IETF Logo Mail Archive

Re: [Anima] CoAP et al

Rafa Marin Lopez <rafa@um.es> Tue, 16 August 2016 22:28 UTC

Return-Path: <rafa@um.es>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9932612D8CB for <anima@ietfa.amsl.com>; Tue, 16 Aug 2016 15:28:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.468
X-Spam-Level:
X-Spam-Status: No, score=-5.468 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfsYOga04PLR for <anima@ietfa.amsl.com>; Tue, 16 Aug 2016 15:28:26 -0700 (PDT)
Received: from xenon23.um.es (xenon23.um.es [155.54.212.163]) by ietfa.amsl.com (Postfix) with ESMTP id 8D43112D519 for <anima@ietf.org>; Tue, 16 Aug 2016 15:28:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by xenon23.um.es (Postfix) with ESMTP id E8FD2BEF9; Wed, 17 Aug 2016 00:28:24 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at xenon23.um.es
Received: from xenon23.um.es ([127.0.0.1]) by localhost (xenon23.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bbUXQzFHbAL8; Wed, 17 Aug 2016 00:28:24 +0200 (CEST)
Received: from [192.168.1.34] (199.red-88-14-208.dynamicip.rima-tde.net [88.14.208.199]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: rafa) by xenon23.um.es (Postfix) with ESMTPSA id 1A1D3BECC; Wed, 17 Aug 2016 00:28:22 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Rafa Marin Lopez <rafa@um.es>
In-Reply-To: <cb9c96c8-5996-5c82-dae4-98f957256a5a@gmail.com>
Date: Wed, 17 Aug 2016 00:28:21 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <3B0EDD77-24D5-41D0-A4EE-BD58E6ED602B@um.es>
References: <4108581b-d6b8-b284-eb26-d3c047372aae@cisco.com> <1156D983-9628-41BC-8180-66999CABE3F6@um.es> <CAC8QAceZ=2fKHZCk_LVSWaMj+OjbaugdZ+wuRdOyB4+-ngJGyg@mail.gmail.com> <FBE8FAB1-E6F5-4580-96B6-2E410934EFE2@um.es> <cb9c96c8-5996-5c82-dae4-98f957256a5a@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/OsUr8vehpZgyvL9w0kX7i2RmgSY>
Cc: "anima@ietf.org" <anima@ietf.org>
Subject: Re: [Anima] CoAP et al
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2016 22:28:29 -0000

Hi Brian:

Thanks for the clarification. The only intention of my e-mail was to show that the usage of CoAP for bootstrapping (in constrained devices) was also considered in our work.

The abstract you mention and the work you are doing in ANIMA are both fine with me. 

Best Regards.


