Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt

Carsten Bormann <> Tue, 01 November 2016 15:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1DD43129460; Tue, 1 Nov 2016 08:55:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 85AuawNi3OBd; Tue, 1 Nov 2016 08:55:09 -0700 (PDT)
Received: from ( [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DC815129AB2; Tue, 1 Nov 2016 08:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id uA1Ft0MX002818; Tue, 1 Nov 2016 16:55:00 +0100 (CET)
Received: from nar-4.local.mail ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 3t7bQq70dLz7xmx; Tue, 1 Nov 2016 16:54:59 +0100 (CET)
Date: Tue, 1 Nov 2016 16:34:25 +0100
From: Carsten Bormann <>
To: Michel Veillette <>, "=?utf-8?Q?" <>, Anima-bootstrap <>, Core <>
Message-ID: <>
In-Reply-To: <>
References: <> <> <>
X-Mailer: Airmail (390)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5818bad3_28ba0ee2_9528"
Archived-At: <>
Subject: Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Nov 2016 15:55:12 -0000

Sending around MIME messages between constrained devices doesn’t strike me as the optimal way forward.
Fortunately, we have COSE, which would be an easy way to combine a key wrap with some signing info.

Grüße, Carsten

On 1 November 2016 at 16:30:43, Michel Veillette ( wrote:

Hi Peter  

In section 3 of "draft-vanderstok-core-coap-est-00", "Server-generated key" is listed as supported.  
This service returns two components, a PKCS8 containing the private key material and a PKCS7 containing the device certificate chain.  
In RFC7030, this information is returned using a Content-Type: multipart/mixed.  
How this is supported in "draft-vanderstok-core-coap-est-00"?  

REQ: POST /.well-known/est/serverkeygen (Content-Format: application/pkcs10)  
<ASN.1 CertificationRequest> // Certificate request carry in a PKCS10  

RES: 2.05 Content (Content-Format: ???)  
<ASN.1 ContentSet> // Private key material for this node carry in a PKCS8  
<ASN.1 ContentInfo> // Certificate and associated PKI for this node carry in a PKCS7  


-----Original Message-----  
From: core [] On Behalf Of peter van der Stok  
Sent: Saturday, October 29, 2016 11:12 AM  
To: Anima-bootstrap <>rg>; Core <>  
Subject: [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt  

Dear all,  

we have submitted a new draft Enrollment over Secure Transport (EST) over coaps to make BRSKI over coap possible.  
We expect (parts of) this draft to be integrated with coap-bootstrap draft of pritikin and Kampanakis.  
This draft removes EST functionality not absolutely needed within the context we expect the BRSKI deployment for low-resource devices.  



-------- Oorspronkelijke bericht --------  
Onderwerp: New Version Notification for draft-vanderstok-core-coap-est-00.txt  
Datum: 2016-10-29 17:04  
Ontvanger: "Peter van der Stok" <>rg>, "Peter Van der Stok" <>rg>, "Sandeep Kumar"  
<>de>, "Sandeep S. Kumar" <>  

A new version of I-D, draft-vanderstok-core-coap-est-00.txt  
has been successfully submitted by Peter van der Stok and posted to the IETF repository.  

Name:	draft-vanderstok-core-coap-est  
Revision:	00  
Title:	EST based on DTLS secured CoAP (EST-coaps)  
Document date:	2016-10-29  
Group:	Individual Submission  
Pages:	15  

Low-resource devices in a Low-power and Lossy Network (LLN) can  
operate in a mesh network using the IPv6 over Low-power Personal Area  
Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards.  
Provisioning these devices in a secure manner with keys (often called  
security bootstrapping) used to encrypt and authenticate messages is  
the subject of Bootstrapping of Remote Secure Key Infrastructures  
(BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra]. Enrollment over  
Secure Transport (EST) [RFC7030], based on TLS and HTTP, is used for  
BRSKI. This document defines how low-resource devices are expected  
to use EST over DTLS and CoAP. 6LoWPAN fragmentation management and  
minor extensions to CoAP are needed to enable EST over DTLS-secured  
CoAP (EST-coaps).  

Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at  

The IETF Secretariat  

core mailing list  

core mailing list