IETF Logo Mail Archive

Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security

Behcet Sarikaya <behcetsarikaya@yahoo.com> Wed, 13 July 2011 15:26 UTC

Return-Path: <behcetsarikaya@yahoo.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1E3A11E811E for <core@ietfa.amsl.com>; Wed, 13 Jul 2011 08:26:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.769
X-Spam-Level:
X-Spam-Status: No, score=-1.769 tagged_above=-999 required=5 tests=[AWL=0.830, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKrTIolTH3jJ for <core@ietfa.amsl.com>; Wed, 13 Jul 2011 08:26:25 -0700 (PDT)
Received: from nm3.bullet.mail.sp2.yahoo.com (nm3.bullet.mail.sp2.yahoo.com [98.139.91.73]) by ietfa.amsl.com (Postfix) with SMTP id 7193411E8113 for <core@ietf.org>; Wed, 13 Jul 2011 08:26:23 -0700 (PDT)
Received: from [98.139.91.67] by nm3.bullet.mail.sp2.yahoo.com with NNFMP; 13 Jul 2011 15:26:23 -0000
Received: from [98.139.91.4] by tm7.bullet.mail.sp2.yahoo.com with NNFMP; 13 Jul 2011 15:26:23 -0000
Received: from [127.0.0.1] by omp1004.mail.sp2.yahoo.com with NNFMP; 13 Jul 2011 15:26:23 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 391428.3441.bm@omp1004.mail.sp2.yahoo.com
Received: (qmail 59397 invoked by uid 60001); 13 Jul 2011 15:26:22 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1310570782; bh=zSQ2fOuvVFHgGe3owSRb9V2PMZ9Fr0Sp4N464aZWuhU=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=hnADI5vNkikVCnnnPcdtptQOKBbKpj8+35OWs1n2m52dhJrT8ijQ0kMrJzJJ1cC2Gjz964dTUpW1RGtm2KV3OoRzWU7pJff6TKRRcSLBO1vc00r9al2BKBqzodpUsAcugsjvkpxovOj7MC+r9HmKxra0p7wgFURgQX3UHZsDLlo=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=01Vls5UEBLbP+RYZCYXNbk0vfRC7jPepwfPbeu6k761Ft1wLcExpjhm2qo704F2bYz+sd0RREvivgdI/438QKp/bGLmIRlamnJW4gVSuCLyIFSwcbROiB/Ihie+5p3xMv4NnubN3P1WbhyuOgvOJ8U7oOuoYiv1lzcYi6PfObfk=;
X-YMail-OSG: yquQ9qUVM1m4jsJBcA6xkWIIWsRmsesn0eqaQ8aq6.OSv2f SbVu1_lNdW5.N0ZFrPzmQUUgeAE7DzH2RW5AlcaAE2em01tcM4jhCmQVcgRe .cdGy7u.G755wtf9m8APqf_.8IyNlpyvszC.5e3KhFrsZXe42e_Qx0CFf136 TzL2IcZEu.u_4YG2ct0z0JCRvgoRZCmr8JBCV6OUnwIQDiYmOECxkFE0gk6r wfEXdd6iJfBrPjjRV3gVobPcW_m9sVyraRmAVX9QMKM.UZwfqNCmlXCCFJIx lAWlCTt_d4_Ter44aga_54n074xwRL9HSsoP7V8a6AzrABM2Q_WumFMBa7sp 4.hQ2wAP.8DI1aodpR468jpDvgFGKIBF08OPePg57BQDZ82OON4fqSoOEhb1 f6RNBrdQe448HC0I5viPjB0qFRgdmbV9xnMcXVvwJESVjKAiaMw.qxYz06eX tIW9sKYT4Zz7VpLLRoVTS.oRvYjH9xYR5DAOTzwHA57ntm15KNbsUp.f6D7g 4l7qk
Received: from [50.58.7.243] by web111404.mail.gq1.yahoo.com via HTTP; Wed, 13 Jul 2011 08:26:22 PDT
X-Mailer: YahooMailRC/572 YahooMailWebService/0.8.112.307740
References: <1310490517.84307.YahooMailRC@web111403.mail.gq1.yahoo.com> <96EBDFA8-7693-4A46-BA3A-6085A790B1DF@gmx.net> <1310498755.53153.YahooMailRC@web111406.mail.gq1.yahoo.com> <4E1CD50B.6090505@toshiba.co.jp> <DC1F5A33-19E1-4102-AD25-8E591E359DF5@gmx.net>
Message-ID: <1310570782.54303.YahooMailRC@web111404.mail.gq1.yahoo.com>
Date: Wed, 13 Jul 2011 08:26:22 -0700
From: Behcet Sarikaya <behcetsarikaya@yahoo.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
In-Reply-To: <DC1F5A33-19E1-4102-AD25-8E591E359DF5@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: core@ietf.org
Subject: Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Behcet Sarikaya <sarikaya@ieee.org>
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2011 15:26:30 -0000

> Hi Yoshi, 
> 
> it was a mistake to use the term "bootstrapping" in mobile  IPv6 context as 
>well. 
>
> There was no good reason to create a new term given  the existence of already 
>well-established terms. 
>
> 
> Time to change  that.


