Re: [core] #222: RawPublicKey identifier
"core issue tracker" <trac+core@trac.tools.ietf.org> Mon, 11 June 2012 14:12 UTC
Return-Path: <trac+core@trac.tools.ietf.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B54B21F84AC for <core@ietfa.amsl.com>; Mon, 11 Jun 2012 07:12:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.052
X-Spam-Level:
X-Spam-Status: No, score=-101.052 tagged_above=-999 required=5 tests=[AWL=0.347, BAYES_00=-2.599, J_CHICKENPOX_63=0.6, J_CHICKENPOX_66=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DXf+nukUq-5p for <core@ietfa.amsl.com>; Mon, 11 Jun 2012 07:12:33 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id A2AAF21F8493 for <core@ietf.org>; Mon, 11 Jun 2012 07:12:33 -0700 (PDT)
Received: from localhost ([127.0.0.1]:41704 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from <trac+core@trac.tools.ietf.org>) id 1Se5M3-00011A-2K; Mon, 11 Jun 2012 16:12:27 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: core issue tracker <trac+core@trac.tools.ietf.org>
X-Trac-Version: 0.12.2
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.2, by Edgewall Software
To: zach@sensinode.com
X-Trac-Project: core
Date: Mon, 11 Jun 2012 14:12:27 -0000
X-URL: http://tools.ietf.org/core/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/core/trac/ticket/222#comment:2
Message-ID: <072.426c6dda93961573d9f7639d914d6786@trac.tools.ietf.org>
References: <057.f44297cd39b3b1ff3294035adc0e7f16@trac.tools.ietf.org>
X-Trac-Ticket-ID: 222
In-Reply-To: <057.f44297cd39b3b1ff3294035adc0e7f16@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: zach@sensinode.com, core@ietf.org
X-SA-Exim-Mail-From: trac+core@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Cc: core@ietf.org
Subject: Re: [core] #222: RawPublicKey identifier
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Reply-To: trac+core@trac.tools.ietf.org
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2012 14:12:34 -0000
#222: RawPublicKey identifier #choose ticket.new #when True During the IETF-83 CoRE meeting a slide was presented on how to close the RawPublicKey identifier issue in the draft. Out of the three options presented (just use the public key, define it in the CoAP draft, define it in some other draft), there was room consensus to define this in a separate draft. Ari Keränen took an action point to work on this draft with other security people, which has been completed and published here: http://tools.ietf.org/html/draft-farrell-decade-ni-03 This ticket proposes the following changes: 1. Remove Appendix D 2. Add the following text to Section 10.1.2 (contributed by Ari, thanks!): Provisioning in RawPublicKey Mode The RawPublicKey mode was designed to be easily provisioned in M2M deployments. It is assumed that each device has an appropriate asymmetric public key pair installed. An identifier is calculated from the public key as described in Section 2 of [draft-ni]. All implementations that support checking RawPublicKey identities MUST support at least the sha-256-120 mode (SHA-256 truncated to 120 bits). Implementations SHOULD support also longer length identifiers and MAY support shorter lengths. Note that the shorter lengths provide less security against attacks and their use is NOT RECOMMENDED. Depending on how identifiers are given to the system that verifies them, support for URI, binary, and/or human-readable format [draft-ni] needs to be implemented. All implementations SHOULD support the binary mode and implementations that have a user interface SHOULD also support the human-readable format. During provisioning, the identifier of each node is collected, for example by reading a barcode on the outside of the device or by obtaining a pre-compiled list of the identifiers. These identifiers are then installed in the corresponding end-point, for example an M2M data collection server. The identifier is used for two purposes, to associate the end-point with further device information and to perform access control. During provisioning, an access control list of identifiers the device may start DTLS sessions with SHOULD also be installed. #end #otherwise #if changes_body Changes (by zach@…): * status: new => closed * resolution: => fixed #end #if changes_descr #if not changes_body and not change.comment and change.author Description changed by zach@…: #end -- #end #if change.comment Comment: #end #end #end -- ----------------------------------+--------------------- Reporter: zach@… | Owner: zach@… Type: protocol enhancement | Status: closed Priority: minor | Milestone: Component: coap | Version: Severity: - | Resolution: fixed Keywords: | ----------------------------------+--------------------- Ticket URL: <http://trac.tools.ietf.org/wg/core/trac/ticket/222#comment:2> core <http://tools.ietf.org/core/>
- [core] #222: RawPublicKey identifier core issue tracker
- Re: [core] #222: RawPublicKey identifier core issue tracker
- Re: [core] #222: RawPublicKey identifier core issue tracker
- Re: [core] #222: RawPublicKey identifier Ari Keranen