Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt

Michel Veillette <> Tue, 01 November 2016 15:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9763C129AA6; Tue, 1 Nov 2016 08:30:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FBQBLqb9BRzn; Tue, 1 Nov 2016 08:30:29 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8CFBD129AB6; Tue, 1 Nov 2016 08:30:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-trilliantinc-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=rlUHUzknxgNVNW+HFnXmDyPGJX8X9lKgKDCNFJVwq4U=; b=QQfH4mDVVN5xhRtSD4eW0Fbchl2ihyFHkab1EKoSYKL/xi2zDF5JYO/s0TBenv7qMeQE7YKPOP7qzVEZARMC6/4uHjl3RJSobv79k8u7mzZmKG24OYnyZ329OaMC0+HYTqgjzhnHlALSndLH1KPbeyITbiow8LYwhAXYXSNEjbk=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.693.12; Tue, 1 Nov 2016 15:30:27 +0000
Received: from ([]) by ([]) with mapi id 15.01.0679.015; Tue, 1 Nov 2016 15:30:26 +0000
From: Michel Veillette <>
To: "" <>, Anima-bootstrap <>, Core <>
Thread-Topic: [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt
Thread-Index: AQHSMfbT9L6wtjR1qUmGz/IT6U8mBaDEQd4g
Date: Tue, 1 Nov 2016 15:30:26 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: fr-CA, en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-microsoft-exchange-diagnostics: 1; BN6PR06MB2611; 7:B7fYQN55Pn5Q8pLf3MApLWHjyW1bBoshhLdSY0U3ck5lmUvUv2uCNZzy35XShCT8WWsQFMgTx2JVoGmxniSp0c574hDlutqTyayAPn8nlncPMBVLcRQMd33g9ZBrhE0eJhEHF5oG+rDvOXPc0G7+4ZRgmzwVmxt2KVVLKDcy6jUvMx9oF/hiZwkBLt+k9pyBJCWhZWLhiY9/yMSrbtZAEFbm30xhw2xbzentIermciwYPk/FS/Kc1dVNQIpz1ZJTqpeH11qsYJl2/nISPJsuRX4n/OOURGNP1k90zwCcWy+pVzx9qotu17Kl06L7GeLfD2bdLA7f3yYZzoFZKz/HS1M9nnsGNx+kByqj1iC9EOY=
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10019020)(6009001)(7916002)(199003)(377454003)(377424004)(13464003)(189002)(2950100002)(7736002)(54356999)(15975445007)(5002640100001)(2900100001)(77096005)(76176999)(15650500001)(8676002)(50986999)(81166006)(86362001)(230783001)(81156014)(8936002)(3660700001)(101416001)(92566002)(2501003)(586003)(122556002)(74316002)(3280700002)(33656002)(9686002)(31430400001)(68736007)(2906002)(305945005)(107886002)(5660300001)(99286002)(105586002)(66066001)(189998001)(5001770100001)(3846002)(106116001)(6116002)(76576001)(102836003)(7846002)(19580405001)(7696004)(97736004)(19580395003)(87936001)(4001150100001)(10400500002)(106356001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR06MB2611;; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-correlation-id: 5a183daa-99a4-4415-4fc9-08d4026c011d
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN6PR06MB2611;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(120809045254105)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001); SRVR:BN6PR06MB2611; BCL:0; PCL:0; RULEID:; SRVR:BN6PR06MB2611;
x-forefront-prvs: 01136D2D90
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2016 15:30:26.2392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4f6fbd13-0dfb-4150-85c3-d43260c04309
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2611
Archived-At: <>
Subject: Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Nov 2016 15:30:31 -0000

Hi Peter

In section 3 of "draft-vanderstok-core-coap-est-00", "Server-generated key" is listed as supported.
This service returns two components, a PKCS8 containing the private key material and a PKCS7 containing the device certificate chain.
In RFC7030, this information is returned using a Content-Type: multipart/mixed.
How this is supported in "draft-vanderstok-core-coap-est-00"?

     REQ: POST /.well-known/est/serverkeygen (Content-Format: application/pkcs10)
     <ASN.1 CertificationRequest>  // Certificate request carry in a PKCS10
    RES: 2.05 Content (Content-Format: ???)
    <ASN.1 ContentSet>            // Private key material for this node carry in a PKCS8
    <ASN.1 ContentInfo>           // Certificate and associated PKI for this node carry in a PKCS7


-----Original Message-----
From: core [] On Behalf Of peter van der Stok
Sent: Saturday, October 29, 2016 11:12 AM
To: Anima-bootstrap <>rg>; Core <>
Subject: [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt

Dear all,

we have submitted a new draft  Enrollment over Secure Transport (EST) over coaps to make BRSKI over coap possible.
We expect (parts of) this draft to be integrated with coap-bootstrap draft of pritikin and Kampanakis.
This draft removes EST functionality not absolutely needed within the context we expect the BRSKI deployment for low-resource devices.



-------- Oorspronkelijke bericht --------
Onderwerp: New Version Notification for draft-vanderstok-core-coap-est-00.txt
Datum: 2016-10-29 17:04
Ontvanger: "Peter van der Stok" <>rg>, "Peter Van der Stok" <>rg>, "Sandeep Kumar" 
<>de>, "Sandeep S. Kumar" <>

A new version of I-D, draft-vanderstok-core-coap-est-00.txt
has been successfully submitted by Peter van der Stok and posted to the IETF repository.

Name:		draft-vanderstok-core-coap-est
Revision:	00
Title:		EST based on DTLS secured CoAP (EST-coaps)
Document date:	2016-10-29
Group:		Individual Submission
Pages:		15

    Low-resource devices in a Low-power and Lossy Network (LLN) can
    operate in a mesh network using the IPv6 over Low-power Personal Area
    Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards.
    Provisioning these devices in a secure manner with keys (often called
    security bootstrapping) used to encrypt and authenticate messages is
    the subject of Bootstrapping of Remote Secure Key Infrastructures
    (BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra].  Enrollment over
    Secure Transport (EST) [RFC7030], based on TLS and HTTP, is used for
    BRSKI.  This document defines how low-resource devices are expected
    to use EST over DTLS and CoAP. 6LoWPAN fragmentation management and
    minor extensions to CoAP are needed to enable EST over DTLS-secured
    CoAP (EST-coaps).

Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at

The IETF Secretariat

core mailing list