Re: [Anima-bootstrap] [Ace] Constrained Environment PKI enrollment (fwd) Shahid Raza: Re: [Ace] Constrained Environment PKI enrollment

Michael Richardson <> Mon, 06 June 2016 18:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D646712D537; Mon, 6 Jun 2016 11:31:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id G2kmdUhbck1c; Mon, 6 Jun 2016 11:31:46 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D786012D528; Mon, 6 Jun 2016 11:31:45 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 0D49E2015D; Mon, 6 Jun 2016 14:38:48 -0400 (EDT)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 185C7638BF; Mon, 6 Jun 2016 14:31:45 -0400 (EDT)
From: Michael Richardson <>
To: tisch-security <>, anima-bootstrap <>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Mon, 06 Jun 2016 14:31:45 -0400
Message-ID: <>
Archived-At: <>
Subject: Re: [Anima-bootstrap] [Ace] Constrained Environment PKI enrollment (fwd) Shahid Raza: Re: [Ace] Constrained Environment PKI enrollment
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Jun 2016 18:31:48 -0000

A thread from ACE that you may not have seen.

--- Begin Message ---
We (SICS and neXus) have been working on this since September last year and designed and implemented an enrollment protocol over secure CoAP. Both the specifications and the Contiki source code will be available soon. This is done under the umbrella of a Swedish project called CEBOT: Certificate Enrollment in Billions of Things.


> On 03 Jun 2016, at 17:08, Samuel Erdtman <> wrote:
> The company I previously worked for where looking into adopting EST for this purpose, the benefit of EST compared to cmp or scep was that it defined the process for server side generated keys, which could be beneficial if key generation would be to cumbersome for the device or if you don't trust the device to generate a "good" key.
> Maybe Shahid could give sold more updates since he was helping us with this project
> On Thursday, 2 June 2016, Julien Vermillard < <>> wrote:
> Hi,
> In industrial or enterprise M2M/IoT application we often use PSK for authentication, but more and more user want to enroll the device on their public key infrastructure like they does with some routers using SCEP/CMP.
> I wonder if it was explored to enroll devices, and renew certificates on PKI only using CoAP and not HTTP?
> --
> Julien Vermillard
> _______________________________________________
> Ace mailing list

Ace mailing list
--- End Message ---
Michael Richardson <>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-