Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt

peter van der Stok <stokcons@xs4all.nl> Mon, 31 October 2016 08:24 UTC

Return-Path: <stokcons@xs4all.nl>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E4BC129454 for <anima-bootstrap@ietfa.amsl.com>; Mon, 31 Oct 2016 01:24:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6X3fqtsZZL-4 for <anima-bootstrap@ietfa.amsl.com>; Mon, 31 Oct 2016 01:24:51 -0700 (PDT)
Received: from lb1-smtp-cloud6.xs4all.net (lb1-smtp-cloud6.xs4all.net [194.109.24.24]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAC58127A90 for <anima-bootstrap@ietf.org>; Mon, 31 Oct 2016 01:24:50 -0700 (PDT)
Received: from webmail.xs4all.nl ([194.109.20.203]) by smtp-cloud6.xs4all.net with ESMTP id 28Qn1u00M4NtgTm018QnAX; Mon, 31 Oct 2016 09:24:48 +0100
Received: from AMontpellier-654-1-191-199.w92-145.abo.wanadoo.fr ([92.145.170.199]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Mon, 31 Oct 2016 09:24:47 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 31 Oct 2016 09:24:47 +0100
From: peter van der Stok <stokcons@xs4all.nl>
To: Julien Vermillard <jvermillard@gmail.com>
Organization: vanderstok consultancy
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <CAN9CcB8OGOcWGxPfb+Zk+PQn_2EpR5SdTS78iT5tvwFKxrC04g@mail.gmail.com>
References: <147775346922.30618.14590857285848221161.idtracker@ietfa.amsl.com> <e191cf557b00e7003048fac4e72ba59c@xs4all.nl> <CAN9CcB8OGOcWGxPfb+Zk+PQn_2EpR5SdTS78iT5tvwFKxrC04g@mail.gmail.com>
Message-ID: <18a2aac4439c589297fe2739c4500dd3@xs4all.nl>
X-Sender: stokcons@xs4all.nl (PxR4zFVlexXFG7UlgVIPrkrbjR8m/cem)
User-Agent: XS4ALL Webmail
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/lDRufONtpCv0Q-WZ09pMnb40RoE>
Cc: Anima-bootstrap <anima-bootstrap@ietf.org>, Core <core@ietf.org>, consultancy@vanderstok.org
Subject: Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: consultancy@vanderstok.org
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 08:24:53 -0000

Hi Julien,

thanks for your interest.
Many thanks for this comment.
We urgently needed a write-up for "EST over coaps" within the context of 
commissioning IoT devices.
The use of other means than certificates seemed very unlikely to us, 
given the quantity of devices and other installation constraints.

However, when the need exists for PSK based authentication, we probably 
need to put that in as well.
As stated below, we want to integrate the draft with the work done in 
coap-bootstrap, and there PSK based authentication was originally 
foreseen.

I hope this answers your question,

Peter

Julien Vermillard schreef op 2016-10-31 08:54:
> Hi,
> It's something I would like to implement, but I have a question:
> why the draft doesn't support PSK based authentication (only
> certificates), because I have a fleet of device using PSK and I would
> like to move them to X.509 based auth.
> My plan is to use EST over CoAP, do the initial auth using DTLS-PSK
> and then move to regular DTLS X.509 mutual auth.
> 
> --
> Julien Vermillard
> On Sat, Oct 29, 2016 at 5:11 PM, peter van der Stok
> <stokcons@xs4all.nl> wrote:
> 
>> Dear all,
>> 
>> we have submitted a new draft  Enrollment over Secure Transport
>> (EST) over coaps to make BRSKI over coap possible.
>> We expect (parts of) this draft to be integrated with coap-bootstrap
>> draft of pritikin and Kampanakis.
>> This draft removes EST functionality not absolutely needed within
>> the context we expect the BRSKI deployment for low-resource devices.
>> 
>> Greetings,
>> 
>> Peter
>> 
>> -------- Oorspronkelijke bericht --------
>> Onderwerp: New Version Notification for
>> draft-vanderstok-core-coap-est-00.txt
>> Datum: 2016-10-29 17:04
>> Afzender: internet-drafts@ietf.org
>> Ontvanger: "Peter van der Stok" <consultancy@vanderstok.org>rg>, "Peter
>> Van der Stok" <consultancy@vanderstok.org>rg>, "Sandeep Kumar"
>> <ietf@sandeep.de>de>, "Sandeep S. Kumar" <ietf@sandeep.de>
>> 
>> A new version of I-D, draft-vanderstok-core-coap-est-00.txt
>> has been successfully submitted by Peter van der Stok and posted to
>> the
>> IETF repository.
>> 
>> Name:           draft-vanderstok-core-coap-est
>> Revision:       00
>> Title:          EST based on DTLS secured CoAP (EST-coaps)
>> Document date:  2016-10-29
>> Group:          Individual Submission
>> Pages:          15
>> URL:
>> 
> https://www.ietf.org/internet-drafts/draft-vanderstok-core-coap-est-00.txt
>> [1]
>> Status:
>> https://datatracker.ietf.org/doc/draft-vanderstok-core-coap-est/ [2]
>> Htmlized:
>> https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00 [3]
>> 
>> Abstract:
>> Low-resource devices in a Low-power and Lossy Network (LLN) can
>> operate in a mesh network using the IPv6 over Low-power Personal
>> Area
>> Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards.
>> Provisioning these devices in a secure manner with keys (often
>> called
>> security bootstrapping) used to encrypt and authenticate messages
>> is
>> the subject of Bootstrapping of Remote Secure Key Infrastructures
>> (BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra].  Enrollment over
>> Secure Transport (EST) [RFC7030], based on TLS and HTTP, is used
>> for
>> BRSKI.  This document defines how low-resource devices are
>> expected
>> to use EST over DTLS and CoAP. 6LoWPAN fragmentation management
>> and
>> minor extensions to CoAP are needed to enable EST over
>> DTLS-secured
>> CoAP (EST-coaps).
>> 
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org
>> [4].
>> 
>> The IETF Secretariat
>> 
>> _______________________________________________
>> core mailing list
>> core@ietf.org
>> https://www.ietf.org/mailman/listinfo/core [5]
> 
> 
> 
> Links:
> ------
> [1] 
> https://www.ietf.org/internet-drafts/draft-vanderstok-core-coap-est-00.txt
> [2] https://datatracker.ietf.org/doc/draft-vanderstok-core-coap-est/
> [3] https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00
> [4] http://tools.ietf.org
> [5] https://www.ietf.org/mailman/listinfo/core
> _______________________________________________
> Anima-bootstrap mailing list
> Anima-bootstrap@ietf.org
> https://www.ietf.org/mailman/listinfo/anima-bootstrap