[Anima] Constrained join proxy - making it generic for multiple onboarding protocols?

Esko Dijk <esko.dijk@iotconsultancy.nl> Fri, 24 May 2024 16:34 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C065DC14F707 for <anima@ietfa.amsl.com>; Fri, 24 May 2024 09:34:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ov5Pdo5BaKC5 for <anima@ietfa.amsl.com>; Fri, 24 May 2024 09:34:32 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2109.outbound.protection.outlook.com [40.107.20.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FA19C14F6E9 for <anima@ietf.org>; Fri, 24 May 2024 09:34:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mE9Ek9OPutq+oJB2OFUZw1lVJwcSHhvajFQNpQrilux2lnYwRmz+hkFIdYM99j1LjniXAcyv5GNVxyG47WrwXqETbl9SMhut0HuNOAJgtZkuiwSLFAH1+m1jgtw3yXjlrkp6MD8BLXFGNav31tWeF3ImgFLdbaiW3yrvZL6jGWYBNSjEkEJLR59vl5GIVCiQH6so7hpbuh6LENT7tT3eLddmIBhEckpddNbmc0GDUKhbfp9me71FZkvIBwLLyqEtbyv1d0AJp/vHuZIm2C7+DnpYy4zVOp08XPYdLWHAmsHi3MVNmVrllko+nq2bZs923waCJhWGvJ8e9EDyT29MZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S49EY1H6dGrkvN+2w1xBbSMhZg3da4S667aseL5PA+s=; b=YCbaJTT7aRNZ7UunGpubpuJj49X/AlmaImUZnnIELo1yP1LAYTbfYj52tKzQeRQ42oRs7U8JnBHoJ/hCsWnwr4YpTosT4hZB+EvgEdyciOpS+cmIuTDFUbujYzan3PjWyLGbpLy9MfAd7b5agr8ws8P/3FyX9oBF6ncde/esqa3UHfUrWLSKqh1c4brzXXMVK2g6whBYkS9NmpGIbf5ECACkwhQb9A2DqLXBMZ9IdKILLVObn4/0ksskL+44aPAI9Ah/Cmqcw2B8jFaZyZ9m9m15pODZPbdeaoNPCcjcDmh1yCKxIsbJKzWb8LcoJVAwyc6DwhDtB2JVDfyH/xfQfQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S49EY1H6dGrkvN+2w1xBbSMhZg3da4S667aseL5PA+s=; b=kBvY6LJwG5plCgGsvzvwS6MJsrU4rzz3aa7u3m8sjLoKRTJnB1Vz4nTEiEgWou4tGTwV70QSC8BclSQOZjlNzDhZ5ZHwPti4LP1MWBMH8wk73pfiz8tAg3YGOuoZcZp8U0VtcunFbz1R0x+/9SR/dICLcFoTZ7eOH+ngUDm13Jk=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by GVXP190MB2154.EURP190.PROD.OUTLOOK.COM (2603:10a6:150:1fc::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.22; Fri, 24 May 2024 16:34:27 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::5abd:5aa2:7005:acc6]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::5abd:5aa2:7005:acc6%6]) with mapi id 15.20.7611.016; Fri, 24 May 2024 16:34:27 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: Constrained join proxy - making it generic for multiple onboarding protocols?
Thread-Index: Adqt96MKjcRXQHXLTlWPn5MfeQ4OAg==
Date: Fri, 24 May 2024 16:34:27 +0000
Message-ID: <DU0P190MB1978F56BD192FC559E33BEDAFDF52@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|GVXP190MB2154:EE_
x-ms-office365-filtering-correlation-id: 56a4fb12-f16d-4b6e-69f4-08dc7c0f6104
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|366007|1800799015|376005|38070700009;