> El 16 ago 2016, a las 2:48, Brian E Carpenter <brian.e.carpenter@gmail.com> escribió:
> 
> Let's be clear about the Anima context for "bootstrapping". You don't have
> to look beyond the document abstract:
> 
> "  This document specifies automated bootstrapping of a remote secure
>   key infrastructure (BRSKI) using vendor installed IEEE 802.1AR
>   manufacturing installed certificates, in combination with a vendor
>   based service on the Internet."
> 
> Obviously it's assumed that there is some kind of *insecure* connectivity
> first. Which obviously implies a preceding insecure bootstrap of
> some kind, but that is not the topic.
> 
> And, repeating myself I think, Anima is primarily aimed at nodes that
> manage devices, not at the devices themselves. However, we'd like BRSKI
> to be available to all devices, hence Max wrote draft-pritikin-coap-bootstrap.
> Again, please read the abstract:
> 
> "  This document provides an initial discussion of Bootstrapping of
>   Remote Secure key infrastructures (BRSKI) when the device being
>   bootstrapped speaks CoAP."
> 
> Regards
>   Brian
> 
> On 16/08/2016 11:58, Rafa Marin Lopez wrote:
>> Hi Behcet:
>> 
>>> El 15 ago 2016, a las 18:18, Behcet Sarikaya <sarikaya2012@gmail.com> escribió:
>>> 
>>> Hi Rafa,
>>> 
>>> On Sun, Aug 14, 2016 at 7:05 AM, Rafa Marin Lopez <rafa@um.es> wrote:
>>>> Dear all:
>>>> 
>>>> Related with the usage of CoAP for bootstrapping in constrained devices (using EAP and AAA infrastructures) we wrote this I-D:
>>>> 
>>>> https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-03
>>>> 
>>>> and wrote this paper that may be of your interest:
>>>> 
>>>> http://www.mdpi.com/1424-8220/16/3/358
>>>> 
>>> 
>>> 
>>> Thanks for your work.
>> 
>> [Rafa] Thanks for your comments.
>>> 
>>> One thing I would like to clarify:
>>> IoT bootstrapping should be done before the device gets an IP address.
>> 
>> [Rafa] As you may know IPv6 link-local address may be used. I may agree with your statement in a “global” or “routable" IP address. But, I guess, it will depend on the scenario. In any case, I think we should first agree in what IoT bootstrapping means and what are the requirements (MAY, MUST, SHOULD, …)
>> 
>>> I think that CoAP works over IP, i.e.e the device already has been
>>> assigned an IP address.
>> 
>> [Rafa] CoAP is being considered to be transported over the link-layer directly (e.g. draft-bormann-6lo-coap-802-15-ie-00 or draft-wang-6tisch-6top-coapie-01). Another example in LP-WAN (draft-pelov-core-cosol-01)
>> 
>> Btw there are also other protocols working on top of UDP (as CoAP) considered to be transported directly over the link-layer (e.g. IKEv2) as you may know. 
>> 
>>> 
>>> So whatever you do can not be called bootstrapping maybe something
>>> else which is security related, maybe some application layer key
>>> establishment.
>> 
>> [Rafa] For the reasons mentioned above, I still call it bootstrapping
>> 
>> Best Regards.
>> 
>>> 
>>> Regards,
>>> 
>>> Behcet
>>>> Comments are welcome.
>>>> 
>>>> Best Regards.
>>>> 
>>>>> El 3 ago 2016, a las 15:55, Eliot Lear <lear@cisco.com> escribió:
>>>>> 
>>>>> Dear authors of draft-ietf-anima-bootstrapping-keyinfra and WG,
>>>>> 
>>>>> The Fairhair alliance focuses on lighting and building automation.  Our
>>>>> security team has been reviewing your draft, and we appreciate the
>>>>> effort that you are devoting in this direction.  We would just like to
>>>>> highlight at this junction that there is a preference for device
>>>>> communications from the autonomic device to the registrar to be via COAP
>>>>> over DTLS rather than HTTP over TLS, primarily because the devices that
>>>>> we are working with will already have a CoAP implementation.  As such,
>>>>> there is some interest in draft-pritikin-coap-bootstrap-03.txt.  We look
>>>>> forward to seeing that work further developed.
>>>>> 
>>>>> On behalf of the Fairhair security subgroup,
>>>>> 
>>>>> Eliot
>>>>> 
>>>>> ps: as usual, I will encourage fairhair members to directly chime in
>>>>> with their own views on this matter.
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Anima mailing list
>>>>> Anima@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/anima
>>>> 
>>>> -------------------------------------------------------
>>>> Rafael Marin Lopez, PhD
>>>> Dept. Information and Communications Engineering (DIIC)
>>>> Faculty of Computer Science-University of Murcia
>>>> 30100 Murcia - Spain
>>>> Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es
>>>> -------------------------------------------------------
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Anima mailing list
>>>> Anima@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/anima
>>> 
>>> _______________________________________________
>>> Anima mailing list
>>> Anima@ietf.org
>>> https://www.ietf.org/mailman/listinfo/anima
>> 
>> -------------------------------------------------------
>> Rafael Marin Lopez, PhD
>> Dept. Information and Communications Engineering (DIIC)
>> Faculty of Computer Science-University of Murcia
>> 30100 Murcia - Spain
>> Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es
>> -------------------------------------------------------
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Anima mailing list
>> Anima@ietf.org
>> https://www.ietf.org/mailman/listinfo/anima
>> 
> 

-------------------------------------------------------
Rafael Marin Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es
-------------------------------------------------------

v2.23.0 | Report a Bug | By Email