Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt
Carsten Bormann <cabo@tzi.org> Tue, 01 November 2016 15:55 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DD43129460; Tue, 1 Nov 2016 08:55:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85AuawNi3OBd; Tue, 1 Nov 2016 08:55:09 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC815129AB2; Tue, 1 Nov 2016 08:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id uA1Ft0MX002818; Tue, 1 Nov 2016 16:55:00 +0100 (CET)
Received: from nar-4.local.mail (p5DC7E34C.dip0.t-ipconnect.de [93.199.227.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3t7bQq70dLz7xmx; Tue, 1 Nov 2016 16:54:59 +0100 (CET)
Date: Tue, 01 Nov 2016 16:34:25 +0100
From: Carsten Bormann <cabo@tzi.org>
To: Michel Veillette <michel.veillette@trilliantinc.com>, "consultancy@vanderstok.org" <consultancy@vanderstok.org>, Anima-bootstrap <anima-bootstrap@ietf.org>, Core <core@ietf.org>
Message-ID: <etPan.5818bad3.78c6b580.9528@tzi.org>
In-Reply-To: <etPan.5818b52f.a07279a.9528@AirmailxGenerated.am>
References: <147775346922.30618.14590857285848221161.idtracker@ietfa.amsl.com> <e191cf557b00e7003048fac4e72ba59c@xs4all.nl> <etPan.5818b52f.a07279a.9528@AirmailxGenerated.am>
X-Mailer: Airmail (390)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5818bad3_28ba0ee2_9528"
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/LKqu65-ZA6Qp786I_eJ1VWyg8cM>
Subject: Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 15:55:12 -0000
Sending around MIME messages between constrained devices doesn’t strike me as the optimal way forward. Fortunately, we have COSE, which would be an easy way to combine a key wrap with some signing info. Grüße, Carsten On 1 November 2016 at 16:30:43, Michel Veillette (michel.veillette@trilliantinc.com) wrote: Hi Peter In section 3 of "draft-vanderstok-core-coap-est-00", "Server-generated key" is listed as supported. This service returns two components, a PKCS8 containing the private key material and a PKCS7 containing the device certificate chain. In RFC7030, this information is returned using a Content-Type: multipart/mixed. How this is supported in "draft-vanderstok-core-coap-est-00"? REQ: POST /.well-known/est/serverkeygen (Content-Format: application/pkcs10) <ASN.1 CertificationRequest> // Certificate request carry in a PKCS10 RES: 2.05 Content (Content-Format: ???) <ASN.1 ContentSet> // Private key material for this node carry in a PKCS8 <ASN.1 ContentInfo> // Certificate and associated PKI for this node carry in a PKCS7 Regards, Michel -----Original Message----- From: core [mailto:core-bounces@ietf.org] On Behalf Of peter van der Stok Sent: Saturday, October 29, 2016 11:12 AM To: Anima-bootstrap <anima-bootstrap@ietf.org>; Core <core@ietf.org> Subject: [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt Dear all, we have submitted a new draft Enrollment over Secure Transport (EST) over coaps to make BRSKI over coap possible. We expect (parts of) this draft to be integrated with coap-bootstrap draft of pritikin and Kampanakis. This draft removes EST functionality not absolutely needed within the context we expect the BRSKI deployment for low-resource devices. Greetings, Peter -------- Oorspronkelijke bericht -------- Onderwerp: New Version Notification for draft-vanderstok-core-coap-est-00.txt Datum: 2016-10-29 17:04 Afzender: internet-drafts@ietf.org Ontvanger: "Peter van der Stok" <consultancy@vanderstok.org>, "Peter Van der Stok" <consultancy@vanderstok.org>, "Sandeep Kumar" <ietf@sandeep.de>, "Sandeep S. Kumar" <ietf@sandeep.de> A new version of I-D, draft-vanderstok-core-coap-est-00.txt has been successfully submitted by Peter van der Stok and posted to the IETF repository. Name: draft-vanderstok-core-coap-est Revision: 00 Title: EST based on DTLS secured CoAP (EST-coaps) Document date: 2016-10-29 Group: Individual Submission Pages: 15 URL: https://www.ietf.org/internet-drafts/draft-vanderstok-core-coap-est-00.txt Status: https://datatracker.ietf.org/doc/draft-vanderstok-core-coap-est/ Htmlized: https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00 Abstract: Low-resource devices in a Low-power and Lossy Network (LLN) can operate in a mesh network using the IPv6 over Low-power Personal Area Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards. Provisioning these devices in a secure manner with keys (often called security bootstrapping) used to encrypt and authenticate messages is the subject of Bootstrapping of Remote Secure Key Infrastructures (BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra]. Enrollment over Secure Transport (EST) [RFC7030], based on TLS and HTTP, is used for BRSKI. This document defines how low-resource devices are expected to use EST over DTLS and CoAP. 6LoWPAN fragmentation management and minor extensions to CoAP are needed to enable EST over DTLS-secured CoAP (EST-coaps). Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ core mailing list core@ietf.org https://www.ietf.org/mailman/listinfo/core _______________________________________________ core mailing list core@ietf.org https://www.ietf.org/mailman/listinfo/core
- [Anima-bootstrap] Fwd: New Version Notification f… peter van der Stok
- Re: [Anima-bootstrap] [core] Fwd: New Version Not… Julien Vermillard
- Re: [Anima-bootstrap] [core] Fwd: New Version Not… peter van der Stok
- Re: [Anima-bootstrap] [core] Fwd: New Version Not… Michel Veillette
- Re: [Anima-bootstrap] [core] Fwd: New Version Not… Carsten Bormann
- Re: [Anima-bootstrap] [core] Fwd: New Version Not… peter van der Stok
- Re: [Anima-bootstrap] [core] Fwd: New Version Not… Michael Richardson