x-microsoft-antispam-message-info: LMBhhQWAOsZfUNEcifFQ2wF0MOzUp0mZCSHWeFnwhiLQ6tF0gr0NKdsAiyHFq9yLVQAAgAaR5bkA+tKAkq/kV/KHJACDoQXRCFQ4xz8ZFVfHtERm6ZaLu6hEdpvo7GzH8asdM/jZqVl7fv+tiv09VaO4Oego/aZL6zGe2l8JSvJOr0b5sbbD8RwecHdsNfFOi3c69PFhRoir3WqdY07ecel0pFlIOvEnIAiJhF8V2hDsWJTaLsA1/YrSvfS+bzkQWLrnBhTtRTaB1k8pnKy9gDLCK4Q+uMl56tHY5D0zWDPa7zXFHca9/qniNOLZajFKbZghFK7UOm74zb43yYwE26Cs2xEAfWlevXrd5HBsFDHY/N9CusflZif3hTPB2FebjqmZJz92F6PcXaJSG9UKIAy99CUGc6e5olsYb/1O8pQOqAjuiyd53HQN5Z6KJxcD+SEG7uBgPYor6habdc0CC30p+6gCS2Y5W+wPb0Ejqfp66AqbWiMdkZ5BdQbhy+ERz+55p6z1ydQs13MUYevMgJZvwvSoVCBFZu7xU3Osl34syRA6nSa/tv/xLTAo832DEI2YtyfyU5HQHy2/2/JSO7M6Xp/3mQOkn11dsQ8TulQ8h54RU6PHl6kJxUaVb3OYrC2SwJH+uPeYS1os3urW8E2Wj2fMYj+GDkU36YkGU8ji6KzUsT71XupQpREY6y3r/WANk3kypuxNW7xa6h3K6MVq7AZUn5DWdI85N2wR0VyubfLZFkJRPl8yW9iylRKGQfOoMsxVIH/KLYdzcSmnmm1NE5pBEXAMoyjhik2j+7I5+gIm5r3WHmRkKyc5uo99fTGkwBgSJ9WeSt4zrk98nc/HzmMEoE37y/MLDYi2CmaYIxRHvCmXz2U1WRq28+VAHlDqEBTXr8T0EkXErsFPft1WQCnsi/CFG8Wypoa9wYMcPJAzwVzH9oTBXp0jKCbyLX/iJ1Z8XtWseAUHfGKs0VsYlzXVD3RozPfpCh4ED9sc3SEMshUQZvVE8UZe5AWXRJkGKw6dV8DcCFjlcjO3EdAbAx4cdc2jb8LDY6dLwF9v3JilvVeUV0ORO+OlWJbZQjBLQqKstP+VznZNIH8PWWVtZPuFc4CQGpTTy1Vz5LNyVjO8X6LrfocbaHhztxvmANxRTHkXx+XaRmmnvq9IC1uvD3ZuI3YUZ5hA3FdZ/mh8VazkWxCXI4QyOa4hGulT4u2FJToDRiV2a8hw97NI7Mx0xpdcvZX7qRhYKj3hJgPrz2Fy5vugmyB11OCoMQ0UH4NqwzH9Cj9XOsGmswXB68xK8HBIve0jde+8KjondTABPSO6vgZciffy0Ql/waRSCMX9UXAosZX6mnp4XRbnTA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366007)(1800799015)(376005)(38070700009);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: HlioXny36GGpm/CeDZGr5fs2i6vnwq5yChG1eFYkteaehVamRv+oQQocPC2Xirrlt1E3BkIFO/EyoyV4bWd8IGeLlb4W8MGWIFQpmgC9KYA2TUHAj7aJMVGIRZ83m6VJeFK/VqvAllwz1GlAwWF4W2ziy6LXupEX3aiepOReDw7isI4ll7qtTn+eIRJl9zQNVdKIiyffKGxebelhP2+mfvwmxRw+3q9DouShCESs77wJ8TGpkjlImcJ8+MnxzbS02ejABoGoso+PIUlptEQ4H89QiN3FyI6RksSJGqRrTm2PLBfjmllUlhwMJFSEuPWWcgsEAj82FcYOUEC2u4OoNHn1CODnmGhobRJKb+pmtu1dpLbELEFBD0AmODDdx7U3w3hWcSQVWaYySqui0VAy5gsrPwbxOga3w/GcXUCLrE/Cnuo5UgKFBvXfv3CVkqjesrmTJ0aZ7GQF1Kgz94A/MPMmleaIrt3Teu3fMIqkxIlxlgCns8aZjYx+6tOWEZMO5PKHvtWTTsd7P6cLSJyUV3rcHZNy8/MXpdNC17+Wl5gimUH+nlQYB+GGHaWuzTy0LEMCzY+OIbW9BnsWl3G7/Typrk70ldiCknh/G7aKVZy8QmLs3Ly6Ky7Fo6soPapzxJMhUTZ7ITExh4M8/R9jWEGQhrtPoIK1/hsrtUAA98ieVartiJQlGMEZOyf2iyVWCVOmR3nOZqQf1WLk5AU5N2DS/XX5zJ5rpI/MRbCfSv1TNvQ7FXjXIgkJYbJL0QleRfhdcNrfy9bgweJU5Spocyr2yUNHbc4UOE/lb6AXwVCLRDBKFvTGhAQoqvqtaEQt9h4E+xlYFyE+uprYEAElthv884GJQKc33wrUiaQqUunTUzJAGIF3sbmO+WHPjXlp4IxdpgaFu0559A46ixnr+YNX6LIKj2u9agkh2bUCgEkfNg33sm7DaAZ8uRuljdufqZrPnEB2LRbkLBjWmTAlj5znrhRqoiujd8FOVIfnoh3YAHgc4Sd0wTlH+lX6m9wp1oohPNqYQTRD1+2nRNzXaDXfYXzfe6ARvhkr1kRqbGXxZkIzjBqAe/qGjXz9Sbfu7A4MdA0+pPoPA54usSVnCzsuixp65ogu/tOeUkn+h5C5lqM6fK+lXjfOIwAQO2B2DUoTt3jGt7r5Sdv0mQA7WefuJxDAbYTowWU5uMuy4muUxM52uux0bqUQtUEa9efMduqfFagJo9kH3nJYjIGRCV5GyunJ0VSP1xoyKvUEM2w3WJPpelFXwjny1RQRVojYhQLIK9fGnaHEIsh+Qj1plIZJ6NzVllChXRnBzEJ4L5ib8xSG61v5Vn2hhPPIjjo6U+oM3Fu+Ci1M4ZCCn/idO0hmsSmQKuMYrSe7nnUqRYYs91n0EdK9UuEbHs8ykVXuCxB9rHWJwsd4bs/eN+n/w9ogeXw8axHj525jmV13+uL/7jfRarCTAoeX6UzAPkIL79qfFqGSZAuHi5NXa4NoKFerWrcBOGBzkjPZBMbUg8LTZazV8g0qwzCk989AI5oXrWahOuVbJ9IVMMYpKabcjVAM+KlMDu9VO+Vw2ETSORtGmFg36UdQE00bWi1Pg1Np
