[core] #222: RawPublicKey identifier
"core issue tracker" <trac+core@trac.tools.ietf.org> Fri, 20 April 2012 15:49 UTC
Return-Path: <trac+core@trac.tools.ietf.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAF9421F8726 for <core@ietfa.amsl.com>; Fri, 20 Apr 2012 08:49:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4R5rTgpFbTv9 for <core@ietfa.amsl.com>; Fri, 20 Apr 2012 08:49:41 -0700 (PDT)
Received: from gamay.tools.ietf.org (gamay.tools.ietf.org [208.66.40.242]) by ietfa.amsl.com (Postfix) with ESMTP id 2F9F821F8720 for <core@ietf.org>; Fri, 20 Apr 2012 08:49:40 -0700 (PDT)
Received: from localhost ([::1] helo=gamay.tools.ietf.org) by gamay.tools.ietf.org with esmtp (Exim 4.77) (envelope-from <trac+core@trac.tools.ietf.org>) id 1SLG5a-0002gM-Qp; Fri, 20 Apr 2012 11:49:38 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: core issue tracker <trac+core@trac.tools.ietf.org>
X-Trac-Version: 0.12.2
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.2, by Edgewall Software
To: zach@sensinode.com
X-Trac-Project: core
Date: Fri, 20 Apr 2012 15:49:38 -0000
X-URL: http://tools.ietf.org/core/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/core/trac/ticket/222
Message-ID: <057.f44297cd39b3b1ff3294035adc0e7f16@trac.tools.ietf.org>
X-Trac-Ticket-ID: 222
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: zach@sensinode.com, core@ietf.org
X-SA-Exim-Mail-From: trac+core@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on gamay.tools.ietf.org); SAEximRunCond expanded to false
Cc: core@ietf.org
Subject: [core] #222: RawPublicKey identifier
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Reply-To: trac+core@trac.tools.ietf.org
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2012 15:49:41 -0000
#222: RawPublicKey identifier During the IETF-83 CoRE meeting a slide was presented on how to close the RawPublicKey identifier issue in the draft. Out of the three options presented (just use the public key, define it in the CoAP draft, define it in some other draft), there was room consensus to define this in a separate draft. Ari Keränen took an action point to work on this draft with other security people, which has been completed and published here: http://tools.ietf.org/html/draft-farrell-decade-ni-03 This ticket proposes the following changes: 1. Remove Appendix D 2. Add the following text to Section 10.1.2 (contributed by Ari, thanks!): Provisioning in RawPublicKey Mode The RawPublicKey mode was designed to be easily provisioned in M2M deployments. It is assumed that each device has an appropriate asymmetric public key pair installed. An identifier is calculated from the public key as described in Section 2 of [draft-ni]. All implementations that support checking RawPublicKey identities MUST support at least the sha-256-120 mode (SHA-256 truncated to 120 bits). Implementations SHOULD support also longer length identifiers and MAY support shorter lengths. Note that the shorter lengths provide less security against attacks and their use is NOT RECOMMENDED. Depending on how identifiers are given to the system that verifies them, support for URI, binary, and/or human-readable format [draft-ni] needs to be implemented. All implementations SHOULD support the binary mode and implementations that have a user interface SHOULD also support the human-readable format. During provisioning, the identifier of each node is collected, for example by reading a barcode on the outside of the device or by obtaining a pre-compiled list of the identifiers. These identifiers are then installed in the corresponding end-point, for example an M2M data collection server. The identifier is used for two purposes, to associate the end-point with further device information and to perform access control. During provisioning, an access control list of identifiers the device may start DTLS sessions with SHOULD also be installed. -- ----------------------------------+-------------------- Reporter: zach@… | Owner: zach@… Type: protocol enhancement | Status: new Priority: minor | Milestone: Component: coap | Version: Severity: - | Keywords: ----------------------------------+-------------------- Ticket URL: <http://trac.tools.ietf.org/wg/core/trac/ticket/222> core <http://tools.ietf.org/core/>
- [core] #222: RawPublicKey identifier core issue tracker
- Re: [core] #222: RawPublicKey identifier core issue tracker
- Re: [core] #222: RawPublicKey identifier core issue tracker
- Re: [core] #222: RawPublicKey identifier Ari Keranen