentials (which is why the specification talks a
lot about device management).

Here is open source code:
https://github.com/jvermillard/leshan
https://github.com/01org/liblwm2m

The next interop event will take place in January 2015:
http://openmobilealliance.org/oma-lwm2m-testfest-registration-now-open/

> IoT is not going to be a special case of the Internet

The LWM2M specification re-uses the work from the CORE working group
(including CoAP, and CoAP resource server), DTLS, JSON and many IETF
other specifications.

Still, the needs for provisioning a certificate to a Web server are,
however, different from provisioning a light bulb.

Judging from the abstract of the ACME specification their document is
focused on the Web and nothing else. That's fine (delta the duplication
of already existing work in that area).

Ciao
Hannes

On 12/18/2014 03:11 PM, Phillip Hallam-Baker wrote:
> 
> 
> On Thu, Dec 18, 2014 at 8:23 AM, Hannes Tschofenig
> <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote:
> 
>     Hi Phillip,
> 
>     we already have a mechanism for issuing certificates to embedded
>     devices, namely OMA Lightweight M2M. It is already used today.
>     That specification is a version of the OMA device management protocol
>     (which is also widely used) but uses different protocols that are more
>     suitable for the embedded side, such as CoAP and JSON.
> 
>     Hence, I doubt that this work is something the IoT community is
>     asking for.
> 
> 
> Is there a pointer to the spec that is publicly accessible?
> 
> In the short term that might be the case. But in the longer term IoT is
> not going to be a special case of the Internet, it is going to be the
> Internet.
> 
> I think you are making a case for looking at the OMA protocol and
> deciding if we can use it.
>

v2.23.0 | Report a Bug | By Email