Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt

Carsten Bormann <cabo@tzi.org> Tue, 01 November 2016 15:55 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DD43129460; Tue, 1 Nov 2016 08:55:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85AuawNi3OBd; Tue, 1 Nov 2016 08:55:09 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC815129AB2; Tue, 1 Nov 2016 08:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id uA1Ft0MX002818; Tue, 1 Nov 2016 16:55:00 +0100 (CET)
Received: from nar-4.local.mail (p5DC7E34C.dip0.t-ipconnect.de [93.199.227.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3t7bQq70dLz7xmx; Tue, 1 Nov 2016 16:54:59 +0100 (CET)
Date: Tue, 1 Nov 2016 16:34:25 +0100
From: Carsten Bormann <cabo@tzi.org>
To: Michel Veillette <michel.veillette@trilliantinc.com>, "=?utf-8?Q?consultancy=40vanderstok.org?=" <consultancy@vanderstok.org>, Anima-bootstrap <anima-bootstrap@ietf.org>, Core <core@ietf.org>
Message-ID: <etPan.5818bad3.78c6b580.9528@tzi.org>
In-Reply-To: <etPan.5818b52f.a07279a.9528@AirmailxGenerated.am>
References: <147775346922.30618.14590857285848221161.idtracker@ietfa.amsl.com> <e191cf557b00e7003048fac4e72ba59c@xs4all.nl> <etPan.5818b52f.a07279a.9528@AirmailxGenerated.am>
X-Mailer: Airmail (390)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5818bad3_28ba0ee2_9528"
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/LKqu65-ZA6Qp786I_eJ1VWyg8cM>
Subject: Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 15:55:12 -0000

Sending around MIME messages between constrained devices doesn’t strike me as the optimal way forward.
Fortunately, we have COSE, which would be an easy way to combine a key wrap with some signing info.

Grüße, Carsten

On 1 November 2016 at 16:30:43, Michel Veillette (michel.veillette@trilliantinc.com) wrote:

Hi Peter  

In section 3 of "draft-vanderstok-core-coap-est-00", "Server-generated key" is listed as supported.  
This service returns two components, a PKCS8 containing the private key material and a PKCS7 containing the device certificate chain.  
In RFC7030, this information is returned using a Content-Type: multipart/mixed.  
How this is supported in "draft-vanderstok-core-coap-est-00"?  

REQ: POST /.well-known/est/serverkeygen (Content-Format: application/pkcs10)  
<ASN.1 CertificationRequest> // Certificate request carry in a PKCS10  

RES: 2.05 Content (Content-Format: ???)  
<ASN.1 ContentSet> // Private key material for this node carry in a PKCS8  
<ASN.1 ContentInfo> // Certificate and associated PKI for this node carry in a PKCS7  

Regards,  
Michel  

-----Original Message-----  
From: core [mailto:core-bounces@ietf.org] On Behalf Of peter van der Stok  
Sent: Saturday, October 29, 2016 11:12 AM  
To: Anima-bootstrap <anima-bootstrap@ietf.org>rg>; Core <core@ietf.org>  
Subject: [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt  

Dear all,  

we have submitted a new draft Enrollment over Secure Transport (EST) over coaps to make BRSKI over coap possible.  
We expect (parts of) this draft to be integrated with coap-bootstrap draft of pritikin and Kampanakis.  
This draft removes EST functionality not absolutely needed within the context we expect the BRSKI deployment for low-resource devices.  

Greetings,  

Peter  

-------- Oorspronkelijke bericht --------  
Onderwerp: New Version Notification for draft-vanderstok-core-coap-est-00.txt  
Datum: 2016-10-29 17:04  
Afzender: internet-drafts@ietf.org  
Ontvanger: "Peter van der Stok" <consultancy@vanderstok.org>rg>, "Peter Van der Stok" <consultancy@vanderstok.org>rg>, "Sandeep Kumar"  
<ietf@sandeep.de>de>, "Sandeep S. Kumar" <ietf@sandeep.de>  

A new version of I-D, draft-vanderstok-core-coap-est-00.txt  
has been successfully submitted by Peter van der Stok and posted to the IETF repository.  

Name:	draft-vanderstok-core-coap-est  
Revision:	00  
Title:	EST based on DTLS secured CoAP (EST-coaps)  
Document date:	2016-10-29  
Group:	Individual Submission  
Pages:	15  
URL:  
https://www.ietf.org/internet-drafts/draft-vanderstok-core-coap-est-00.txt  
Status:  
https://datatracker.ietf.org/doc/draft-vanderstok-core-coap-est/  
Htmlized:  
https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00  


Abstract:  
Low-resource devices in a Low-power and Lossy Network (LLN) can  
operate in a mesh network using the IPv6 over Low-power Personal Area  
Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards.  
Provisioning these devices in a secure manner with keys (often called  
security bootstrapping) used to encrypt and authenticate messages is  
the subject of Bootstrapping of Remote Secure Key Infrastructures  
(BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra]. Enrollment over  
Secure Transport (EST) [RFC7030], based on TLS and HTTP, is used for  
BRSKI. This document defines how low-resource devices are expected  
to use EST over DTLS and CoAP. 6LoWPAN fragmentation management and  
minor extensions to CoAP are needed to enable EST over DTLS-secured  
CoAP (EST-coaps).  




Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.  

The IETF Secretariat  

_______________________________________________  
core mailing list  
core@ietf.org  
https://www.ietf.org/mailman/listinfo/core  

_______________________________________________  
core mailing list  
core@ietf.org  
https://www.ietf.org/mailman/listinfo/core