Content-Type: multipart/alternative; boundary="_000_DU0P190MB1978F56BD192FC559E33BEDAFDF52DU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 56a4fb12-f16d-4b6e-69f4-08dc7c0f6104
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2024 16:34:27.3291 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: O7ZocGXI6+aY1CGvXQxsc0mts+zopD5ZMLnm5USRaZYkOLsU42x2ftK3xiUeyd9g0pMTg2UCwmCM66thlHdQwX7Lp3ZkludDrl2rABZKXc0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXP190MB2154
Message-ID-Hash: TXH4S4AN2JRCIXAZWZXNPI7TVATIU2F2
X-Message-ID-Hash: TXH4S4AN2JRCIXAZWZXNPI7TVATIU2F2
X-MailFrom: esko.dijk@iotconsultancy.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-anima.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Anima] Constrained join proxy - making it generic for multiple onboarding protocols?
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/H2ECipSzd6Q2ke9QQS2X8qdJ4yI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Owner: <mailto:anima-owner@ietf.org>
List-Post: <mailto:anima@ietf.org>
List-Subscribe: <mailto:anima-join@ietf.org>
List-Unsubscribe: <mailto:anima-leave@ietf.org>

Hi all,



This week we had an interesting event at INRIA Paris, the lightweight IoT security hackathon. Various onboarding / bootstrap approaches were also discussed including new ones based on the EDHOC protocol and existing ones (Thread, 6tisch, cBRSKI).

What I realized there is that all these zero-touch onboarding protocols basically need and can use the same mechanism of relaying data, as described in this draft. So it should be very well possible to make a really generic join-proxy definition that works for multiple methods (also future methods - which is great - existing legacy join proxies that don't even know about these new methods will just work for them, relaying the data). We already did start discussing this approach for new BRSKI variants but I think it can equally work for non-BRSKI onboarding methods.



Basically the join proxy is just relaying data without knowing what's inside - it could be any data, any format. As long as it gets delivered to the right entity (e.g. a Registrar) that knows how to parse it and what to send back.



Just wanted to say this, comments are welcome but if no comments then it's also fine ;-)



Regards

Esko