Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft

Peter van der Stok <stokcons@bbhmail.nl> Fri, 22 June 2018 10:06 UTC

Return-Path: <stokcons@bbhmail.nl>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D21A51274D0 for <core@ietfa.amsl.com>; Fri, 22 Jun 2018 03:06:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oSIun6ADrvCl for <core@ietfa.amsl.com>; Fri, 22 Jun 2018 03:06:50 -0700 (PDT)
Received: from smtprelay.hostedemail.com (smtprelay0056.hostedemail.com [216.40.44.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98DE2130E19 for <core@ietf.org>; Fri, 22 Jun 2018 03:06:50 -0700 (PDT)
Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay05.hostedemail.com (Postfix) with ESMTP id 4A0FB1819DE92; Fri, 22 Jun 2018 10:06:49 +0000 (UTC)
X-Session-Marker: 73746F6B636F6E73406262686D61696C2E6E6C
X-Spam-Summary: 2, 0, 0, , d41d8cd98f00b204, stokcons@bbhmail.nl, :::::::, RULES_HIT:41:152:355:379:582:599:800:960:962:967:973:988:989:1152:1189:1221:1260:1313:1314:1345:1359:1436:1437:1516:1517:1518:1535:1544:1575:1588:1589:1592:1594:1711:1712:1730:1776:1792:2198:2199:2527:2528:2551:2553:2559:2562:2692:2894:2901:3138:3139:3140:3141:3142:3353:3586:3622:3865:3866:3867:3868:3870:3871:3872:3873:3874:4118:4250:4321:4362:5007:6117:6119:6261:6298:6657:6659:6678:7576:7809:7875:7901:7903:8583:8603:8957:9010:9080:9545:10004:10848:11232:11657:11658:11914:12043:12050:12295:12438:12663:12740:12895:13139:13436:13439:13846:13972:14181:14721:21080:21433:21451:21625:30029:30054:30090:30091, 0, RBL:216.40.42.5:@bbhmail.nl:.lbl8.mailshell.net-62.8.55.100 66.201.201.201, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:fn, MSBL:0, DNSBL:none, Custom_rules:0:0:0, LFtime:28, LUA_SUMMARY:none
X-HE-Tag: trip05_130550d0f548
X-Filterd-Recvd-Size: 7942
Received: from mail.bbhmail.nl (imap-ext [216.40.42.5]) (Authenticated sender: webmail@stokcons@bbhmail.nl) by omf08.hostedemail.com (Postfix) with ESMTPA; Fri, 22 Jun 2018 10:06:48 +0000 (UTC)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_d88f4dc2612bf4ad5911beb27c86c897"
Date: Fri, 22 Jun 2018 12:06:47 +0200
From: Peter van der Stok <stokcons@bbhmail.nl>
To: Jim Schaad <ietf@augustcellars.com>
Cc: consultancy@vanderstok.org, 'Hannes Tschofenig' <Hannes.Tschofenig@arm.com>, core@ietf.org
Organization: vanderstok consultancy
Reply-To: consultancy@vanderstok.org
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <00d001d406ff$d1392f80$73ab8e80$@augustcellars.com>
References: <VI1PR0801MB2112B9A4410DA3EDE39183BEFA9B0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <9970c70fea6ea457c74c8ae3ca303f76@xs4all.nl> <4EBB3DDD0FBF694CA2A87838DF129B3C01F48F8A@DEFTHW99EL4MSX.ww902.siemens.net> <VI1PR0801MB2112CCC0F54274336BFE3EB7FA930@VI1PR0801MB2112.eurprd08.prod.outlook.com> <3b2ad29ec49c83c31646b38e856c0ae7@xs4all.nl> <29a9636a3703e43947fce2f4cb900825@bbhmail.nl> <00d001d406ff$d1392f80$73ab8e80$@augustcellars.com>
Message-ID: <c33454ea90c9219419410990ae624c65@bbhmail.nl>
X-Sender: stokcons@bbhmail.nl
User-Agent: Roundcube Webmail/1.2.7
X-Originating-IP: [90.0.250.16]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/6Cd8TrPHp4V6Xaa9qA2ohFtcY8U>
Subject: Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2018 10:06:53 -0000

H JIm,

thanks, see below for fast questions

Peter
Jim Schaad schreef op 2018-06-18 14:28:

> A couple of fast comments below 
> 
> Jim 
> 
> to assign a value to the endpoint name of the endpoint to be registered. Three possibilities are supported: 
> 
> FROM: core <core-bounces@ietf.org> ON BEHALF OF Peter van der Stok
> SENT: Monday, June 18, 2018 2:53 AM
> TO: consultancy@vanderstok.org
> CC: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; core@ietf.org
> SUBJECT: Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft 
> 
> * For PSK-based credential, the Endpoint Name becomes the PSK Identity
> 
> [JLS] PSK identities are binary and not text strings so a mapping is going to be needed here as with RPKs.
> 
> <pvds> I understand, Is there a standard way to do so? otherwise, a BSD64 representation of the RPK or PSK key is all-right? </pvds>
> 
> * For raw-public keys, the Endpoint Name becomes the SubjectPublicKeyInfo structure (or a hash of it).
> * For certificates, the Endpoint Name becomes the leftmost CN component of subject name or the SubjectAltName of the certificate, depending on what is used.
> 
> An access token MAY include one of the two following new claims: 
> 
> "epn" endpoint name with value the identifier part of one of the 3 possible identifier parts of the security ccontext. 
> 
> [JLS] Why not use the 'normal' subject name? Would you think that they are the same or different? 
> 
> <pvds> I seem to miss this. the intention is to provide the same  three epn identifiers (RPK, PSK, certificate) for the three cases:
> - ep registers itself,
> - 3rd party registers ep,
> - multiple registries , links are changed.
> </pvds>