Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt

peter van der Stok <stokcons@xs4all.nl> Fri, 04 November 2016 08:58 UTC

Return-Path: <stokcons@xs4all.nl>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74105129417 for <anima-bootstrap@ietfa.amsl.com>; Fri, 4 Nov 2016 01:58:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tVlBbIWHYj2o for <anima-bootstrap@ietfa.amsl.com>; Fri, 4 Nov 2016 01:58:01 -0700 (PDT)
Received: from lb3-smtp-cloud3.xs4all.net (lb3-smtp-cloud3.xs4all.net [194.109.24.30]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D09A1294A7 for <anima-bootstrap@ietf.org>; Fri, 4 Nov 2016 01:58:01 -0700 (PDT)
Received: from webmail.xs4all.nl ([194.109.20.205]) by smtp-cloud3.xs4all.net with ESMTP id 3kxx1u0024RV18J01kxxJt; Fri, 04 Nov 2016 09:57:59 +0100
Received: from 2001:983:a264:1:50b8:9733:c70:b8c6 by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Fri, 04 Nov 2016 09:57:57 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Date: Fri, 04 Nov 2016 09:57:57 +0100
From: peter van der Stok <stokcons@xs4all.nl>
To: Carsten Bormann <cabo@tzi.org>
Organization: vanderstok consultancy
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <etPan.5818bad3.78c6b580.9528@tzi.org>
References: <147775346922.30618.14590857285848221161.idtracker@ietfa.amsl.com> <e191cf557b00e7003048fac4e72ba59c@xs4all.nl> <etPan.5818b52f.a07279a.9528@AirmailxGenerated.am> <etPan.5818bad3.78c6b580.9528@tzi.org>
Message-ID: <5e9f1e40bac34f2a550dba2e72abd8cc@xs4all.nl>
X-Sender: stokcons@xs4all.nl (pv7K8KB6ZFQAKEFPfRfEyA1icDqdAqex)
User-Agent: XS4ALL Webmail
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/F9nScU1pE-PQ5hK3ko7vedGRHis>
Cc: Michel Veillette <michel.veillette@trilliantinc.com>, Anima-bootstrap <anima-bootstrap@ietf.org>, Core <core@ietf.org>, consultancy@vanderstok.org
Subject: Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: consultancy@vanderstok.org
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 08:58:04 -0000

It all depends on the interest generated in this document and for what 
purpose:
- BRSKI only with limited EST support
- Or full EST

For the moment it is BRSKI without manual intervention. When things are 
missing in that context, we will certainly add them.

Peter

Carsten Bormann schreef op 2016-11-01 16:34:
> Sending around MIME messages between constrained devices doesn’t
> strike me as the optimal way forward.
> Fortunately, we have COSE, which would be an easy way to combine a key
> wrap with some signing info.
> 
> Grüße, Carsten
> On 1 November 2016 at 16:30:43, Michel Veillette
> (michel.veillette@trilliantinc.com) wrote:
> 
>> Hi Peter
>> 
>> In section 3 of "draft-vanderstok-core-coap-est-00",
>> "Server-generated key" is listed as supported.
>> This service returns two components, a PKCS8 containing the private
>> key material and a PKCS7 containing the device certificate chain.
>> In RFC7030, this information is returned using a Content-Type:
>> multipart/mixed.
>> How this is supported in "draft-vanderstok-core-coap-est-00"?
>> 
>> REQ: POST /.well-known/est/serverkeygen (Content-Format:
>> application/pkcs10)
>> <ASN.1 CertificationRequest> // Certificate request carry in a
>> PKCS10
>> 
>> RES: 2.05 Content (Content-Format: ???)
>> <ASN.1 ContentSet> // Private key material for this node carry in a
>> PKCS8
>> <ASN.1 ContentInfo> // Certificate and associated PKI for this node
>> carry in a PKCS7
>> 
>> Regards,
>> Michel
>> 
>> -----Original Message-----
>> From: core [mailto:core-bounces@ietf.org] On Behalf Of peter van der
>> Stok
>> Sent: Saturday, October 29, 2016 11:12 AM
>> To: Anima-bootstrap <anima-bootstrap@ietf.org>rg>; Core <core@ietf.org>
>> 
>> Subject: [core] Fwd: New Version Notification for
>> draft-vanderstok-core-coap-est-00.txt
>> 
>> Dear all,
>> 
>> we have submitted a new draft Enrollment over Secure Transport (EST)
>> over coaps to make BRSKI over coap possible.
>> We expect (parts of) this draft to be integrated with coap-bootstrap
>> draft of pritikin and Kampanakis.
>> This draft removes EST functionality not absolutely needed within
>> the context we expect the BRSKI deployment for low-resource devices.
>> 
>> 
>> Greetings,
>> 
>> Peter
>> 
>> -------- Oorspronkelijke bericht --------
>> Onderwerp: New Version Notification for
>> draft-vanderstok-core-coap-est-00.txt
>> Datum: 2016-10-29 17:04
>> Afzender: internet-drafts@ietf.org
>> Ontvanger: "Peter van der Stok" <consultancy@vanderstok.org>rg>, "Peter
>> Van der Stok" <consultancy@vanderstok.org>rg>, "Sandeep Kumar"
>> <ietf@sandeep.de>de>, "Sandeep S. Kumar" <ietf@sandeep.de>
>> 
>> A new version of I-D, draft-vanderstok-core-coap-est-00.txt
>> has been successfully submitted by Peter van der Stok and posted to
>> the IETF repository.
>> 
>> Name: draft-vanderstok-core-coap-est
>> Revision: 00
>> Title: EST based on DTLS secured CoAP (EST-coaps)
>> Document date: 2016-10-29
>> Group: Individual Submission
>> Pages: 15
>> URL:
>> 
> https://www.ietf.org/internet-drafts/draft-vanderstok-core-coap-est-00.txt
>> 
>> Status:
>> https://datatracker.ietf.org/doc/draft-vanderstok-core-coap-est/
>> Htmlized:
>> https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00
>> 
>> Abstract:
>> Low-resource devices in a Low-power and Lossy Network (LLN) can
>> operate in a mesh network using the IPv6 over Low-power Personal
>> Area
>> Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards.
>> Provisioning these devices in a secure manner with keys (often
>> called
>> security bootstrapping) used to encrypt and authenticate messages is
>> 
>> the subject of Bootstrapping of Remote Secure Key Infrastructures
>> (BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra]. Enrollment over
>> Secure Transport (EST) [RFC7030], based on TLS and HTTP, is used for
>> 
>> BRSKI. This document defines how low-resource devices are expected
>> to use EST over DTLS and CoAP. 6LoWPAN fragmentation management and
>> minor extensions to CoAP are needed to enable EST over DTLS-secured
>> CoAP (EST-coaps).
>> 
>> Please note that it may take a couple of minutes from the time of
>> submission until the htmlized version and diff are available at
>> tools.ietf.org.
>> 
>> The IETF Secretariat
>> 
>> _______________________________________________
>> core mailing list
>> core@ietf.org
>> https://www.ietf.org/mailman/listinfo/core
>> 
>> _______________________________________________
>> core mailing list
>> core@ietf.org
>> https://www.ietf.org/mailman/listinfo/core
> _______________________________________________
> Anima-bootstrap mailing list
> Anima-bootstrap@ietf.org
> https://www.ietf.org/mailman/listinfo/anima-bootstrap