Re: [Coin] Interim in 12 minutes
Pascal Urien <pascal.urien@gmail.com> Tue, 18 October 2022 09:35 UTC
Return-Path: <pascal.urien@gmail.com>
X-Original-To: coin@ietfa.amsl.com
Delivered-To: coin@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43BAAC14F740 for <coin@ietfa.amsl.com>; Tue, 18 Oct 2022 02:35:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MiGihiTSa3px for <coin@ietfa.amsl.com>; Tue, 18 Oct 2022 02:35:30 -0700 (PDT)
Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9018EC14F693 for <coin@irtf.org>; Tue, 18 Oct 2022 02:35:30 -0700 (PDT)
Received: by mail-pg1-x533.google.com with SMTP id s196so11529212pgs.3 for <coin@irtf.org>; Tue, 18 Oct 2022 02:35:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RDKzHZbmgx38XCsi5cL5BxPlGteMnPP6PhjZodcoYfY=; b=kI5FgnFpUc68CquNy6JOzr0INAcrDG+/8uoS5yosEKVEcZzC1etsBUlpWXnYa9WLrZ vUjpIVe0IQazNQ1W9cMmqs/PUmWXiqh2jrIJtLeqvPN0WH0UhvEPTZNxDuQtJCS8p+C/ T+REsp827/kbDC1PzM0gLgM4s1SpvclBfuu+I9pTMv4FXENiuA1j7aF/qKrpbiExsi01 sTg5U+Bh8Tg/0obd6+w2AYlhnnhU4klbvFln6Po+IawVWZc5NR6QjBTQP8XctQZTX1F0 DhglPPvmF2+jtyyO7LMvEeb89i1+bEiQaJwJ3a7SvHe5/XXt/avjVV7IOsWfUohhxHVG LTGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RDKzHZbmgx38XCsi5cL5BxPlGteMnPP6PhjZodcoYfY=; b=NqqrwSb1pBIJsvKMj+m8KemhfACCHaz2grTSTK0q+LCWBadoc83zTB+jvgJPOQcXsG hg2zJCy1kpx6tJtZmW1dua7IIFDyPvZmUv0U4FNMpCR6Wed9yRVW5HPHL3jWny47E0aT p7N2sv0rpxSIXKOv9Qv7Y6ZB65NEFBGVOySnVF9jjrpggy9Nr5pEAp3klX7hJeBXH2yP A9YBj6yFvGxOwbvPvXGFbOjk5omCMDPsftpSnrqXfSrVRt1s8t7o1O6rCPUsy1cKtaXa zaqyUdBUAIndEluSuDdmteIPdcu7a1OsBHb36JeT/pgo6ssK4r6dgAspo0u21k0UbuZV kMOw==
X-Gm-Message-State: ACrzQf0X0OV1jcpcfgTBk1ujAXDEnBeSMJBSLwFS0O7LR6dyhr9+2fT8 hjGZpTLbVfLwojvocZ6LVFBO5Y3cBUop0ksuUmE=
X-Google-Smtp-Source: AMsMyM44FUNYgN1eP7FNXGvVtbVlhK4P8M/CiEzgVZPzOOJXcgabbEvaB5HsO/fY9Xj6AjAekr3HpGa4EdzcNUrsaFc=
X-Received: by 2002:a63:6a09:0:b0:43a:20d4:85fe with SMTP id f9-20020a636a09000000b0043a20d485femr1830634pgc.625.1666085729404; Tue, 18 Oct 2022 02:35:29 -0700 (PDT)
MIME-Version: 1.0
References: <CAPjWiCQ2FiHCLxjehWOPa+4_+5yzUQVPr675=GEk8xowOCjdvQ@mail.gmail.com>
In-Reply-To: <CAPjWiCQ2FiHCLxjehWOPa+4_+5yzUQVPr675=GEk8xowOCjdvQ@mail.gmail.com>
From: Pascal Urien <pascal.urien@gmail.com>
Date: Tue, 18 Oct 2022 11:35:18 +0200
Message-ID: <CAEQGKXSqow4=wCa03Q5f+pKvVUPRg5w6Nix5jg0BiczpvEcGVQ@mail.gmail.com>
To: Marie-Jose Montpetit <marie@mjmontpetit.com>
Cc: coin@irtf.org, coinrg-chairs <coinrg-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000110f9605eb4bd0da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/coin/U65sEeIB4TizvUDiKuZLZYwm0Ew>
Subject: Re: [Coin] Interim in 12 minutes
X-BeenThere: coin@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "COIN: Computing in the Network" <coin.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/coin>, <mailto:coin-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/coin/>
List-Post: <mailto:coin@irtf.org>
List-Help: <mailto:coin-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/coin>, <mailto:coin-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2022 09:35:31 -0000
Dear chair I would like to present the IOSE project at the next WG meeting. It is an open research project that aims to deploy secure and trusted computing resources on the Internet. The source codes of the project are available on github. A short presentation is available at https://datatracker.ietf.org/meeting/114/materials/slides-114-hotrfc-sessa-internet-of-secure-elements-pascal-urien-00.pdf Here is a short summary ===================. The goal of the Internet Secure Elements (IOSE) project [1] [2] is to deploy trusted cryptographic resources identified by Uniform Resource Identifiers (URI) for Internet users The problems to be solved are to guarantee to the user the authenticity of the remote resource used, its level of security, and its exclusive access. Other aspects are scalability and costs. The IOSE technology is based on secure elements; 10 billion of secure elements are produced each year, of which 6 billion are javacards for which programs can be written in java. The project uses two plans, first for administration and second for service. Administration plane consists of listing, removing and uploading applications in secure elements. Most secure elements use Global Platform protocols (over ISO7816) to perform these operations. - Remote APDU Call Secure (RACS) [3], transports GP protocols, over TLS sessions - End entities are mutually authenticated by X509 certificates - In this context secure elements are identified by Secure Element Identifier (SEID), inserted in RACS messages The service plane relies on TLS 1.3 interface, named TLS-SE (TLS for Secure Element)[4] - Secure Elements run TLS1.3 server, using pre-shared-key (PSK), and a server name (SEN). - The server name is found in the historical bytes (up to 15 bytes) of the secure element Answer To Reset (ATR). - TLS packets are transported over ISO7816 interface - The client-facing server finds in the ClientHello Server Name Indication (SNI) the secure element name (SEN). Thereafter it performs segmentation/reassembly operations in order to transport TLS packet over the communication interface. - Optional TLS Identity Module (TLS-IM) [5] computes PSK procedures - Secure element is the backend server, identified by a server name The attestation procedure transfers secure element control from application provider to user. Its security relies on two properties: -1) secure element cannot be cloned; -2) and it manages only one TLS session at a given time. IOSE server open code (windows, linux) and javacard code for TLS_SE and TLS-IM are available at github [2] [1] https://datatracker.ietf.org/doc/draft-urien-coinrg-iose [2] https://github.com/purien/IoSE [3] https://datatracker.ietf.org/doc/draft-urien-core-racs [4] https://datatracker.ietf.org/doc/draft-urien-tls-se [5] https://datatracker.ietf.org/doc/draft-urien-tls-im Best Regards Pascal
- [Coin] Interim in 12 minutes Marie-Jose Montpetit
- Re: [Coin] Interim in 12 minutes Pascal Urien
- [Coin] Presentation at IETF 115 Meeting ? Pascal Urien
- Re: [Coin] Presentation at IETF 115 Meeting ? Marie-Jose Montpetit