+1

Behcet

> 
> Ciao
> Hannes
> 
> On Jul 13, 2011, at 2:13 AM, Yoshihiro Ohba  wrote:
> 
> > Hi Hannes, Bahcet,
> > 
> > Please see my comments  below.
> > 
> > (2011/07/13 4:25), Behcet Sarikaya wrote:
> >> Hi  Hannes (Kelly and Rene who replied to me only),
> >> 
> >> 
> >> Let me clarify.
> >> 
> >> I checked the Wiki page,  it is about what I talked, i.e. bootstrapping your 
>PC.
> >> I am OK with  it.
> >> 
> >> In Core WG drafts, draft-ohba is about  "bootstrapping" CoAP applications,
> >> establishing a secure channel  between the CoAP client and CoAP server.
> >> 
> > 
> >  Yes.
> > 
> >> As such it assumes a secure IP communication which is  what we cover in
> >> draft-sarikaya.
> >> 
> >> I think  that establishing a secure channel between the CoAP client and 
CoAP
> >>  server should not be called bootstrapping.
> > 
> > For example, RFC  4640 discuss "bootstrapping MIPv6", and in its abstract:
> > 
> > "A  mobile node needs at least the following information: a home
> > address, a  home agent address, and a security association with home
> > agent to  register with the home agent.  The process of obtaining this
> >  information is called bootstrapping."
> > 
> > This means that  bootstrapping MIPv6 security is part of bootstrapping
> > MIPv6.
> > 
> > Following the same logic, I think bootstrapping CoAP security can  be
> > considered as part of bootstrapping CoAP application.
> > 
> >> 
> >> OTOH, draft-garcia is totally chaotic about  "bootstrapping". In Section 3 
>it
> >> talks about  trust  bootstrapping between nodes of
> >>    different vendors. Then  it talks about bootstrapping phase/procedures.
> >> Later on they mention  the bootstrapping of security keys.
> >> 
> >> Section 5.2  Bootstrapping of a Security Domain
> >> In Section 5.2.2 it tries to give  a definition to bootstrapping.
> >> 
> >> My suggestions  are:
> >> 
> >> for draft-ohba: please do not use bootstrapping,  otherwise your draft is 
>clear
> >> enough.
> > 
> > Since the  term bootstrapping is already used for MIPv6 case, I think
> > it can still  use the term, but I agree that the draft should say
> > bootstrapping CoAP  security instead of bootstrapping CoAP application.
> > 
> >  Regards,
> > Yoshihiro Ohba
> > 
> > 
> > 
> >> 
> >> for draft-garcia: This draft talks about so many things. In most  places, 
>what it
> >> refers to as bootstrapping and the description match  what is covered in 
the
> >> original document which is draft-sarikaya. I  suggest removing all those 
>sections
> >> about bootstrapping because they  are mostly repeating what we already had. 
>Stay
> >> with whatever remains  and see if it is worth to have such a document.
> >> 
> >>  Regards,
> >> 
> >> Behcet
> >> 
> >> 
> >> 
> >>> Hi Behcet,
> >>> 
> >>> I agree with you  that the term "bootstrapping" is not very  helpful.
> >>> 
> >>> There are three cases:
> >>> 
> >>> a) Key  Distribution and Key  Derivation
> >>> 
> >>> Here an  existing keying material is used to derive other  keying material 
>or  to
> >>> use securely distribute keying material.
> >>> 
> >>> draft-ohba-core-eap-based-bootstrapping and
> >>> 
> >>> b) Bootstrapping (in  terms of operating systems  procedures)
> >>> 
> >>> See description in   
>http://en.wikipedia.org/wiki/Bootstrapping_%28computing%29
> >>> 
> >>> draft-garcia-core-security  seems to refer to this aspect,  I believe.
> >>> 
> >>> c) Establishing initial  keying  material in a leap of faith style.
> >>> 
> >>> Example:  Bluetooth pairing  protocol
> >>>  http://tools.ietf.org/html/draft-pritikin-ttimodel-01 also discusses   
>these
> >>> aspects.
> >>> 
> >>> Here the terms  used are imprinting, pairing, enrollment, and  introduction  
>are
> >>> used to describe
> >>> 
> >>> 
> >>> Ciao
> >>> Hannes
> >>> 
> >>> On  Jul 12, 2011,  at 8:08 PM, Behcet Sarikaya wrote:
> >>> 
> >>>> Hi all,
> >>>>  It seems  that the  word bootstrapping has been used and overused in so 
>many
> >> 
> >>>>  drafts (including  draft-ohba-core-eap-based-bootstrapping and
> >>>>   draft-garcia-core-security) and I suggest that we clarify  this.
> >>>> 
> >>>>  Colin had a draft  on
> >>>> Initial Configuration of Resource-Constrained   Devices
> >>>> called draft-oflynn-6lowapp-bootstrapping submitted  on Jan. 2010  in 
>which he
> >>> 
> >>>> defined  bootstrapping ashow to initially     configure the  network.
> >>>> 
> >>>> Later on we continued this  work on where  Colin left
> >>>>  indraft-sarikaya-core-sbootstrapping.
> >>>> 
> >>>>  I  think that the definition Colin gave to bootstrapping is the right 
>one.  It
> >>> 
> >>>> matches with the historical use of  bootstrapping in computers: you  
>bootstrap
> >>> 
> >>>> your computer to initially configure it by a physical  action  (pressing 
a
> >>> button)
> >>> 
> >>>> which loads a small record to the memory which when   executed bootstraps
> >>> (brings
> >>> 
> >>>>  the whole OS to the memory) the  system.
> >>>> 
> >>>> Regards,
> >>>> 
> >>>>  Behcet
> >>>>   _______________________________________________
> >>>> core  mailing  list
> >>>> core@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/core
> >>> 
> >>> 
> >> _______________________________________________
> >> core  mailing list
> >> core@ietf.org
> >> https://www.ietf.org/mailman/listinfo/core
> >> 
> > 
> >  _______________________________________________
> > core mailing  list
> > core@ietf.org
> > https://www.ietf.org/mailman/listinfo/core
> 
> _______________________________________________
> core  mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core
>

v2.23.0 | Report a Bug | By Email